7

I configured XAMPP / Windows on my laptop so that this URL:

https://www.supersite.com/

points to XAMPP / localhost rather look elsewhere.

I basically generated a self-signing certificate, imported it into Windows and changed Windows hosts file.

It works just fine in Chrome, but it's only a "normal" SSL certificate, I'd like to generate a self-signed EV certificate (looks better / more pro., I need to present this to my customers soon)

Is this possible? If so, how?

TheDude
  • 183
  • 1
  • 1
  • 5
  • 1
    [roll your own EV in Firefox](http://blog.sidstamm.com/2009/04/roll-your-own-ev.html) –  Mar 29 '15 at 16:45

3 Answers3

6

I would apologize first for my poor English, and some of my explanation may be a bit confusing XD

EV means Extended Validation, which must be validated by a trusted CA.

However, you are talking about self-signed certificates, I only assume that you just want to active the green address bar in the browser's UI.

It is possible to self-sign a EV certificate which can activate the green address bar in Edge and Internet Explorer, but not possible in FireFox or Chrome.

As https://stackoverflow.com/a/36780644/10151783 says, there are some requirements for a EV certificate:

  1. That the certificate has a Policy Identifier that is known to be an EV policy.
  2. The certificate's root's thumbprint matches a pinned policy identifier.
  3. The certificate must pass online revocation checking.
  4. If the certificate's notBefore (issuance date) is after 1/1/2015, the certificate must support Certificate Transparency.
  5. The certificate must be issued by a trusted root.
  6. That all chains are valid if there are multiple trust paths.

I will devide these requirements into requirements for Leaf Certificate, Intermediate Certificate, Root Certificate and PKI Infrastructure.

  • Requirements for PKI Infrastructure
    1. Either OCSP or CRL Responder is available, in order for browers to check revocation status.
    2. Self define a OID for EV certificates (it can be any OID, any randomly generated one is ok, but you need to remember this EV-OID)
  • Requirements for Root Certificate
    1. The Basic Contraints Extention must be CA
  • Requirements for Intermediate Certificate
    1. The Basic Contraints Extention must be CA
    2. Either OCSP or CRL URL is set in the extension, in order for browers to check revocation status.
    3. The Extended Key Usage Extension must contain ServerAuth
  • Requirements for Leaf Certificate
    1. The Basic Contraints Extention must be End Entity
    2. Either OCSP or CRL URL is set in the extension, in order for browers to check revocation status.
    3. The Extended Key Usage Extension must contain ServerAuth
    4. The Certificate Policy Extension must have OID 2.23.140.1.1 and the self-defined EV-OID
    5. The Subject Distinguished Name (X509Name) must contain CN, O, L, ST, C, SerialNumber, jurisdictionStateOrProvinceName, jurisdictionCountryName
    6. It must not be a wildcard certificate
    7. It must contain SubjectAltNames Extension, and embed the domain name (FQDN) into this Extension.

And the last thing to do is to add your Root Certificate in to the Trusted Root and set your EV-OID.

In Windows, run certlm.msc (or certmgr.msc), browse to Local---Trusted Root and import your root certificate. Then double click to view your certificate, select Details tab, and press Edit Properties. Select Extended Validation Tab, and add your EV-OID there.

After these operations, use your Edge or IE to browse your website, you will be able to see the green address bar.

I've self-signed some "EV" certificates in this way. You can import the Reg File to trust my root certificate (I will paste it below) and use IE or Edge to visit https://pki.jemmylovejenny.tk to view the EV green address bar. enter image description here Note: I've embedded the EV-OID in the Reg File, so that you needn't set my custome EV-OID by yourself.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\E403A1DFC8F377E0F4AA43A83EE9EA079A1F55F2]
"Blob"=hex:09,00,00,00,01,00,00,00,ca,00,00,00,30,81,c7,06,0a,2b,06,01,04,01,\
  82,37,40,01,01,06,0a,2b,06,01,04,01,82,37,0a,03,2a,06,05,67,81,05,08,03,06,\
  05,67,81,05,08,02,06,05,67,81,05,08,01,06,08,2b,06,01,05,05,07,03,09,06,08,\
  2b,06,01,05,05,08,02,02,06,0a,2b,06,01,04,01,82,37,0a,03,0c,06,0a,2b,06,01,\
  04,01,82,37,0a,03,0a,06,0a,2b,06,01,04,01,82,37,0a,05,01,06,0a,2b,06,01,04,\
  01,82,37,14,02,02,06,0a,2b,06,01,04,01,82,37,0a,06,02,06,0a,2b,06,01,04,01,\
  82,37,0a,06,01,06,0a,2b,06,01,04,01,82,37,0a,03,04,06,08,2b,06,01,05,05,07,\
  03,08,06,08,2b,06,01,05,05,07,03,04,06,08,2b,06,01,05,05,07,03,03,06,08,2b,\
  06,01,05,05,07,03,02,06,08,2b,06,01,05,05,07,03,01,5c,00,00,00,01,00,00,00,\
  04,00,00,00,00,10,00,00,03,00,00,00,01,00,00,00,14,00,00,00,e4,03,a1,df,c8,\
  f3,77,e0,f4,aa,43,a8,3e,e9,ea,07,9a,1f,55,f2,19,00,00,00,01,00,00,00,10,00,\
  00,00,79,d8,e3,98,56,b0,54,09,13,de,fb,48,5e,73,ed,62,14,00,00,00,01,00,00,\
  00,14,00,00,00,05,25,86,2f,65,36,a1,e5,9d,9e,ca,5c,09,19,ad,0e,3d,96,26,1d,\
  0f,00,00,00,01,00,00,00,14,00,00,00,52,bf,46,22,03,12,1a,b2,71,f4,8f,f1,a3,\
  2d,37,3f,d9,f1,23,99,04,00,00,00,01,00,00,00,10,00,00,00,dc,91,1e,8d,a3,a1,\
  86,bb,4d,52,ee,c0,e5,7b,51,55,53,00,00,00,01,00,00,00,23,00,00,00,30,21,30,\
  1f,06,09,60,86,48,01,a4,a2,27,02,01,30,12,30,10,06,0a,2b,06,01,04,01,82,37,\
  3c,01,01,03,02,00,c0,20,00,00,00,01,00,00,00,d3,05,00,00,30,82,05,cf,30,82,\
  03,b7,a0,03,02,01,02,02,04,1e,b1,32,d5,30,0d,06,09,2a,86,48,86,f7,0d,01,01,\
  05,05,00,30,76,31,0b,30,09,06,03,55,04,06,13,02,43,4e,31,23,30,21,06,03,55,\
  04,0a,0c,1a,4a,65,6d,6d,79,4c,6f,76,65,4a,65,6e,6e,79,20,50,4b,49,20,53,65,\
  72,76,69,63,65,31,1e,30,1c,06,03,55,04,0b,0c,15,70,6b,69,2e,6a,65,6d,6d,79,\
  6c,6f,76,65,6a,65,6e,6e,79,2e,74,6b,31,22,30,20,06,03,55,04,03,0c,19,4a,65,\
  6d,6d,79,4c,6f,76,65,4a,65,6e,6e,79,20,45,56,20,52,6f,6f,74,20,43,41,30,20,\
  17,0d,30,30,30,31,30,31,30,30,30,30,30,30,5a,18,0f,32,30,39,39,31,32,33,31,\
  32,33,35,39,35,39,5a,30,76,31,0b,30,09,06,03,55,04,06,13,02,43,4e,31,23,30,\
  21,06,03,55,04,0a,0c,1a,4a,65,6d,6d,79,4c,6f,76,65,4a,65,6e,6e,79,20,50,4b,\
  49,20,53,65,72,76,69,63,65,31,1e,30,1c,06,03,55,04,0b,0c,15,70,6b,69,2e,6a,\
  65,6d,6d,79,6c,6f,76,65,6a,65,6e,6e,79,2e,74,6b,31,22,30,20,06,03,55,04,03,\
  0c,19,4a,65,6d,6d,79,4c,6f,76,65,4a,65,6e,6e,79,20,45,56,20,52,6f,6f,74,20,\
  43,41,30,82,02,22,30,0d,06,09,2a,86,48,86,f7,0d,01,01,01,05,00,03,82,02,0f,\
  00,30,82,02,0a,02,82,02,01,00,b5,bf,16,4c,e2,67,33,2d,80,ff,ed,87,e9,49,04,\
  1e,a0,b8,dd,6e,43,89,cc,2e,ce,1e,26,06,c7,dc,40,85,d7,56,31,f5,bf,99,e3,b6,\
  0a,4d,be,48,dc,73,37,e8,ed,c9,5d,d0,2a,ca,56,8a,11,9c,28,84,dd,8c,ec,d0,c1,\
  74,58,5e,1b,6e,c8,9e,47,f3,7f,28,62,6b,b4,2a,bb,0f,7c,b0,ee,0f,25,d1,1e,26,\
  80,26,93,7b,fc,45,87,de,5d,7c,d8,9d,9c,d3,fe,e6,34,12,07,24,a3,77,1d,3d,ec,\
  3b,a2,65,39,8f,84,27,4b,c7,2d,68,3b,e7,98,27,06,d9,9e,24,f4,ff,e8,43,70,fb,\
  7b,0c,8d,56,44,9c,1b,db,2d,53,ca,85,a5,5e,a1,2b,4c,b6,5a,a6,91,fb,bc,eb,57,\
  c3,cb,92,4d,ed,73,2c,25,2a,96,80,69,03,0d,bd,3a,2b,f0,c8,fa,02,7b,7a,b6,af,\
  c3,25,b4,39,d4,ed,c7,ba,d1,d3,e5,7d,fa,24,47,05,d3,6b,ae,51,6d,aa,94,37,8e,\
  a3,a8,7e,54,aa,d2,1d,eb,54,7b,1b,c6,59,ca,61,1b,05,da,6f,47,3f,6d,ed,fc,76,\
  16,bb,9a,86,83,8c,b2,b1,be,86,ff,21,69,d4,bc,c9,07,85,27,fa,4e,57,9a,cf,c1,\
  d6,49,33,97,51,c2,e6,52,14,32,cf,6b,5f,26,66,6f,2c,73,2e,c5,67,a2,f5,c8,9f,\
  62,a3,4b,4a,73,35,22,38,b0,2d,98,1e,af,90,5c,6a,66,eb,e5,70,b2,0d,6a,e5,7d,\
  97,84,20,f3,4a,b6,79,26,8d,89,10,21,70,31,fa,6c,69,83,1f,48,5e,ab,30,c4,45,\
  78,92,42,97,7e,2c,9d,2d,f3,f0,f1,aa,4e,c0,ca,e5,61,24,18,ff,df,01,27,b7,d5,\
  80,9e,7a,18,03,12,1d,5b,0f,f8,25,37,ab,11,2a,49,d7,94,6a,51,ec,8c,46,91,33,\
  2d,5f,fa,41,54,71,f2,d9,5e,10,44,00,77,6c,21,25,0a,e0,0d,58,7b,23,3b,22,a5,\
  96,db,16,9e,05,83,c0,02,7c,59,81,45,44,96,3e,66,a5,eb,29,3e,a1,15,23,e3,38,\
  d9,24,24,4b,d3,6b,6d,27,22,7e,ec,f8,48,c3,ae,f3,9b,75,61,23,59,5c,64,6d,36,\
  d6,cd,f5,70,b7,2f,e9,fb,ef,77,9e,0a,fa,1d,b7,cf,4c,c8,19,64,b3,66,44,1f,80,\
  32,33,7a,32,8f,3c,98,89,97,d0,a2,7d,2d,8d,ce,89,1c,22,1a,51,4a,b3,02,03,01,\
  00,01,a3,63,30,61,30,0e,06,03,55,1d,0f,01,01,ff,04,04,03,02,01,86,30,0f,06,\
  03,55,1d,13,01,01,ff,04,05,30,03,01,01,ff,30,1d,06,03,55,1d,0e,04,16,04,14,\
  05,25,86,2f,65,36,a1,e5,9d,9e,ca,5c,09,19,ad,0e,3d,96,26,1d,30,1f,06,03,55,\
  1d,23,04,18,30,16,80,14,05,25,86,2f,65,36,a1,e5,9d,9e,ca,5c,09,19,ad,0e,3d,\
  96,26,1d,30,0d,06,09,2a,86,48,86,f7,0d,01,01,05,05,00,03,82,02,01,00,ad,21,\
  ca,af,24,b3,bf,a5,ae,38,07,83,45,3b,61,41,9a,46,25,b1,ad,f9,76,ca,6e,e7,7f,\
  80,20,63,84,2f,d2,ca,48,79,dd,f3,9d,f1,a0,ca,77,9b,b3,13,fb,86,d1,24,16,07,\
  b6,df,5e,86,8a,d9,cd,db,69,e1,9b,af,31,07,c2,2c,f9,51,56,9d,c8,d5,f8,9d,b4,\
  b4,ab,7b,85,9b,61,48,2b,10,df,9b,fc,ce,81,c4,f1,b8,6c,77,d4,0a,5e,e2,80,5a,\
  46,0d,d0,d6,ea,16,5f,86,e6,70,85,09,7d,15,90,90,41,6b,07,de,58,ec,e9,77,64,\
  bd,1a,b9,d3,c1,97,d1,e5,2a,a1,32,18,2f,68,fe,19,62,f1,94,b2,2e,1a,5a,9d,4d,\
  25,c4,6c,9e,97,a8,a6,fd,e4,ec,57,29,6b,4a,50,9e,b6,dc,c8,be,7b,25,ff,10,4e,\
  f9,89,2d,41,3c,93,66,23,51,b7,f3,ba,b4,72,5a,aa,dd,18,ad,f6,5e,fb,a7,42,24,\
  db,d1,dd,71,83,56,d6,8e,20,50,46,d6,48,ac,74,e1,1d,3b,e7,49,4d,0d,ba,37,c5,\
  1a,46,7a,f5,7c,72,1a,25,96,8a,b1,e6,a4,84,16,00,9c,fb,2a,c1,c0,63,24,5d,93,\
  ec,24,59,ac,26,27,78,e9,07,e4,b9,aa,5b,f6,66,db,80,83,44,c8,38,57,d6,32,ae,\
  46,fe,2d,ab,a8,3d,14,97,a1,55,bb,9d,a7,67,ca,7f,e5,67,b2,18,df,fd,a7,aa,61,\
  05,55,01,b2,f5,15,cd,0f,d8,b8,30,a6,7c,82,b7,65,f5,2c,f8,0f,07,7e,a1,77,48,\
  03,95,a2,9c,8d,be,9c,d5,72,71,52,57,a7,ce,f5,8a,d6,32,18,e0,5d,16,f0,09,6b,\
  d4,96,e1,2d,17,bf,77,90,b9,dd,b6,31,8f,b9,1a,2a,3f,33,95,dd,55,e4,ba,73,9c,\
  2c,8d,15,44,2f,bc,8d,e4,1b,ad,e1,32,d1,a2,3f,b5,a2,84,4e,6b,08,06,22,08,f9,\
  19,1e,1f,3c,a0,a5,50,4e,07,cf,4b,3f,2b,aa,68,3b,dc,0d,c1,0a,8a,66,31,b3,d4,\
  64,81,64,17,98,a4,a3,7b,35,ad,a8,00,10,4d,8b,c7,0c,0f,c3,1f,66,15,28,4c,b1,\
  22,95,92,ee,07,21,39,b6,a1,5a,8a,d9,e1,a8,13,5b,b4,fe,7b,42,6d,5e,69,ca,1a,\
  9a,42,0d,7c,e3,61,24,90,d4,d9,42,18,35,a8,9a,05,f1,4e,3c,a3,fd,98,7c,51,cd,\
  62,f2,92,69,45,cf,bf,f3,2c,aa
Jemmy1228
  • 195
  • 1
  • 6
4

You actually are able to generate a Certification Authority to generate EV certificates, but you would have to go down to the Gecko or Chromium sources and add the object IDs, I think. And yeah, then, that would only work on that custom made browser of yours

EDIT: a user has given a way to "patch" Gecko (Firefox) with own Object IDs above, which I'd like to share in an answer instead of the small comment.

roll your own EV in Firefox – user42178 Mar 29 '15 at 16:45
Link: http://blog.sidstamm.com/2009/04/roll-your-own-ev.html

christopher westburry
  • 141
  • 3
4

You can not generate your own EV certificates and especially you can not generate self-signed EV certificates. Only some CA's are able to generate these and these CA's are specifically marked in the SSL stacks of the browser or operating systems. If you want to create EV by yourself you would have to change the SSL stack used by the browser to accept the certificate as EV.

For more details of the process of deciding if a certificate is EV or not you might have a look at https://stackoverflow.com/questions/14705157/how-to-check-if-a-x509-certificate-has-extended-validation-switched-on

Community
  • 1
Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424