Confirm, administrator
5,526
edits
Changes
updated to match the new tool
The purpose of this test is to make sure you have set up EV according to the [https://www.cabforum.org/documents.html EV Guidelines], so make sure you have not taken short-cuts like issuing the test cert directly from the root.
* If you get ''Error: Could not initiate scan: Server error. Status: 429 Too Many Requests'', then wait for 3 minutes before trying again. TLS Observatory allows one scan per target every 3 minutes, so you will get this error if you test multiple times too quickly.* If you get ''Error: TypeError: json.analysis is undefinedSEC_ERROR_BAD_DATA'', then the program does not like the format of the data you entered. For instance, if you have extra spaces or characters before or after the TLS Server URL, EV Policy OID, or in the Root Certificate PEM.
* The EV test only uses the root certificate it is given. So, if you are using an intermediate certificate that has been cross-signed with another root certificate, you may see different results when browsing to the site in Firefox, as opposed to the results provided by the EV Test.
* OCSP must work without error for the intermediate certificates.
* The EV Policy OID in the end-entity and intermediate certificates must match the EV Policy OID.
** SEC_ERROR_POLICY_VALIDATION_FAILED error may mean that the intermediate certificate being sent by the server doesn't have a certificate policies extension, or has an incorrect ** SEC_ERROR_EXTENSION_NOT_FOUND may mean that the certificate being sent by the server doesn't contain the specified policy OID.* If the test website cannot be reached by the server hosting the tool, check to see if you have a firewall preventing access. If you are unable to create a test website that can be reached by the server hosting the tool, then you can download a copy of the [https://github.com/mozilla/tls-observatory source code] for the tool, compile it, and run it on your own server.
* Still failing? Try testing with https://certificate.revocationcheck.com/ because frequently resolving the errors listed on that page will resolve problems with EV testing.
