Confirmed users, Administrators
5,526
edits
CA/EV Processing for CAs: Difference between revisions
Jump to navigation
Jump to search
m
Updated per Bug #1769150 which causes each EV OID in the end-entity cert to be checked until a valid path is found
m (Updated per Bug #1769150 which causes each EV OID in the end-entity cert to be checked until a valid path is found) |
m (Updated per Bug #1769150 which causes each EV OID in the end-entity cert to be checked until a valid path is found) |
||
| Line 22: | Line 22: | ||
=== Policy Constraints === | === Policy Constraints === | ||
Any Intermediate certificates in the chain must assert a policy that includes | Any Intermediate certificates in the chain must assert a policy that includes a recognized EV policy OID found in the end-entity certificate. This means that one of the following must be true for each intermediate CA certificate in the chain: | ||
* The certificatePolicies extensions includes the anyPolicy OID (2.5.29.32.0) (Note that if the inhibitAnyPolicy extension is present, Firefox will reject the anyPolicy OID regardless of the value set for inhibitAnyPolicy) | * The certificatePolicies extensions includes the anyPolicy OID (2.5.29.32.0) (Note that if the inhibitAnyPolicy extension is present, Firefox will reject the anyPolicy OID regardless of the value set for inhibitAnyPolicy) | ||
* The certificatePolicies extension includes the same “recognized” policy OID as Firefox chose from the end-entity certificate (either a CA-specific OID or the CAB Forum OID) | * The certificatePolicies extension includes the same “recognized” policy OID as Firefox chose from the end-entity certificate (either a CA-specific OID or the CAB Forum OID) | ||