JBear JBear - 9 days ago 6
Apache Configuration Question

Green Bar for Self-Made SSL

So, considering the pricing for SSLs, I chose to try creating my own SSL certificate (still in the works).

Once I get that part done, how to I get the EV and green bar aspect of the certificate set up?

Answer

It can make sense to create your own certificates (and use your own CA) if you're in an environment where your users can import your own CA certificate in a way they can verify it independently. Typically, this works fine on an institution's network where someone installs the extra CA certificate as part of the OS configuration when configuring centrally-administered machines (and similar cases). Under these conditions, this will get you a blue bar without any problem.

Extended Validation certificate (which produce a green bar) rely on two things:

This second point is what will prevent you from doing it yourself. Non-EV certificates is something you could potentially implement on machines under your control using a few extra configuration steps. EV certificates also require that you control the compilation of the browser: this is not going to happen for proprietary browsers such as IE, and it can still be quite a lot of work for open-source browsers (e.g. Firefox/Chromium), since you wouldn't be able to rely on the pre-compiled binaries (and you'd have to recompile it yourself for every new release).