Google Chrome EV/CA Fake name?

Hi guys,

Apologies if this is the wrong forum but my query is regarding certs and thought this would be the best area to seek support. It may or may not be related to letsencrypt.

Recently, one of my friend has been asking me about some cert names he saw on a stranger’s laptop using google chrome. As you may know that google chrome doesn’t show cert names/company name (anymore) next to the address bar, which is why he’s curious to know about this.

As you may see in the images, there are random names next to google domains like DE_2, UK, FR_1. (PS: since i’m a new user, i’m allowed to post only 1 image, but hope you get the idea)

If my knowledge isn’t wrong, firstly these aren’t google’s EV/CAs. But more surprisingly, how can some one setup these names next to a domain that of google? Is this even possible? Sorry but this has been troubling my friend for some time now hence thought of posting here.

browser ca 1

1 Like

Can you make screenshots of the certificate information perhaps?

1 Like

That would be a tough one, but i will ask my friend to speak to the guy if he’s willing to share.
If we don’t get that information, what would you infer from this? As in - what is this FR_1 or how was it created? is this supposedly a certificate name? But then, google chrome doesn’t show this.

1 Like

Normally the only way to get information there is with an EV ssl certificate, but chrome got rid of this recently so he might be using an old version of chrome.

Though for someone to put arbitrary text there it would require compiling a custom version of chrome with your certificate authorities OID.

There are too many variables to know anything from just that screenshot and all anyone can do is speculate.

1 Like

Someone could also take a look in a publicly-available dataset of certificates, like via CT or Censys, and try to find one where some field’s value is FR_1. (I don’t personally think this is worth the effort compared to just saving the certificate from Chrome, or maybe asking via the Chrome developer fora.)

1 Like

Thank you for the responses. I will ask my friend to try get hold of the file. Although i strongly believe these are modified certs with ‘custom’ names. But nonetheless, i’ll get back to you.

1 Like

I am curious to know where he downloaded his browser from as well, if the certificate isn’t legitimate. Because that’s the EV field and there is no way to make your own certificate have text there without modifying the browsers source code and compiling it yourself

The main bits are the certificate must have a policy number known to be EV and the certificate’s root’s thumbprint matches a pinned policy identifier making custom names imposible

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.