Just did a project for the “Innovation” team of a large corp. They wanted to see the EV SSL certificates make the IE 7 browser to go green on their test site.
To generate the EV SSL Cert request, I used the following extensions in the openssl .cnf file:
[ ev_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# For the EV cert policy
certificatePolicies=ia5org,@xyzpolicy
[ ev_cert ]
basicConstraints=CA:FALSE
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
# For the EV cert policy
certificatePolicies=ia5org,@xyzpolicy
[ xyzpolicy ]
policyIdentifier=1.3.1.1.1.1
CPS.1=”http://www.xyz.com/cps-statement.html”
userNotice.1=@xyznotice
[ xyznotice ]
explicitText=”Any use of this Certificate constitutes acceptance of the XYZ EV Demo”
Use the above setting in the ev.cnf file and then generate the cert request using the following command:
openssl req -config ev.cnf -key key.pem -out evreq.pem -subj “/C=US/ST=California/O=XYZ/CN=www.xyz.com” -new -reqexts ev_req