Self-create EV SSL certificate with open SSL?

K

Keffer2018-07-12 13:55:57

OpenSSL

Keffer, 2018-07-12 13:55:57

How to correctly generate a root certificate (rootCA) in openSSL and use it to issue so-called EV certificates, self-signed, so that when you enter the internal corporate website in the browser there is a green line with the name of the company? Everything will be used within its own domain, of course. Here ( https://toster.ru/q/241292) they write that "The EV certificate differs from the usual one only in that some additional fields are filled in." I would like to know which ones? How in open ssl it is correct to generate this business?

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

C

CityCat4, 2018-07-13
@Keffer

Take a lot of existing EV certificates and analyze them by looking at what fields they have. But why are they talking about browsers here - yes, because a browser can be stupidly set with a restriction like "EV can only be published by CA such and such and such, all the rest are not EV"

K

ky0, 2018-07-12
@ky0

Browsers will have to be recompiled. Do you need it?

S

SagePtr, 2018-07-12
@SagePtr

Root certificates that allow you to sign EV certificates are built into the browser, so even if the conditional Fuhrer gives an order to all citizens of the country, under the threat of executions, put the Kremlin's root certificates and replace all traffic by signing with these certificates, then browsers will not fully trust them. Unless, of course, everyone is legally transferred to the conditional Amigo.