为提升您的使用体验,本站正在维护,部分功能暂时无法使用。如果本站文章无法解决您的问题,您想要向社区提问的话,请到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 提问,我们的支持社区将会很快回复您的疑问。

Avatar for Username

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

话题已存档。 如果需要帮助请提出新问题。

Clarify Extended Validation

  • 2 个回答
  • 1 人有此问题
  • 5 次查看
  • 最后回复者为 cor-el

John H.
John H.
more options

I am trying to establish that a Web site uses Extended Validation as described in [https://support.mozilla.org/en-US/kb/.../how-do-i-tell-if-my-connection-is-secure]. It says:

"For sites using EV certificates, the legal company or organization name and location of the website owner displays when you click the gray padlock."

Here is a site that I am highly confident uses extended validation. You can read this for more details on why this matters a great deal read this for more details on why this matters a great deal. When I click on the gray padlock, I get a simple pop-up that doesn't display the legal company/org name or location of the web site! But it does show a gray padlock, green text "Connection Secure", and a clickable right-arrow. I then click on "more information", then "View Certificate" to finally get org details...but I still have no idea if this is an EV certificate! The only clue may be the detail "Extended Key Usages" "Purposes: Server Authentication, Client Authentication". I want to conclude that this means this is an EV certificate, but I am unable to find any documentation from Firefox/Mozilla that proves that this is an EV certificate. I suppose I could phone the organization and manually verify their details vs. what it says on the certificate, but this is a lot of work! Worse, for large organizations that go by different names and addresses, it could be a legit connection to the org's Web server, but what they tell me on the phone still might not match what the certificate says.

Can anybody shed light on this? How can I easily verify that this is an EV certificate?

I am currently running Firefox 76.0.1 (64-bit) on Win 7.

Previously, Firefox made this easy by displaying a green padlock symbol. Some Firefox forks still do, such as the *current* version of Tor Browser which is 9.0.10 (based on Mozilla Firefox 68.8.0esr) (32-bit).

Why did Firefox stop displaying the green padlock?

I am trying to establish that a Web site uses Extended Validation as described in [[https://support.mozilla.org/en-US/kb/how-do-i-tell-if-my-connection-is-secure|https://support.mozilla.org/en-US/kb/how-do-i-tell-if-my-connection-is-secure]]. It says: "For sites using EV certificates, the legal company or organization name and location of the website owner displays when you click the gray padlock." [https://www.grc.com/fingerprints.htm Here] is a site that I am highly confident uses extended validation. You can [https://www.grc.com/ssl/ev.htm read this for more details on why this matters a great deal] read this for more details on why this matters a great deal. When I click on the gray padlock, I get a simple pop-up that doesn't display the legal company/org name or location of the web site! But it does show a gray padlock, green text "Connection Secure", and a clickable right-arrow. I then click on "more information", then "View Certificate" to finally get org details...but I still have no idea if this is an EV certificate! The only clue may be the detail "Extended Key Usages" "Purposes: Server Authentication, Client Authentication". I want to conclude that this means this is an EV certificate, but I am unable to find any documentation from Firefox/Mozilla that proves that this is an EV certificate. I suppose I could phone the organization and manually verify their details vs. what it says on the certificate, but this is a lot of work! Worse, for large organizations that go by different names and addresses, it could be a legit connection to the org's Web server, but what they tell me on the phone still might not match what the certificate says. '''Can anybody shed light on this? How can I easily verify that this is an EV certificate?''' I am currently running Firefox 76.0.1 (64-bit) on Win 7. Previously, Firefox made this easy by displaying a green padlock symbol. Some Firefox forks still do, such as the *current* version of Tor Browser which is 9.0.10 (based on Mozilla Firefox 68.8.0esr) (32-bit). '''Why did Firefox stop displaying the green padlock?'''
已附加屏幕截图

所有回复 (2)

jscher2000 - Support Volunteer
jscher2000 - Support Volunteer
  • Top 25 Contributor
more options

This is from Firefox 76, but it may also be true for Firefox 68: EVSSL certificates have a verified owner so Firefox shows the owner name on the drop-down. Paypal is my usual example. Domain-validated certificates do not show an owner name in that position.

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

See also "Page Info -> Security".

  • click the padlock icon at the left end of the location/address bar
  • click the arrow to expand the security message
  • click "More Information" to open "Tools -> Page Info"