We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Clarify Extended Validation

  • 2 majibu
  • 1 ana tatizo hili
  • 5 views
  • Last reply by cor-el

more options

I am trying to establish that a Web site uses Extended Validation as described in [https://support.mozilla.org/en-US/kb/.../how-do-i-tell-if-my-connection-is-secure]. It says:

"For sites using EV certificates, the legal company or organization name and location of the website owner displays when you click the gray padlock."

Here is a site that I am highly confident uses extended validation. You can read this for more details on why this matters a great deal read this for more details on why this matters a great deal. When I click on the gray padlock, I get a simple pop-up that doesn't display the legal company/org name or location of the web site! But it does show a gray padlock, green text "Connection Secure", and a clickable right-arrow. I then click on "more information", then "View Certificate" to finally get org details...but I still have no idea if this is an EV certificate! The only clue may be the detail "Extended Key Usages" "Purposes: Server Authentication, Client Authentication". I want to conclude that this means this is an EV certificate, but I am unable to find any documentation from Firefox/Mozilla that proves that this is an EV certificate. I suppose I could phone the organization and manually verify their details vs. what it says on the certificate, but this is a lot of work! Worse, for large organizations that go by different names and addresses, it could be a legit connection to the org's Web server, but what they tell me on the phone still might not match what the certificate says.

Can anybody shed light on this? How can I easily verify that this is an EV certificate?

I am currently running Firefox 76.0.1 (64-bit) on Win 7.

Previously, Firefox made this easy by displaying a green padlock symbol. Some Firefox forks still do, such as the *current* version of Tor Browser which is 9.0.10 (based on Mozilla Firefox 68.8.0esr) (32-bit).

Why did Firefox stop displaying the green padlock?

I am trying to establish that a Web site uses Extended Validation as described in [[https://support.mozilla.org/en-US/kb/how-do-i-tell-if-my-connection-is-secure|https://support.mozilla.org/en-US/kb/how-do-i-tell-if-my-connection-is-secure]]. It says: "For sites using EV certificates, the legal company or organization name and location of the website owner displays when you click the gray padlock." [https://www.grc.com/fingerprints.htm Here] is a site that I am highly confident uses extended validation. You can [https://www.grc.com/ssl/ev.htm read this for more details on why this matters a great deal] read this for more details on why this matters a great deal. When I click on the gray padlock, I get a simple pop-up that doesn't display the legal company/org name or location of the web site! But it does show a gray padlock, green text "Connection Secure", and a clickable right-arrow. I then click on "more information", then "View Certificate" to finally get org details...but I still have no idea if this is an EV certificate! The only clue may be the detail "Extended Key Usages" "Purposes: Server Authentication, Client Authentication". I want to conclude that this means this is an EV certificate, but I am unable to find any documentation from Firefox/Mozilla that proves that this is an EV certificate. I suppose I could phone the organization and manually verify their details vs. what it says on the certificate, but this is a lot of work! Worse, for large organizations that go by different names and addresses, it could be a legit connection to the org's Web server, but what they tell me on the phone still might not match what the certificate says. '''Can anybody shed light on this? How can I easily verify that this is an EV certificate?''' I am currently running Firefox 76.0.1 (64-bit) on Win 7. Previously, Firefox made this easy by displaying a green padlock symbol. Some Firefox forks still do, such as the *current* version of Tor Browser which is 9.0.10 (based on Mozilla Firefox 68.8.0esr) (32-bit). '''Why did Firefox stop displaying the green padlock?'''
Attached screenshots

All Replies (2)

more options

This is from Firefox 76, but it may also be true for Firefox 68: EVSSL certificates have a verified owner so Firefox shows the owner name on the drop-down. Paypal is my usual example. Domain-validated certificates do not show an owner name in that position.

more options

See also "Page Info -> Security".

  • click the padlock icon at the left end of the location/address bar
  • click the arrow to expand the security message
  • click "More Information" to open "Tools -> Page Info"