Thursday, November 5, 2015

EV certificate and how do we know if one is installed

EV ( extended validation ) certificate are all SSL/TLS web-based certificate that are issued by a CA that does "extended validation " of the requester.

What this means to me and you?

The requester is vetted to ensure that they are who they are and has a higher degree of criteria  to meet to ensure they are in the business that claim to present. This helps ensure fraud & phishing attacks are reduced.

To acquire a EV cert take slightly more time, since the signing CA has a few additional steps, checks and requests to under take. It can take anywhere from  3-10 days to acquire these types of certificates.

If your bored,  the CAforum has a EV guideline that you can search & read for the latest revisions and requirement. This breaks down the guideline that the CAs must execute and what's involved in the process.

Who uses EV certificates? 

Most banks, online markets , any sites  where electronic  commerce & the potential for crime or fraud are higher.

Here's a few website that demo in firefox that are  protected by a EV certs ( notice the green bar   ?? )

So the sites that have the greenbar are protected by a EV certificate and the end browser makes a visual clue to you that the site has been validate.

So what browsers support this this level of check? Most modern browsers from Firefox / Chrome and IE10, Opera.

You can use  openssl to view certificate and match the oid for the x509 extensions for EV. In this example here's the a EV certificate for USAA-BANK which also happens to be a multiple Subject Alternate Name certificate is being displayed.

OID check website

A if you haven't figure it out, a EV type of certificate cost slightly more.

Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^
=(  @  @ )=
        /  \

No comments:

Post a Comment