Confirmed users
377
edits
CA/EV Processing for CAs: Difference between revisions
→EV TLS Capable: clarification on CA-specific EV OIDs
(→EV TLS Capable: removed references to CA-designated EV CP OIDs) |
(→EV TLS Capable: clarification on CA-specific EV OIDs) |
||
| Line 5: | Line 5: | ||
* is not revoked and not expired | * is not revoked and not expired | ||
* does not have an Extended Key Usage (EKU) extension or does have an EKU extension containing KeyPurposeIds: anyExtendedKeyUsage or id-kp-serverAuth | * does not have an Extended Key Usage (EKU) extension or does have an EKU extension containing KeyPurposeIds: anyExtendedKeyUsage or id-kp-serverAuth | ||
* has the CA/Browser Forum Certificate Policy Object Identifier (OID) of 2.23.140.1.1 (CABF EV OID). | * has the CA/Browser Forum Certificate Policy Object Identifier (OID) of 2.23.140.1.1 (CABF EV OID) or a CA-specific EV Policy OID (see explanation below). | ||
= Firefox EV Processing Logic = | = Firefox EV Processing Logic = | ||