Confirmed users, Administrators
5,526
edits
PSM:EV Testing Easy Version: Difference between revisions
Jump to navigation
Jump to search
PSM:EV Testing Easy Version (view source)
Revision as of 21:53, 14 September 2023
, 14 September 2023updated to match the new tool
m (updated to match the new tool) |
(updated to match the new tool) |
||
| Line 30: | Line 30: | ||
The purpose of this test is to make sure you have set up EV according to the [https://www.cabforum.org/documents.html EV Guidelines], so make sure you have not taken short-cuts like issuing the test cert directly from the root. | The purpose of this test is to make sure you have set up EV according to the [https://www.cabforum.org/documents.html EV Guidelines], so make sure you have not taken short-cuts like issuing the test cert directly from the root. | ||
* If you get ''Error: Could not initiate scan | * If you get ''Error: Could not initiate scan'', then wait for 3 minutes before trying again. | ||
* If you get '' | * If you get ''SEC_ERROR_BAD_DATA'', then the program does not like the format of the data you entered. For instance, if you have extra spaces or characters before or after the TLS Server URL, EV Policy OID, or in the Root Certificate PEM. | ||
* The EV test only uses the root certificate it is given. So, if you are using an intermediate certificate that has been cross-signed with another root certificate, you may see different results when browsing to the site in Firefox, as opposed to the results provided by the EV Test. | * The EV test only uses the root certificate it is given. So, if you are using an intermediate certificate that has been cross-signed with another root certificate, you may see different results when browsing to the site in Firefox, as opposed to the results provided by the EV Test. | ||
* OCSP must work without error for the intermediate certificates. | * OCSP must work without error for the intermediate certificates. | ||
* The EV Policy OID in the end-entity and intermediate certificates must match the EV Policy OID. | * The EV Policy OID in the end-entity and intermediate certificates must match the EV Policy OID. | ||
** SEC_ERROR_POLICY_VALIDATION_FAILED error may mean that the intermediate certificate being sent by the server doesn't have a certificate policies extension | ** SEC_ERROR_POLICY_VALIDATION_FAILED error may mean that the intermediate certificate being sent by the server doesn't have a certificate policies extension | ||
* If the test website cannot be reached by the server hosting the tool, check to see if you have a firewall preventing access | ** SEC_ERROR_EXTENSION_NOT_FOUND may mean that the certificate being sent by the server doesn't contain the specified policy OID. | ||
* If the test website cannot be reached by the server hosting the tool, check to see if you have a firewall preventing access. | |||
* Still failing? Try testing with https://certificate.revocationcheck.com/ because frequently resolving the errors listed on that page will resolve problems with EV testing. | * Still failing? Try testing with https://certificate.revocationcheck.com/ because frequently resolving the errors listed on that page will resolve problems with EV testing. | ||