I would like to deploy certificates to my internal servers that bear Extended Validation. Through domain policy, I am able to push my own root certificates to the Trusted Root Certification Authority store in the PCs that I manage. In doing so, the certificates signed by my private key appear to be valid and trusted to my internal users when viewing my internal servers.
Obviously, my root certificate is not going to be included in standard browser installations, so your average web user is not going to trust my certificates. They don't have access to my internal network, so they have no reason to anyway.
Still, what I'm wondering.. with my root certificate imported into the browsers TRCA store, is it possible for me to sign certificates bearing the necessary attributes to make them appear to the user as an Extended Validation Certificate? I typically use the OpenSSL commands to generate my keys, CSRs and certificates. How might I go about this?