Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

Pesquisar no apoio

Evite burlas no apoio. Nunca iremos solicitar que telefone ou envie uma mensagem de texto para um número de telefone ou que partilhe informações pessoais. Por favor, reporte atividades suspeitas utilizando a opção "Reportar abuso".

Saber mais

Clarify Extended Validation

  • 2 respostas
  • 1 tem este problema
  • 5 visualizações
  • Última resposta por cor-el

more options

I am trying to establish that a Web site uses Extended Validation as described in [https://support.mozilla.org/en-US/kb/.../how-do-i-tell-if-my-connection-is-secure]. It says:

"For sites using EV certificates, the legal company or organization name and location of the website owner displays when you click the gray padlock."

Here is a site that I am highly confident uses extended validation. You can read this for more details on why this matters a great deal read this for more details on why this matters a great deal. When I click on the gray padlock, I get a simple pop-up that doesn't display the legal company/org name or location of the web site! But it does show a gray padlock, green text "Connection Secure", and a clickable right-arrow. I then click on "more information", then "View Certificate" to finally get org details...but I still have no idea if this is an EV certificate! The only clue may be the detail "Extended Key Usages" "Purposes: Server Authentication, Client Authentication". I want to conclude that this means this is an EV certificate, but I am unable to find any documentation from Firefox/Mozilla that proves that this is an EV certificate. I suppose I could phone the organization and manually verify their details vs. what it says on the certificate, but this is a lot of work! Worse, for large organizations that go by different names and addresses, it could be a legit connection to the org's Web server, but what they tell me on the phone still might not match what the certificate says.

Can anybody shed light on this? How can I easily verify that this is an EV certificate?

I am currently running Firefox 76.0.1 (64-bit) on Win 7.

Previously, Firefox made this easy by displaying a green padlock symbol. Some Firefox forks still do, such as the *current* version of Tor Browser which is 9.0.10 (based on Mozilla Firefox 68.8.0esr) (32-bit).

Why did Firefox stop displaying the green padlock?

I am trying to establish that a Web site uses Extended Validation as described in [[https://support.mozilla.org/en-US/kb/how-do-i-tell-if-my-connection-is-secure|https://support.mozilla.org/en-US/kb/how-do-i-tell-if-my-connection-is-secure]]. It says: "For sites using EV certificates, the legal company or organization name and location of the website owner displays when you click the gray padlock." [https://www.grc.com/fingerprints.htm Here] is a site that I am highly confident uses extended validation. You can [https://www.grc.com/ssl/ev.htm read this for more details on why this matters a great deal] read this for more details on why this matters a great deal. When I click on the gray padlock, I get a simple pop-up that doesn't display the legal company/org name or location of the web site! But it does show a gray padlock, green text "Connection Secure", and a clickable right-arrow. I then click on "more information", then "View Certificate" to finally get org details...but I still have no idea if this is an EV certificate! The only clue may be the detail "Extended Key Usages" "Purposes: Server Authentication, Client Authentication". I want to conclude that this means this is an EV certificate, but I am unable to find any documentation from Firefox/Mozilla that proves that this is an EV certificate. I suppose I could phone the organization and manually verify their details vs. what it says on the certificate, but this is a lot of work! Worse, for large organizations that go by different names and addresses, it could be a legit connection to the org's Web server, but what they tell me on the phone still might not match what the certificate says. '''Can anybody shed light on this? How can I easily verify that this is an EV certificate?''' I am currently running Firefox 76.0.1 (64-bit) on Win 7. Previously, Firefox made this easy by displaying a green padlock symbol. Some Firefox forks still do, such as the *current* version of Tor Browser which is 9.0.10 (based on Mozilla Firefox 68.8.0esr) (32-bit). '''Why did Firefox stop displaying the green padlock?'''
Capturas de ecrã anexadas

Todas as respostas (2)

more options

This is from Firefox 76, but it may also be true for Firefox 68: EVSSL certificates have a verified owner so Firefox shows the owner name on the drop-down. Paypal is my usual example. Domain-validated certificates do not show an owner name in that position.

more options

See also "Page Info -> Security".

  • click the padlock icon at the left end of the location/address bar
  • click the arrow to expand the security message
  • click "More Information" to open "Tools -> Page Info"