Generating Extended Validation (EV) SSL Certificates

Just did a project for the “Innovation” team of a large corp. They wanted to see the EV SSL certificates make the IE 7 browser to go green on their test site.

To generate the EV SSL Cert request, I used the following extensions in the openssl .cnf file:

[ ev_req ]

basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment

# For the EV cert policy
certificatePolicies=ia5org,@xyzpolicy

[ ev_cert ]

basicConstraints=CA:FALSE

subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always

# For the EV cert policy
certificatePolicies=ia5org,@xyzpolicy

[ xyzpolicy ]

policyIdentifier=1.3.1.1.1.1
CPS.1=”http://www.xyz.com/cps-statement.html
userNotice.1=@xyznotice

[ xyznotice ]

explicitText=”Any use of this Certificate constitutes acceptance of the XYZ EV Demo”

Use the above setting in the ev.cnf file and then generate the cert request using the following command:

openssl req -config ev.cnf -key key.pem -out evreq.pem -subj “/C=US/ST=California/O=XYZ/CN=www.xyz.com” -new -reqexts ev_req

此条目发表在article分类目录,贴了, 标签。将固定链接加入收藏夹。