This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Talk:South Florida
Random Musings
EV SSL and Intranet Zone Testing
I won't get into the political debate about why pay for an EV SSL here, I will just simply provide some info in case anyone else finds it useful.
In most cases the EV Green Bar will not show if testing an EV SSL certificate on a website within the Intranet using IE 7 on Windows XP. This happens because in IE 7 either the Phishing Filter or the "Check for server certificate revocation" needs to be enabled. By default, in Windows XP, the Phishing Filter is enabled for the Internet zone and the "Check for server certificate revocation" is disabled. Even though the Phishing Filter is set to Enabled in the Advanced tab of the Internet properties, the default setting for the "Local intranet" zone is set to Disable the Phishing Filter. To view EV Green Bar for an Intranet site either the Phishing Filter for the "Local intranet" zone or the "Check for server certificate revocation" setting in the Advanced tab of the Internet properties needs to be enabled. In Windows Vista the "Check for server certificate revocation" is enabled by default.
- Castor Morales [x MIA-FTL Co-chair]