Hi everyone.
I'm about to buy used EV from Switzerland and I do have a simple question about the registration certificate for vehicles over there. What I need to know is if anywhere on the registration certificate is noted that the car is EV? Is there special category for this?
Thanks in advance
Iβve never really used cpanel before, but a client has an EV certificate with their company name attached which covers βexample.comβ and βwwwβ. The supplier for the certificate also included a wildcard certificate β*.example.comβ and offered a refund if it didnβt work. This was designed to cover all the pre-created subdomains that the Cpanel host offered (admin.example.com, mail, etc.) how could I properly implement this.
Hi, I've been having an issue with paypal's website (I'm in the US). Like most other financial websites, paypal uses an EV (Extended Validation) SSL certificate. One of the features of using an EV SSL certificate is that when you click on the lock symbol to the left of the domain name in your browser you will see "Issued to: company name" below where it says "Certificate (Valid)". Previously when I visited the site and clicked the lock I would see:
Certificate (Valid)
Issued to: PayPal, Inc. [US]
Now it only shows the first line. When I look at the full certificate viewer it still appears to be an EV SSL cert, and nothing else looks wrong with it. I've tried a few different browsers (Chrome and Microsoft Edge) and it makes no difference. Oddly enough, other paypal sites such as their developer tools subdomain and Xoom have the "Issued to: PayPal, Inc. [US]" there like normal.
I'm trying to figure out if something is wrong on my end or if it's something wrong on their end. Are other US paypal users not seeing "Issued to: PayPal, Inc. [US]" when they click the lock symbol, or is it just me? Thanks!
I know that the .exe files cause Microsoft Windows boxes to throw those smart screen warnings on install, and I also know a certificate could be used by a company to keep that from happening.
So my question/proposal is what if we started a go fund me where all of us throw in a few bucks to buy a cert for meshcentral?
What are the pitfalls?
Does someone have experience doing this kind of thing and the tools?
Any objections from the project itself?
I can get a cert for the business I do with mesh and other products as well, but I really think mesh does so much for a lot of us, we could harness that goodwill in $5 each to get a cert just out of the box for the mesh install. I could be missing something though, so help me reddit, what did I miss?
Also I would want to have strong support from /u/ylianst, I don't want something that is trying to be helpful be just more of a pain and hassle for you. So if you see some pitfalls here, don't even explain what they would be, just let us know its a non-starter on your side. I don't want this to turn into the time I gave my wife a vacuum cleaner for her birthday. I miss her.
my customer has an ev cert on his webserver. the validationprocess is working very very bad. it takes up at least 5 chats.
my customer does not understand english. the reseller does not understand what it means, if someone does not make his it him self. the indian call center have 0 knowledge about office times. the ca has no idea of my local law. the developer of the customer's erp system has no idea from webservers.
it's not financially sustainable to carry this process anymore, to do this every year (thx to apple).
so there is only one way: set a reverse proxy in place and use let's encrypt.
that anoying process of the validation is just not reasonable. at my country there is no need to stand in a official registry if you own a company. and if you have an entry in the trade registry, there is nothing about phone numbers.
and that all, just because some think, that this is 'security'. neither the shorten of the intervalls, nor the validation process are parts of security for the end-consumer. he get such a huche amount of messages everyday, that he just ignores everything. and: having a valid ssl certificate does not mean your system is clean.
As part of our redeployment / backend refresh we are renewing the EV certificate for https://hzwjmjimhr7bdmfv2doll4upibt5ojjmpo3pbp5ctwcg37n3hyk7qzid.onion
Since there has been some discussion around renewal times for EV certificates and .onions (in regards to the Facebook downtime) we thought it might be worth running a sort of 'live blog' of our progress.
Because the clearnet browsers are binning the EV indicator we are requesting a re-issue of the current certificate to remove the ablative.hosting and www.ablative.hosting DNS SANs before requesting a renewal of the certificate for hzwjmjimhr7bdmfv2doll4upibt5ojjmpo3pbp5ctwcg37n3hyk7qzid.onion and *.hzwjmjimhr7bdmfv2doll4upibt5ojjmpo3pbp5ctwcg37n3hyk7qzid.onion
You can track the Certificate Transparency logs here: https://crt.sh/?q=hzwjmjimhr7bdmfv2doll4upibt5ojjmpo3pbp5ctwcg37n3hyk7qzid.onion
| Timestamp* | Action / Result |
|---|---|
| 2019-12-20 09:30 UTC | Requested DNS SAN change |
| 2020-01-21 23:04:56 UTC | Digicert issued our new certificate |
| 2020-01-22 13:30:00 UTC | 1 Year Renewal requested |
| 2020-01-24 23:05:18 UTC | All previous EV certificates have been revoked! |
Hi,
I know, EV certificates have been pronounced dead by some people, but they are still useful to prevent phishing in a company environment... If they are shown that is.
Chrome 76 shows the EV company name certificate in grey. That's fine. Edge in green - fine as well.
Firefox ESR 60 and 68 seem to not show them at all. This also seems not to be an issue with our page, ssllabs is not showing any issues and firefox is not displaying the EV name of banks etc. as well.
Is this a settings issue, that I might be able to fix by rolling out a new Firefox config?
Edit: I have tested the above on Windows and Ubuntu. I now tried a third machine, also ubuntu, also Firefox 68, here it is shown. I am a bit lost as to why...
At the moment I'm not so much concerned about "everyone out there", but about our employees accessing a vital page.
Thanks
Hello there, this is my first time posting here and I've looked all over the internet and couldn't find a definite answer, so I hope someone can help me out.
The company I work for runs an enterprise CA that issues EV certs for internal websites, their goal by using EV is to avoid employees falling for phishing scams. This has worked so far with Windows and IE; we simply add the Extended Validation OID to the trusted Root CA and issue certificates containing it and IE recognises it and shows the green bar.
Anyways, we would like to switch for Firefox since IE is no longer suitable and I would like to know if there's anyway we can issue EV certificates from our Enterprise CA and have Firefox recognise it as valid.
Hi all,
I don't understand why Brave doesn't show the EV SSL certificate indicator. I think that it's very important to recognise the weak / stronger certificate. For example, I want to be sure when I'm connecting to my bank website or other sensitive websites that is really the true websites with the EV certificate.
Thanks;
Hi, I see that Symantec is the only company that force to install a certificate only on a single server.
Is it a good thing for you or it is only for make more money ?
Which is your favourite EV certificates company ? And Why ?
Thanks for help
Hello,
In terms of SSL Certificate in SAP PO production environment, is it better to use DV/OV/EV?
I read in some CA sites that they mostly recommend EV as the most secure certificate for organizations (as people can see the green mark on the browser), but in case of SAP PO where user won't likely open the server with browser as it is mostly for interfaces. Do we need to go for EV?
What kind of validation/checking they do to apply for OV/EV?
Thank you.
I was just shopping zero-knowledge cloud backup for a client and went to compare two of my favorites: SpiderOak and sync.com.
I noticed that sync.com has an extended validation SSL certificate and SpiderOak does not. [For those unfamiliar with EV SSL certs, look to the left of the URL and instead of just seeing a lock in green -- a "domain validation" certificate" -- you'll see the name of the company that owns the web site. You can click on the company name for more information. The specific way the level of validation is communicated in the browser varies some according to which browser you are using.]
Reddit uses only Domain Validation, not Extended Validation.
In order to get extended validation, the company needs to spend more money and supposedly prove they are who they say they are. With the cheaper "Domain Validation" you only need to prove that you have control over the domain name.
So I'm wondering what you all think about whether it is of real value.
I must say in this comparison I just did, it makes me question the professionalism of SpiderOak a bit. For a company selling security, why wouldn't you get extended validation? It makes me wonder. If they aren't paying attention to this bit of detail which is viewable to the whole world, might they be skipping quality control in aspects of their business that aren't viewable to the public?
Today I saw a message in the console:
> As part of an experiment, Chrome temporarily shows only the lock icon in the address bar. Your SSL certificate with Extended Validation is still valid.
And indeed, the omnibox in the browser chrome was showing just a "lock" without the legal name of the company that owned the certificate. Turns out, this experiment has been going on since at least this summer.
What do you think about this potential change? Do you ever bother to notice if the domain has the long-form EV title or just the "lock" icon?
I'm personally glad that the sites with EV certificates might be displayed only with domain name like DV certificates. EV certificates are a scam: EV certificates cost a lot more (usually in hundreds of dollars a year, while Let's Encrypt DV certificates are free), users don't seem to care about DV/EV distinction, and EV certificate issuance process is flawed to the point of being pointless. Some researcher actually obtained an EV certificate for "Stripe, Inc."; he showed that with $100 in legal expenses you can establish a corporation and apply for the EV certificate. What's more, since Safari UI displays only the name of the company for EV certificates, the fake site was indistinguishable from the real one (if you could see the domains, you would easily distinguish between stripe.ian.sh and stripe.com).
