Hi Jakob, I followed the similar question you posted on the OpenSSL users forum and I generally agree with the feedback they provided. I believe that browsers usually hardcode the list of CAs trusted to issue EV certificates. In terms of Firefox, I believe that the list can be found in:
http://mxr.mozilla.org/security/source/security/manager/ssl/src/nsIdentityChecking.cpp#83 Somebody please correct me if I am wrong. Otherwise, the only way to add EV CAs to Firefox might be to edit the list and recompile the browser. However, the people in the OpenSSL users list rightly pointed out that adding your own rogue EV CAs defeats the purpose of having EV certificates issued by CAs that conform to established EV policies. I would like to reiterate the question they asked you in the OpenSSL users forum: what are you trying to accomplish by adding your own EV CA cert? Regards, Peter Djalaliev On Aug 25, 7:35 pm, [EMAIL PROTECTED] wrote: > Hello, > > for "normal" CAs, it's an easy task to add them as trusted root to > Mozilla. Now I'm trying to setup my own local extended validation CA. > Is it possible to add it locally as trusted root? On the OpenSSL > mailing list I was told this wouldn't be an easy tasks, as EV CAs are > embedded differently than normal CAs. > > Thanks > Jakob _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
