Chema, Mozilla is moving towards only using the CA/Browser Forum EV Policy OID, rather than CA-specific EV Policy OIDs. However, this CCADB Root Inclusion Case said to use 1.3.6.1.4.1.13177.10.1.3.10 as the EV Policy OID. I ran https://tls-observatory.services.mozilla.com/static/ev-checker.html with the new cert and https://www.firmaprofesional.com and EV Policy OID 2.23.140.1.1 And it returned: ev-checker exited successfully: Success! So I will update the root inclusion Case in the CCADB to have the EV Policy OID 2.23.140.1.1. Please confirm that the CAB Forum EV OID (2.23.140.1.1) will always be the first EV OID found in the certificatePolicies extension of the end-entity certificate, as per https://wiki.mozilla.org/CA/EV_Processing_for_CAs#First_OID.
Bug 1741932 Comment 1 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
Chema, Mozilla is moving towards only using the CA/Browser Forum EV Policy OID, rather than CA-specific EV Policy OIDs. However, this CCADB Root Inclusion Case said to use 1.3.6.1.4.1.13177.10.1.3.10 as the EV Policy OID. I ran https://tls-observatory.services.mozilla.com/static/ev-checker.html with the new cert and https://testsslev2021.firmaprofesional.com and EV Policy OID 2.23.140.1.1 And it returned: ev-checker exited successfully: Success! So I will update the root inclusion Case in the CCADB to have the EV Policy OID 2.23.140.1.1. Please confirm that the CAB Forum EV OID (2.23.140.1.1) will always be the first EV OID found in the certificatePolicies extension of the end-entity certificate, as per https://wiki.mozilla.org/CA/EV_Processing_for_CAs#First_OID.