hello,is there any exact (updated) list of EV issuing CAs together with their policy OIDs (which differ for each CA) that would IE consult to display a certificate as a EV? Or is this just a matter of some generic checks only? Such as seeing the 1.3.6.1.4.1.311.60.2.1.3 (jurisdictionOfIncorporationCountryName) or 2.5.4.15 (businessCategory) in a certificate comming from a ANY trusted CA?can I establish my own enterprise CA that would issue EV certs for my enterprise only? This is only aprinciple question, this probably would not provide any advantage in an enterprise environment.thank you.ondrej.

I guess IE checks certificate policies extensions in certificate and looks for specific OID that identifiies aEVpolicy for specific CAs (that can issue EV certs).You can create an internal "EV enetrprise cert", follow these instructions http://blogs.technet.com/askds/archive/2009/08/14/extended-validation-support-for-websites-using-internal-certificates.aspx,you should get the green bar in IE :).Check out EV certificate guidelines for mroe documentation on EV certs in general (http://cabforum.org/EV_Certificate_Guidelines_V11.pdf).RegardsMartin

Martin Rublik is correct. When certificate chain is created, IE just checks root certificate OID's and Issuance Policies (Certificate Policies)in certificate. If both exist and both OID's are identical, IE show this green bar. [http://www.sysadmins.lv] As always enjoy the automation of tools within the Windows-based, .NET aware, WPF accessible, multi-processes on the same IP / Port usage, admin's automation tool, powershell.exe! Flowering Weeds

thank you very much. is anywhere a list of all "built-in" oids for public CAs?o.

I found only one link: http://en.wikipedia.org/wiki/Extended_Validation_Certificate[http://www.sysadmins.lv] As always enjoy the automation of tools within the Windows-based, .NET aware, WPF accessible, multi-processes on the same IP / Port usage, admin's automation tool, powershell.exe! Flowering Weeds