On Mon, Sep 12, 2011 at 11:39 PM, Jimmy Hess <mysi...@gmail.com> wrote: > On Mon, Sep 12, 2011 at 7:08 AM, Coy Hile <coy.h...@coyhile.com> wrote: >> As an academic aside, exactly what would one set on his (internal) >> root CA so that internally-trusted certs signed by that CA would show >> up as EV certs? > > This is not possible without changing browser source code and recompiling > (or debugging/editing the browser binary). > The IDs of certificates that are allowed to sign EVSSL CAs are > hard-wired in the browser. > In some browsers, this also means it's impossible for an end user to > "untrust" or remove > an EVSSL CA. > > It also means you cannot as a site adminsitrator, make an > administrative decision to internally > add an internal EVSSL CA, without customizing every browser. > > If you ask me... it's shoddy software design. EVSSL CAs should be > configurable, > but none of the major browsers provide the knobs to manually add or > remove EVSSL > access to/from a trusted CA. >
Thanks. I saw something about it on TechNet. (I'm using Windows for my internal CA). I'm guessing those instructions may work for IE only. If I find anything interesting, I'll let you know.
