I'm trying to get a valid secured environment for HTTP communication to behave like normal ones. I'm doing this for a restricted group of users.
There is a hardware server running a web service (nginx). OpenSSL is installed on this machine and I'm using it as a CA as well. I have created the root CA certificate and I have signed a certificate for the web service using it. Then I have provided the root CA certificate to a trusted user (another PC controlled by me) and it was imported to Firefox as a trusted authority.
Almost everything works fine (the HTTPS service is accessible and the warning page doesn't appear), but I get a blue status (the first thing in the address bar, before https://… ) of the service stating:
Youy are connected to
example.com
which is run by
(unknown)
Verified by: MyCA Company
Other world-wide known HTTPS sites like addons.mozilla.com, for example, show a green status and they don't have this (unknown) piece of data. They have there the company name and location.
Is it possible to get a custom private secured environemt behave like a normal one and be green? If yes, what should be done in order to get this (client-side? server-side?) ?
As a side-effect question: where could I learn about PKI, SSL, an all this stuff from 0 to advanced? or maybe there are some good books related to this?
Thank you in advance for any help and answers.
Best Answer
You can't—that's pretty much the reasoning behind the EV certificates (those that make the location bar go green). You'd practically have to patch your browser or hack some EV-CAs private key.
I've found a thread on the OpenSSL mailing list that explains the problem; you might also want to look at the Wikipedia article about what all this extended validation stuff is.
As for your side question: The whole PKI and SSL stuff is hideously complex. I've found an article that explains some of the theory behind building your own PKI, but this is far from being a nice "from zero to advanced" tutorial. Then there is of course RFC 5280, but this makes for some very heavy reading. But at least it's the official standard, for what it's worth.