Confirmed users, Administrators
5,526
edits
CA/EV Processing for CAs: Difference between revisions
Jump to navigation
Jump to search
Updated per Bug #1769150 which causes each EV OID in the end-entity cert to be checked until a valid path is found
m (Protected "CA/EV Processing for CAs" ([Edit=Allow confirmed users only] (indefinite) [Move=Allow confirmed users only] (indefinite))) |
(Updated per Bug #1769150 which causes each EV OID in the end-entity cert to be checked until a valid path is found) |
||
| Line 12: | Line 12: | ||
=== First OID === | === First OID === | ||
Firefox “recognizes” a set EV policy OIDs associated with some root certificates from some CAs in the Mozilla Root CA Program, plus the CAB Forum EV OID (2.23.140.1.1). | |||
As of Firefox version 103 and later, Firefox will try to build a path with each recognized EV OID in the end-entity certificate until it finds one that works. (This change was implemented via [https://bugzilla.mozilla.org/show_bug.cgi?id=1769150 Bugzilla #1769150]) | |||
In older Firefox versions (102 or earlier), Firefox was sensitive to the position of OIDs in the certificatePolicies extension of the end-entity certificate. Firefox would only attempt to build a trusted path using the first recognized EV policy OID found in the certificatePolicies extension of the end-entity certificate. Later OIDs, even if recognized by Firefox, were ignored. Thus, if path building does not succeed using that first EV OID, the certificate would not be considered EV. | |||
=== CA-Specific OIDs === | === CA-Specific OIDs === | ||