Confirm, administrator
5,526
edits
Changes
m
updated for new tool
* The EV Policy OID in the end-entity and intermediate certificates must match the EV Policy OID that you enter. (Note: the intermediate cert can use the anyPolicy oid rather than the EV policy oid.)
** SEC_ERROR_POLICY_VALIDATION_FAILED error may mean that the intermediate certificate being sent by the server doesn't have a certificate policies extension, or has an incorrect policy OID.
* If the test website cannot be reached by the server hosting the tool, check to see if you have a firewall preventing access from Amazon EC2 instances. If you are unable to create a test website that can be reached by the server hosting the tool, then you can download a copy of the [https://github.com/mozkeelermozilla/evtls-checker observatory source code] for the tool, compile it, and run it on your own server. ** If you are unable to provide a test website that can be reached by the server hosting the tool, then please also attach the text output from the test to the bug (in addition to the screen shot showing successful completion of the test).
* Still failing? Try testing with https://certificate.revocationcheck.com/ because frequently resolving the errors listed on that page will resolve problems with EV testing.
