Цей вебсайт матиме обмежену функціональність, доки ми проводимо його обслуговування для поліпшення роботи. Якщо прочитана стаття не розв'язала вашу проблему і ви хочете поставити питання, наша спільнота підтримки з радістю допоможе вам на @FirefoxSupport у Twitter та /r/firefox на Reddit.

Шукати в статтях підтримки

Остерігайтеся нападів зловмисників. Mozilla ніколи не просить вас зателефонувати, надіслати номер телефону у повідомленні або поділитися з кимось особистими даними. Будь ласка, повідомте про підозрілі дії за допомогою меню “Повідомити про зловживання”

Докладніше

Ця тема перенесена в архів. Якщо вам потрібна допомога, запитайте.

Clarify Extended Validation

  • 2 відповіді
  • 1 має цю проблему
  • 3 перегляди
  • Остання відповідь від cor-el

more options

I am trying to establish that a Web site uses Extended Validation as described in [https://support.mozilla.org/en-US/kb/.../how-do-i-tell-if-my-connection-is-secure]. It says:

"For sites using EV certificates, the legal company or organization name and location of the website owner displays when you click the gray padlock."

Here is a site that I am highly confident uses extended validation. You can read this for more details on why this matters a great deal read this for more details on why this matters a great deal. When I click on the gray padlock, I get a simple pop-up that doesn't display the legal company/org name or location of the web site! But it does show a gray padlock, green text "Connection Secure", and a clickable right-arrow. I then click on "more information", then "View Certificate" to finally get org details...but I still have no idea if this is an EV certificate! The only clue may be the detail "Extended Key Usages" "Purposes: Server Authentication, Client Authentication". I want to conclude that this means this is an EV certificate, but I am unable to find any documentation from Firefox/Mozilla that proves that this is an EV certificate. I suppose I could phone the organization and manually verify their details vs. what it says on the certificate, but this is a lot of work! Worse, for large organizations that go by different names and addresses, it could be a legit connection to the org's Web server, but what they tell me on the phone still might not match what the certificate says.

Can anybody shed light on this? How can I easily verify that this is an EV certificate?

I am currently running Firefox 76.0.1 (64-bit) on Win 7.

Previously, Firefox made this easy by displaying a green padlock symbol. Some Firefox forks still do, such as the *current* version of Tor Browser which is 9.0.10 (based on Mozilla Firefox 68.8.0esr) (32-bit).

Why did Firefox stop displaying the green padlock?

I am trying to establish that a Web site uses Extended Validation as described in [[https://support.mozilla.org/en-US/kb/how-do-i-tell-if-my-connection-is-secure|https://support.mozilla.org/en-US/kb/how-do-i-tell-if-my-connection-is-secure]]. It says: "For sites using EV certificates, the legal company or organization name and location of the website owner displays when you click the gray padlock." [https://www.grc.com/fingerprints.htm Here] is a site that I am highly confident uses extended validation. You can [https://www.grc.com/ssl/ev.htm read this for more details on why this matters a great deal] read this for more details on why this matters a great deal. When I click on the gray padlock, I get a simple pop-up that doesn't display the legal company/org name or location of the web site! But it does show a gray padlock, green text "Connection Secure", and a clickable right-arrow. I then click on "more information", then "View Certificate" to finally get org details...but I still have no idea if this is an EV certificate! The only clue may be the detail "Extended Key Usages" "Purposes: Server Authentication, Client Authentication". I want to conclude that this means this is an EV certificate, but I am unable to find any documentation from Firefox/Mozilla that proves that this is an EV certificate. I suppose I could phone the organization and manually verify their details vs. what it says on the certificate, but this is a lot of work! Worse, for large organizations that go by different names and addresses, it could be a legit connection to the org's Web server, but what they tell me on the phone still might not match what the certificate says. '''Can anybody shed light on this? How can I easily verify that this is an EV certificate?''' I am currently running Firefox 76.0.1 (64-bit) on Win 7. Previously, Firefox made this easy by displaying a green padlock symbol. Some Firefox forks still do, such as the *current* version of Tor Browser which is 9.0.10 (based on Mozilla Firefox 68.8.0esr) (32-bit). '''Why did Firefox stop displaying the green padlock?'''
Прикріплені знімки екрана

Усі відповіді (2)

more options

This is from Firefox 76, but it may also be true for Firefox 68: EVSSL certificates have a verified owner so Firefox shows the owner name on the drop-down. Paypal is my usual example. Domain-validated certificates do not show an owner name in that position.

more options

See also "Page Info -> Security".

  • click the padlock icon at the left end of the location/address bar
  • click the arrow to expand the security message
  • click "More Information" to open "Tools -> Page Info"