PSM:EV Testing Easy Version: Difference between revisions

Line 6: Line 6:


= EV-Readiness Check =
= EV-Readiness Check =
To test your CA hierarchy to see if it is ready for EV treatment:
To test your CA hierarchy to see if it is ready to request EV treatment:
 
# [https://support.mozilla.org/en-US/kb/profile-manager-create-and-remove-firefox-profiles#w_creating-a-profile Create a new Firefox profile]
# Open Firefox with your new profile
# Browse to http://cert-checker.allizom.org/  
# Browse to http://cert-checker.allizom.org/  
# Enter the URL to the test website for the EV certificate
# Enter the URL to the test website for the EV certificate
# Enter the PEM file for the root certificate (ending of file may be .pem or .cert)
# Enter the PEM file for the root certificate (ending of file may be .pem or .cert)
# Enter the EV Policy OID
# Enter the EV Policy OID
# The Description field is optional
# The Description, e.g. "CA Name EV OID"
# Click on Run Checker
# Click on "Run Checker"


A successful output will have the following form, as documented in [https://mxr.mozilla.org/mozilla-central/source/security/certverifier/ExtendedValidation.cpp ExtendedValidation.cpp]
A successful output will have the following form, as documented in [https://mxr.mozilla.org/mozilla-central/source/security/certverifier/ExtendedValidation.cpp ExtendedValidation.cpp]
*


{|
|-
!    !!    !! 
|-
|  || // CN=<CN of root cert>,OU=<OU of root cert>,O=<O of root cert>C=<C of root cert> ||
|-
|  || "1.3.6.1.4.1.13769.9.1", || //EV Policy OID
|-
|  || "CA Name EV OID", || //From Description field
|-
|  || SEC_OID_UNKNOWN, ||
|-
|  || { 0x2D, 0x94, 0x52, 0x70, 0xAA, 0x92, 0x13, 0x0B, 0x1F, 0xB1, 0x24, || //SHA-256 fingerprint
|-
|  || 0x0B, 0x24, 0xB1, 0xEE, 0x4E, 0xFB, 0x7C, 0x43, 0x45, 0x45, 0x7F, ||
|-
|  || 0x97, 0x6C, 0x90, 0xBF, 0xD4, 0x8A, 0x04, 0x79, 0xE4, 0x68 }, ||
|-
|  || "MIGnMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWlu"|| //Issuer DER Base64
|-
|  || "IFZpZXcxIzAhBgNVBAoMGk1vemlsbGEgLSBFViBkZWJ1ZyB0ZXN0IENBMR0wGwYD" ||
|-
|  ||  "VGVzdGluZyAodW50cnVzdHdvcnRoeSkgQ0E=",||
|-
|  || "At+3zdo=", || //Serial DER Base64
|-
|  || Success! ||
|-
|}


= OLD -- Overview =
= OLD -- Overview =
Confirmed users, Administrators
5,526

edits