Confirm, administrator
5,526
edits
Changes
instructions for new ev tool
= EV-Readiness Check =
To test your CA hierarchy to see if it is ready to request EV treatment:
# Browse to https://certtls-checkerobservatory.services.allizommozilla.orgcom/static/ev-checker.html# Enter the URL to the test website for the EV certificate([https://github.com/mozilla/tls-observatory/issues/179 do not include the https:// in front of the URL])# Upload the PEM file for the root certificate (ending of file may be * Example: observatory.pem or mozilla.cert)org
# Enter the EV Policy OID
# Enter text description of the EV policy OID, e* Example: 2.23.140.1.g2. "CA Name EV OID"2#* If Enter the EV Policy OID matches one of PEM file for the CA's EV Policy OIDs that is already in root certificate#* Begin with: -----BEGIN CERTIFICATE-----#* End with: -----END CERTIFICATE-----#* [https://dxr.mozillacrt.org/mozilla-central/source/security/certverifiersh/ExtendedValidation.cpp ExtendedValidation.cpp?d=853428 Example PEM Data] then the text in the Description field should match the existing text description of the EV policy OID in #* [https://dxr.people-mozilla.org/mozilla-central/source/security~dkeeler/certverifiercertsplainer/ExtendedValidation.cpp ExtendedValidation.cppHelp with getting PEM].# Click on "Run CheckerSubmit"
== Success ==
A successful output will have the following form, as documented in [httpsresult says://dxr.mozilla.org/mozilla-central/source/security/certverifier/ExtendedValidation.cpp ExtendedValidation.cpp] {| |-! !! !! |-| || // CN=<CN of root cert>,OU=<OU of root cert>,O=<O of root cert>C=<C of root cert> || |-| || "1.3.6.1.4.1.13769.9.1", || //EV Policy OID|ev-| || "CA Name EV OID", || //From Description field|-| || SEC_OID_UNKNOWN, || |-| || { 0x2D, 0x94, 0x52, 0x70, 0xAA, 0x92, 0x13, 0x0B, 0x1F, 0xB1, 0x24, || //SHA-256 fingerprint|-| || 0x0B, 0x24, 0xB1, 0xEE, 0x4E, 0xFB, 0x7C, 0x43, 0x45, 0x45, 0x7F, || |-| || 0x97, 0x6C, 0x90, 0xBF, 0xD4, 0x8A, 0x04, 0x79, 0xE4, 0x68 }, || |-| || "MIGnMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWlu"|| //Issuer DER Base64|-| || "IFZpZXcxIzAhBgNVBAoMGk1vemlsbGEgLSBFViBkZWJ1ZyB0ZXN0IENBMR0wGwYD" || |-| || "VGVzdGluZyAodW50cnVzdHdvcnRoeSkgQ0E=",|| |-| || "At+3zdo=", || //Serial DER Base64|-| || checker exited successfully: Success! || |-|} If you have requested EV treatment in a Bugzilla bug, then attach a text file to the bug that contains this successful output."
== Test Failure? ==
