Hello.
Many public CAs suggest Extended Validation for certificates of web servers. These certificates cost much more expensive
but in browser we can only see green address bar instead of yellow or blank.
I thought what is the difference between green and yellow address bars in browser for certificate's fields. Maybe there
are some special extensions that can be added by CA during signing of certificate request. I had a talk with a
specialist of technical support of Thawte and he said that "There is no difference in what an Extended Validation
certificate technically from all of our other certificates. It is the cosmetics that they do on a browser. For an
example, the SSL Web Server certificate would have the same properties, extensions, etc, that our Extended Validation
certificates have. The only difference is that the EV certificates display the web browsers URL address bar green when a
successful secured connection has been made". He also refused to answer how browser determines what bar to display -
green or yellow?
So, I think maybe there is a arrangement of CA's companies(Verisign,Thawte and others) with browser's
companies(Microsoft, Opera, Mozilla) that a special root certificate is use for Extended Validation. Therefore, any web
server's certificate which is signed at the top with this special root cert is treated as cert with Extended Validation
and a green bar is displayed.
Who has another point of view?
Regards,
Vladimir.
[sorry, my english isn't good :)]
This is my talk with Thawte technical support:
You have been connected to Macario .
Macario : Good day, how may I help you today?
Vladimir Belov: Hello
Vladimir Belov: What is the difference between green and yellow address bars in browser. What fields in certificate
determine what bar will be - green or yellow?
Macario : Green address bar is when an Extended Validation certificate is installed as that is the highest level
security certificate we offer.
Vladimir Belov: What is the " Extended Validation"? What fields of certificate
it sets?
Macario : It is an extended process that we go through to validate the
certificate information before it is approved.
Macario : One of the main features of this certificate is having the address
bar green.
Macario : If you see a yellow address bar, it is most likely due to having an
old version of your browser installed.
Vladimir Belov: I need technical info, more in detail please
Vladimir Belov: What fields of certificate it sets?
Vladimir Belov: Can you switch me to a technical specialist? For example, Duke.
Macario : Sure, let me get you over to our technical support group for further
assistance.
Macario has left the session.
Please wait while we find an agent from the transfer TechSupport Thawte
department to assist you.
You have been connected to Clifford.
Clifford: Please hold as I review your information, thank you.
Vladimir Belov: Ok. I am waiting.
Clifford: You have reached Technical Support. What specific technical
information are you looking for please?
Vladimir Belov: What is the " Extended Validation"? What fields of certificate
it sets?
Clifford: Please be more technically specific as to what you mean "fields of
certificate" it sets
Clifford: What fields are you referring to?
Vladimir Belov: What fields of x509 certificate it sets?
Clifford: Unfortunately that does not make sense. X.509 is a base64 format of
any digital certificate, not just SSL.
Clifford: What fields are you looking for?
Clifford: There is no specific term called "fields" on a certificate. Please describe technically what you are looking
for
Vladimir Belov: What will be the difference in fields of x509-certificate "SSL Web Server Certificates with EV" and for
example "SSL123 Certificates"? "Fields" such as special extensions. Basic fields of x509-certificate are Subject,
Isuuer, NotBefore, NotAfter and so on
Vladimir Belov: Other fields are exyensions such as basicConstraints, keyUsage
Vladimir Belov: Other fields are extensions such as "basicConstraints",
"keyUsage"
Clifford: There is no difference in what an Extended Validation certificate technically from all of our other
certificates. It is the cosmetics that they do on a browser. For an example, the SSL Web Server certificate would have
the same properties, extensions, etc, that our Extended Validation certificates have. The only difference is that the EV
certificates display the web browsers URL address bar green when a successful secured connection has been made.
Vladimir Belov: How browser determines what bar green or yellow to display?
Vladimir Belov: If you say that "the SSL Web Server certificate would have the same properties, extensions, etc, that
our Extended Validation certificates "
Clifford: Unfortunately that is information that we cannot disclose.
Vladimir Belov: Why? :)
Vladimir Belov: Is this so secret?
Clifford: That is correct.
Clifford: Are there any other questions I can answer for you at this time?
Vladimir Belov: How browser determines what bar green or yellow to display? :)
Clifford: Do you have any other questions at this time as we cannot disclose
this information.
Vladimir Belov: Ok. No.
Clifford: If there is nothing further, thank you for choosing Thawte and have a
great day.
Thank you for using thawte Live Chat. You may now close this window.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
