On 6/13/2012 10:05 AM, Vladimir Belov wrote: > I need to make some corrections. > > So, I think maybe there is a arrangement of CA's companies(Verisign,Thawte > and others) with > browser's companies(Microsoft, Opera, Mozilla) that a special root or trusted > CA’s certificate > is use for Extended Validation. Therefore, any web server's certificate which > is signed with > this special cert is treated as cert with Extended Validation and a green bar > is displayed. > > Who has another point of view? Maybe there are some special extensions of > X.509v3? > > > Regards, > > Vladimir. > I'm not sure why the guy at Thawte got secretive and rude to you, because it's open information and you were close to the mark the first time: https://en.wikipedia.org/wiki/Extended_Validation_Certificate#Extended_Validation_certificate_identification
It's a bit confusing because most (maybe all?) vendors use a different intermediate cert for their EV certs, but that doesn't matter, only the presence or absence of the OID does. Joshua Bowman ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org