I am studying SSL and X.509 certificates. I am trying to create a CA certificate from scratch and use it to sign another custom server certificate. Then, I install the CA certificate in the Firefox certificate manager. Everything works fine, and I am even able to connect to the server with my own certificate. But I can't build an EV certificate (i.e. my Firefox address bar stays blue, not green).
So, the question is: can someone please give me a hint which are the distinctive qualities of the EV CA and server certificates that make Firefox trust them?
You can not build an EV certificate. The EV certificate is different from regular certificate by custom extension (policy ID extension), which is placed by existing CAs to their certificates. The browser checks both the extension (whether it is present in the list of policy IDs, known to belong to EV certificates) and the issuer field and they must match. If you try to use policy ID of existing company, I believe the browser won't accept it/.