EV SSL Certs

• Previous message (by thread): EV SSL Certs
• Next message (by thread): EV SSL Certs
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Sep 12, 2011 at 7:08 AM, Coy Hile <coy.hile at coyhile.com> wrote:
> As an academic aside, exactly what would one set on his (internal)
> root CA so that internally-trusted certs signed by that CA would show
> up as EV certs?

This is not possible without changing browser source code and recompiling
(or debugging/editing the browser binary).
The IDs of certificates that are allowed to sign EVSSL CAs are
hard-wired in the browser.
In some browsers, this also means it's impossible for an end user to
"untrust"  or  remove
an EVSSL CA.

It also means you cannot as a site adminsitrator, make an
administrative decision to internally
add an internal EVSSL CA,  without customizing every browser.

If you ask me...  it's shoddy software design.   EVSSL CAs should be
configurable,
but none of the major browsers provide the knobs to  manually add or
remove EVSSL
access to/from a trusted CA.

--
-JH

• Previous message (by thread): EV SSL Certs
• Next message (by thread): EV SSL Certs
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]