Changes

To perform this test you will: * Use a debug version of Firefox that has been modified to allow for EV testing* Set an environment variable that is effective when you execute Firefox* Import your own CA root certificate into the Firefox browser* Find a directory on your system that contains the Firefox browser's configuration files * Prepare a special configuration file that instructs the browser to treat your certificates as EV verified* Prepare a test server that uses a matching certificate and sends all required intermediate certificates* Make sure that your OCSP server is configured correctly, in particular, the signing certificate used by your OCSP server is conforming to specifications* Test the above until you get a successful test result = Details = == Download Debug Version of Firefox== To download a debug version of the ESR 24 version of Firefox# Browse to ftp://ftp.mozilla.org/pub/firefox/tinderbox-builds/# Scroll down to mozilla-esr24-<platform>-debug and select the folder that matches the platform you are working on. Make sure you select a esr24 folder whose name ends in "debug".# Select a build in the list.# Download by selecting the .tar.bz2, .dmg, or .exe file, depending on which platform you are using.#* [https://support.mozilla.org/en-US/kb/install-firefox-linux Linux Platform] - use the .tar.bz2 file.#* [https://support.mozilla.org/en-US/kb/install-firefox-mac Mac Platform] - use the .dmg file.#* [https://support.mozilla.org/en-US/kb/install-firefox-windows Windows Platform] - use the installer.exe file.# After downloading, extract and run this debug browser, which will be called FirefoxNightlyDebug. == Set Environment variable ==You must set the following environment variable, and make sure it is effective when the browser software runs:  ENABLE_TEST_EV_ROOTS_FILE=1 == Import your root CA ==Use the Certificate Manager to make sure that your root certificate is imported into the browser, and has the websites trust bit enabled.* https://wiki.mozilla.org/CA:UserCertDB#Importing_a_Root_Certificate '''Note:''' This step is required if your root certificate was included in NSS after ESR 24 was released, or if your root certificate hasn't yet been added to NSS. == Find Profile / Configuration directory ==Use public Internet resources to learn about the location of Firefox configuration files on your test computer.(e.g. on a GNU/Linux system this might be in /home/$USER/.mozilla/firefox/*default, on Mac OS X ~/Library/Application Support/Firefox/Profiles/*.default)The directory contains files named bookmarks.html and prefs.js, this information might help you in locating the correct directory. * [http://support.mozilla.org/en-US/kb/profiles-where-firefox-stores-user-data Profiles - Where Firefox stores your bookmarks, passwords and other user data] Note: on Mac OS X Mountain Lion the Library folder is hidden. To find it, go into Finder, click on the "Go" pull-down menu while holding the Option key and select "Library." From Terminal the following command will make the hidden Library folder visible: chflags nohidden ~/Library. To hide the Library folder again type the following command: chflags hidden ~/Library == Enable your root for EV ==Inside the directory you have identified in the previous step, create a new ASCII text file, with filename '''test_ev_roots.txt''' Technical information about this file can be found here: [[PSM:EV_Testing]]. Create the appropriate lines that will enable your root certificate for EV. The tricky part is producing an ASCII-encoded representation of the DER encoding of your certificate issuer name and its serial number. If you need help with this step, request assistance in the Bugzilla bug containing your EV-enablement request. == Test =='''After''' the above steps are completed, open the FirefoxNightlyDebug browser, and browse to the web page of your test server.If you have done everything correctly, and your OCSP infrastructure meets the expectations, you will see the EV treatment. '''Important:''' If you modify the test_ev_roots.txt file you must quit the FirefoxNightlyDebug browser and re-start it. Otherwise it will not pick up your changes. If you have requested EV treatment in a Bugzilla bug, then attach a screen shot to the bug that shows the EV treatment for your web page in the FirefoxNightlyDebug browser. === Not Getting EV TreatmentFailure? ===

* OCSP must work without error for the intermediate certificates. A failed OCSP response will result in EV treatment not being given. For more information see: https://wiki.mozilla.org/CA:EV_Revocation_Checking#Requirements* All of the characters have to be capitalized in the SHA1 Fingerprint in the test_ev_roots.txt file.* The EV Policy OID in the end-entity and intermediate certificates must match the 2_readable_oid field in the test_ev_roots.txt fileEV Policy OID that you enter. (Note: the intermediate cert can use the anyPolicy oid rather than the EV policy oid.)* General tips** Make sure you are using the [[PSM:EV_Testing_Easy_Version#Download_Debug_Version_of_Firefox | FirefoxNightlyDebug browser.]]** Make sure the [[PSM:EV_Testing_Easy_Version#Set_Environment_variable | ENABLE_TEST_EV_ROOTS_FILE environment variable is correctly set.]]** Make sure your [[PSM:EV_Testing_Easy_Version#Enable_your_root_for_EV | test_ev_roots.txt file is correct and matches the information in your cert chain.]]