Create Your Own EV Certificate??

Most web browsers support the extended validation certificates. These certificates give a visual indication (green browserbar for example) that the SSL connection is trustworthy. The only problem is that they are expensive. Especially compared with the 'ordinary' SSL certificates.

These certificates are special because the Certificate Authority (e.g. VeriSign) validated the company who buys these certificates. This way, the end user can shop / bank / or whatever online without worrying too much.

Some affiliates / certificate vendors already did this years ago (validating the actual companies), so this is nothing new. Yet another way to fool the consumers, and make some extra money.....

The problem I run into is that I used to have a 'yellow-ish' addressbar when I entered an https website. Today (at least with FireFox 3) the address bar remains blank. The only indication is a tiny lock displayed at the bottom of the browser. Something you might (and definitely will) overlook.

I use a home made Certificate Authority to create my own certificates (for webmail, secure IMAP, SSL, etc.), but I would like to see a proper visual indication of the SSL connection. So, is there a way to create an EV-like certificate (or even a new CA) by using Microsoft Certificate Services or by using OpenSSL which displayes the colored addressbar?

I did find some info on the EV requirements, but these should be 'spoofable' some way or another.....

UPDATE: I found a website which suggests reconfiguring Firefox 3. Problem with that is that I need to reconfigure all my browsers. I'd rather do it by 'faking' the specs.

It seems that the OCSP-responder is mandatory for the bars to turn green....

Posted on August 15, 2008 by Willem and filed under Browsers, Security.