快捷导航
众所周知,浏览器访问部署有SSL数字证书站点时会给予一把锁的提示,其中如果是部署有有效EVSSL证书时,还会使地址栏变为绿色,

01.png

今天,笔者就以数字证书签发机构StartCom官网为例,为大家介绍一下如何手工开启/关闭绿色地址栏的效果。

2017年4月10日,StartCom上线新站点(原站点 https://www.startssl.com,新站点 https://www.startcomca.com),以当前这两个站点部署的SSL证书和微软的根证书策略,访问前者会出现绿色地址栏效果,而访问后者不会,直观感觉与OVSSL无异(只有一把锁的标识)。

02.png

03.png

两份SSL证书PEM编码及其完整证书链分别如下:

-----BEGIN CERTIFICATE-----
MIIJMDCCCBigAwIBAgIQV1nviKPietRjHZZk8sy26zANBgkqhkiG9w0BAQsFADB4
MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjEpMCcGA1UECxMg
U3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxJjAkBgNVBAMTHVN0YXJ0
Q29tIENsYXNzIDQgRVYgU2VydmVyIENBMB4XDTE2MDQyODAzNTIyOVoXDTE4MDQy
ODAzNTIyOVowggEcMRMwEQYLKwYBBAGCNzwCAQMTAklMMRgwFgYLKwYBBAGCNzwC
AQIMB0hhRGFyb20xFjAUBgsrBgEEAYI3PAIBAQwFRWlsYXQxHTAbBgNVBA8MFFBy
aXZhdGUgT3JnYW5pemF0aW9uMRIwEAYDVQQFEwk1MTM3NDczMDMxCzAJBgNVBAYT
AklMMRAwDgYDVQQIDAdIYURhcm9tMQ4wDAYDVQQHDAVFaWxhdDEOMAwGA1UEEQwF
ODgwMDAxEzARBgNVBAkMCkhhIFNhcGFuIDUxMTAvBgNVBAoMKFN0YXJ0Q29tIEx0
ZC4gKFN0YXJ0IENvbW1lcmNpYWwgTGltaXRlZCkxGTAXBgNVBAMMEHd3dy5zdGFy
dHNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCavY8UhEP3
cYL+t/W+sQSVom5z0jFWKOxmUyg4u0Ey1Zc2lBTML7NADPJyzlNVoBn2oZzeucih
6aR2iNB4NhRtwVRDKQHTwIDa5N6f3DPprBDCW8DSiAwBXaHGf0khm5GnClU8Om+U
UcDCRcYw5NsMPk4hj2u62oQt1sQuhQAM9l37zhmwymky+oOObgQJvRnTIUH9uGGh
CSk9XW2cuKzygbz+WRkNydBqwTtlARKoT9u4y5C3QSsHaySGBcQSZ1FQZlrJOqTj
Pi7Daj/C6BVZKOhPyYuCh4NGXoyjZJxvxDkYeoG9B1PnAZK397EqrtmpK5a7xTu9
avgQVdo0bzyrAgMBAAGjggUOMIIFCjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYw
FAYIKwYBBQUHAwIGCCsGAQUFBwMBMAkGA1UdEwQCMAAwHQYDVR0OBBYEFO2KA6Ca
RysHrH4CI+tKyWacQEH0MB8GA1UdIwQYMBaAFA7YDdJmHatytollS2Q9fhgn1Ize
MG8GCCsGAQUFBwEBBGMwYTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3Auc3RhcnRz
c2wuY29tMDkGCCsGAQUFBzAChi1odHRwOi8vYWlhLnN0YXJ0c3NsLmNvbS9jZXJ0
cy9zY2Euc2VydmVyNC5jcnQwOAYDVR0fBDEwLzAtoCugKYYnaHR0cDovL2NybC5z
dGFydHNzbC5jb20vc2NhLXNlcnZlcjQuY3JsMIIBFAYDVR0RBIIBCzCCAQeCEHd3
dy5zdGFydHNzbC5jb22CEnd3dy5zdGFydGNvbWNhLmNvbYIQd3d3LnN0YXJ0c3Ns
Lm5ldIIQd3d3LnN0YXJ0c3NsLm9yZ4IQd3d3LnN0YXJ0cGtpLmNvbYIUd3d3LnN0
YXJ0ZW5jcnlwdC5jb22CDHN0YXJ0c3NsLmNvbYIOc3RhcnRjb21jYS5jb22CDHN0
YXJ0c3NsLm5ldIIMc3RhcnRzc2wub3JnggxzdGFydHBraS5jb22CEHN0YXJ0ZW5j
cnlwdC5jb22CEWF1dGguc3RhcnRzc2wuY29tghBhcGkuc3RhcnRzc2wuY29tghRh
cGl0ZXN0LnN0YXJ0c3NsLmNvbTAjBgNVHRIEHDAahhhodHRwOi8vd3d3LnN0YXJ0
c3NsLmNvbS8wawYDVR0gBGQwYjALBgkrBgEEAYG1NwIwDQYLKwYBBAGBtTcBAQEw
BwYFZ4EMAQEwOwYLKwYBBAGBtTcBAgUwLDAqBggrBgEFBQcCARYeaHR0cDovL3d3
dy5zdGFydHNzbC5jb20vcG9saWN5MIICNwYKKwYBBAHWeQIEAgSCAicEggIjAiEB
LwCsO5rtf6lnR1cVnm19V1Zy+dmBAJQem97/7KExO3V4LQAAAVRbMO1ZAAAEAQEA
ZcP6IJcebXW3cs3BNj621tLzDNBd/P9dl7O1qGXbraK7imMz3CJeUMxXpN4v0ClF
inI9GHjvhErdNy0mmFqobFAbFZ2XsmaFV2G8XDFoulGuhzp3v/tx1XJDrKHVVHiV
lX40qonNNBvL2aJTFFo/cHsAgXiKAM3vQcNCSwrhf1iWONxoiGl6j6Gg2d5yTOas
qF2IweHPaZQ/019TSx83vq26KxwASOrhKMipu1NjVSCAGB4cbNCNooGpCuTp8u8q
JN5cdPKvYmesLxo4t8C73eeOlyhLTxZoTM2iBBwrs0jLxUfLUAfAh78f3FYwEs+q
unzsjiomZ04fXPSzsYTplgB2AGj2mPgfZIK+OozuuSgdTPxxUV1nk9RE0QpnrLtP
T/vEAAABVFsw8mUAAAQDAEcwRQIhALGymjncuyLYLhbOwkxgTEsf3s7aTBj0kzpv
eW9fss+EAiAwWCdLOSR+XU6tfGaYUzylaGvT7IyneYbZ7whCFwmMVwB2AO5Lvbd1
zmC64UJpH6vhnmajD35fsHLYgwDEe4l6qP3LAAABVFsw+nAAAAQDAEcwRQIgSX3a
LaCkWvLsMVWVodNUoeDMQK3q2ImtB4izAd4+wnECIQCg45p3NFUjg93nRvS0DsMf
9YJK2PwBxsbudFhZ85exIjANBgkqhkiG9w0BAQsFAAOCAQEALQrlXWPhXz9KQh/1
Fp4NAZNdmaaP25br5OwnZWSnFMFcqM5LyAOnd+vhxFbJVMeLgSZfgpvw3iijrMej
AnSoItcmPIOMgyLGJ29TNoubbj2sha7ScWPGHKitIHvw90IITwvVrMpCdZZe6h/o
WZvBxOQ55C0ATUuNcgKWJhn8c03sW4fSuHnEpQu/4qTxWC0W65GNfn4nwc5lBr9f
KwaiFHmjxL3q4zq+BlpjVqIbsklBsgCszlg7UJ6sGZPqS0uGtyv60VkjU2BE7hKa
Rvplp07HzV8bVS4dRjHw7Ij8NV54ppFu124hnSn8SJr9MuOlh+YUotUSFmOiCyzw
0KKISw==
-----END CERTIFICATE-----

04.png

-----BEGIN CERTIFICATE-----
MIIJFzCCBv+gAwIBAgIJALvMV4ewbtjbMA0GCSqGSIb3DQEBCwUAMIHTMQswCQYD
VQQGEwJFUzEWMBQGA1UECwwNQUMgQ0FNRVJGSVJNQTEbMBkGA1UECgwSQUMgQ2Ft
ZXJmaXJtYSBTLkEuMRIwEAYDVQQFEwlBODI3NDMyODcxSzBJBgNVBAcMQk1hZHJp
ZCAoc2VlIGN1cnJlbnQgYWRkcmVzcyBhdCBodHRwczovL3d3dy5jYW1lcmZpcm1h
LmNvbS9hZGRyZXNzKTEuMCwGA1UEAwwlQ2FtZXJmaXJtYSBDb3Jwb3JhdGUgU2Vy
dmVyIElJIC0gMjAxNTAeFw0xNzA0MDcxMTU5MTlaFw0xOTA0MDcxMTU5MTlaMGAx
CzAJBgNVBAsMAklUMScwJQYDVQQKDB5TVEFSVENPTSBDQSwgU09DSUVEQUQgTElN
SVRBREExGzAZBgNVBAMMEnd3dy5zdGFydGNvbWNhLmNvbTELMAkGA1UEBhMCRVMw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFWsUBw2oixc471CX9zjzm
kMVlSqAEt2yWrWMkQYV587jnYewjxEpqut3zpTFHU7D+IpZhMjQOi0Mc9YHAUw2p
/60L9wSO8rkalMYMzx49kj67c3LwGkvsH/2joCy6aL5VTZdnwb+UvE6ycRxMAoEW
NFj6TNZh+GiLWXnyuhvOa46GsButyUwXnMIjCZxDfYp+GXj4D62hOIUtTxslidqE
ty8JkrXTsofgB0f7kN36z56DVU51rfcihGXcXDJMLg2SS2Z7yxdYC/eZYqhH7rc0
EiXhKYjF4hnhy+d0B8xVnwCHQF+xUtnYGoe30ZmhyXP+tRCwjmfqNTmwiN0qwB/R
AgMBAAGjggReMIIEWjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIFoDAdBgNV
HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFAanwotW1qsZq5KB
DQ3+xip08WcMMIIBgAYKKwYBBAHWeQIEAgSCAXAEggFsAWoAdwCkuQmQtBhYFIe7
E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAVtISG2XAAAEAwBIMEYCIQD9X8x6HSBc
n2z9WlTXtXC+HCBF9U1dAGhOzetem9bWjAIhAJAS+mp8DsJXUujUROwiKmDuRdBU
ig1KoEfo+ofyVClqAHYA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/csA
AAFbSEhutQAABAMARzBFAiEA3L2n8egzrYQ8EnjMSIwIuT5TgtI4lV0gt6uj4uE0
VToCIGDLfL9HCdigiJqCz4fF1mMALsL4BFMjGShY/sD5ET7TAHcA3esdK3oNT6Yg
i4GtgWhwfi6OnQHVXIiNPRHEzbbsvswAAAFbSEhxvgAABAMASDBGAiEA0YKg2oht
m0Wlb9BbHV/B6dloKG0ndpG6FAPGBzs+Ig0CIQCm5E7Y5Iy3V0uOYBIpdStz2oeD
wqrPbp3Qn/SlPofhcjCBgQYIKwYBBQUHAQEEdTBzMEkGCCsGAQUFBzAChj1odHRw
Oi8vd3d3LmNhbWVyZmlybWEuY29tL2NlcnRzL2NhbWVyZmlybWFfY3NlcnZlcmlp
LTIwMTUuY3J0MCYGCCsGAQUFBzABhhpodHRwOi8vb2NzcC5jYW1lcmZpcm1hLmNv
bTCB4gYDVR0jBIHaMIHXgBRj6fDwVgBoZbAhbA5c1xkInQg0ZaGBtKSBsTCBrjEL
MAkGA1UEBhMCRVUxQzBBBgNVBAcTOk1hZHJpZCAoc2VlIGN1cnJlbnQgYWRkcmVz
cyBhdCB3d3cuY2FtZXJmaXJtYS5jb20vYWRkcmVzcykxEjAQBgNVBAUTCUE4Mjc0
MzI4NzEbMBkGA1UEChMSQUMgQ2FtZXJmaXJtYSBTLkEuMSkwJwYDVQQDEyBDaGFt
YmVycyBvZiBDb21tZXJjZSBSb290IC0gMjAwOIIIYh/zHEiboTYwgYkGA1UdHwSB
gTB/MD2gO6A5hjdodHRwOi8vY3JsLmNhbWVyZmlybWEuY29tL2NhbWVyZmlybWFf
Y3NlcnZlcmlpLTIwMTUuY3JsMD6gPKA6hjhodHRwOi8vY3JsMS5jYW1lcmZpcm1h
LmNvbS9jYW1lcmZpcm1hX2NzZXJ2ZXJpaS0yMDE1LmNybDAxBgNVHREEKjAoghJ3
d3cuc3RhcnRjb21jYS5jb22CEnd3dy5zdGFydGNvbWNhLmNvbTBQBgNVHSAESTBH
MDsGDCsGAQQBgYcuCgsCATArMCkGCCsGAQUFBwIBFh1odHRwczovL3BvbGljeS5j
YW1lcmZpcm1hLmNvbTAIBgZngQwBAgIwDQYJKoZIhvcNAQELBQADggIBAC1mEYM3
u7GCG4N1MpV9/7EoVlsl3SNbif9Q2bixjPgiAExs1t1gCixOswQpnX7rrwHl+1yb
MpzW7IvQZeA+Cfpv3ARH7dzS8MCAHs3m1ULSynEHXKzJd8qwFaoHPJXokseCQrua
9RvvfmDkMww+EmnXzvyyC7aA5vZTz5z3I/aUEPfYtQ4L+9/M6B4I2K5vx4ltGs2t
SFTPdqhPux0wIAWcG/MOaYczvOaBdvFSa+nniUicuc9uYm/ZniBf4k+G1630JhY0
A3N7J2pqrFDU4H51QW4GHyDRn+V4zdWaEmXDMdz4FYqf2QW41rgAPSMnIrw2CiSS
FuNcF8bac6BGFpTGVJsjAbMKlcQbiqRmB9656cFHc8xHvxhEuL5dXaLfDfyqd2h9
0o2xtxrbPSSEVYSs1TtYucGb/8iaYqs52tn39s5/aKl1VUI0eWG4KnxaQmQy/ZH3
YQ0Gr8wpo1a0JjrA7yM26mKiYcQNvew3IeXqBZFMEiEHv2GrzNUcRjMH+8+V1zV3
A2t3egyxhiV/GZlSEz+IBWsacppvDeJCzJjYzgXf6KlUREmc2hhrMn9lmCDcquva
q9nWTQxALJ8xeJCNKzFCoHU6rdyVrbUlyrzmvd8LF6TNVuzNDrfJR+TqprpKqOFU
05Ad9y0+2ZzMsg/M0Z20ZKCe9fjAqu6qTTsJ
-----END CERTIFICATE-----

05.png

下面动手操作如何把 https://www.startcomca.com 的访问效果变为有绿色地址栏。

1、进入“证书管理器”(certmgr.msc,Windows 10系统优先选择 certlm.msc),在“受信任的根证书颁发机构”中找到证书“Chambers of Commerce Root - 2008”(如果没有该证书,在系统未开启“关闭自动根证书更新”(系统默认值)的前提下,可访问 https://www.startcomca.com,系统会自动装载根证书“Chambers of Commerce Root - 2008”);

2、打开证书,选择“详细信息”标签卡,“编辑属性”;

06.png

3、“扩展的验证”标签卡;

07.png

4、添加EV策略对象标识符(EV Policy OID):“2.23.140.1.2.2”;

08.png

5、确定,退出证书属性编辑窗口;

6、再次访问 https://www.startcomca.com 即可见绿色地址栏效果。

09.png

后记:笔者对数字证书的应用研究还很浅显,班门弄斧总是不好的,故本文不涉及EV数字证书(Class 4)技术规范、应用原理,只是介绍大家一个方法,对于部分可实现绿色地址栏效果的站点如果未出现绿色地址栏该如何做;为何需添加OID:2.23.140.1.2.2,其它的数值可不可以,笔者也非常希望和大家交流,也期待大牛不吝赐教。

P.S. 本例中,关闭绿色地址栏效果的方法就是:删除“Chambers of Commerce Root - 2008”EV Policy OID:“2.23.140.1.2.2”。
举报 使用道具
| 回复

共 2 个关于如何手工开启/关闭浏览器访问部署有SSL证书站点时的绿色地址栏效果?的回复 最后回复于 2017-4-18 14:12

ikimi 版主 发表于 2017-4-13 22:11:54 | 显示全部楼层
写了一个小程序,添加相应OID,用以实现绿色地址栏效果,无需再手工添加
http://vdisk.weibo.com/s/sUMrV7uWcyfh
举报 使用道具
WS_Daniel 版主 发表于 2017-4-18 14:12:09 | 显示全部楼层
不错。
举报 使用道具
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

发新帖

版块推荐百宝箱

快速回复 返回顶部 返回列表