diff --git a/security/manager/ssl/tests/unit/test_ev_certs.js b/security/manager/ssl/tests/unit/test_ev_certs.js
index 0254f16b9c2..fdd685c38cf 100644
--- a/security/manager/ssl/tests/unit/test_ev_certs.js
+++ b/security/manager/ssl/tests/unit/test_ev_certs.js
@@ -18,6 +18,8 @@ let certList = [
   // Test for successful EV validation
   'int-ev-valid',
   'ev-valid',
+  'no-ocsp-url-cert', // a cert signed by the EV auth that has no OCSP url
+                      // but that contains a valid CRLDP.
 
   // Testing a root that looks like EV but is not EV enabled
   'int-non-ev-root',
@@ -34,10 +36,10 @@ var gOCSPResponseCounter = 0;
 
 function start_ocsp_responder() {
   const SERVER_PORT = 8888;
-
   gHttpServer = new HttpServer();
   gHttpServer.registerPrefixHandler("/",
       function handleServerCallback(aRequest, aResponse) {
+        do_check_neq(aRequest.host, "crl.example.com"); // No CRL checks
         let cert_nick = aRequest.path.slice(1, aRequest.path.length - 1);
         do_print("Generating ocsp response for '" + cert_nick + "'");
         aResponse.setStatusLine(aRequest.httpVersion, 200, "OK");
@@ -55,6 +57,7 @@ function start_ocsp_responder() {
         gOCSPResponseCounter++;
       });
   gHttpServer.identity.setPrimary("http", "www.example.com", SERVER_PORT);
+  gHttpServer.identity.add("http", "crl.example.com", SERVER_PORT);
   gHttpServer.start(SERVER_PORT);
 }
 
@@ -91,7 +94,9 @@ function run_test() {
   load_ca("non-evroot-ca");
 
   // setup and start ocsp responder
-  Services.prefs.setCharPref("network.dns.localDomains", 'www.example.com');
+  Services.prefs.setCharPref("network.dns.localDomains",
+                             'www.example.com, crl.example.com');
+
   start_ocsp_responder();
 
   run_next_test();
@@ -108,6 +113,11 @@ add_test(function() {
   run_next_test();
 });
 
+add_test(function() {
+  check_ee_for_ev("no-ocsp-url-cert", false);
+  run_next_test();
+});
+
 // Test for bug 917380
 add_test(function () {
   const nsIX509Cert = Ci.nsIX509Cert;
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cert8.db b/security/manager/ssl/tests/unit/test_ev_certs/cert8.db
index 8e1c66104fb..4ed96b98208 100644
Binary files a/security/manager/ssl/tests/unit/test_ev_certs/cert8.db and b/security/manager/ssl/tests/unit/test_ev_certs/cert8.db differ
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/ev-valid.der b/security/manager/ssl/tests/unit/test_ev_certs/ev-valid.der
index dee326cf10c..02d7aa80b10 100644
Binary files a/security/manager/ssl/tests/unit/test_ev_certs/ev-valid.der and b/security/manager/ssl/tests/unit/test_ev_certs/ev-valid.der differ
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/generate.py b/security/manager/ssl/tests/unit/test_ev_certs/generate.py
index 4e53f301faa..d640b7803b1 100755
--- a/security/manager/ssl/tests/unit/test_ev_certs/generate.py
+++ b/security/manager/ssl/tests/unit/test_ev_certs/generate.py
@@ -31,9 +31,9 @@ subject_key_ident = "subjectKeyIdentifier = hash\n"
 aia_prefix = "authorityInfoAccess = OCSP;URI:http://www.example.com:8888/"
 aia_suffix ="/\n"
 intermediate_crl = ("crlDistributionPoints = " +
-                    "URI:http://crl.example.com/root-ev.crl\n")
+                    "URI:http://crl.example.com:8888/root-ev.crl\n")
 endentity_crl = ("crlDistributionPoints = " +
-                 "URI:http://crl.example.com/ee-crl.crl\n")
+                 "URI:http://crl.example.com:8888/ee-crl.crl\n")
 
 mozilla_testing_ev_policy = ("certificatePolicies = @v3_ca_ev_cp\n\n" +
                              "[ v3_ca_ev_cp ]\n" +
@@ -93,6 +93,22 @@ def generate_certs():
                                          "int-" + prefix)
     import_cert_and_pkcs12(int_cert, pk12file, "int-" + prefix, ",,")
     import_untrusted_cert(ee_cert, prefix)
+
+    # now we generate an end entity cert with an AIA with no OCSP URL
+    no_ocsp_url_ext_aia = ("authorityInfoAccess =" +
+                           "caIssuers;URI:http://www.example.com/ca.html\n");
+    [no_ocsp_key, no_ocsp_cert] =  CertUtils.generate_cert_generic(db,
+                                      srcdir,
+                                      random.randint(100, 40000000),
+                                      key_type,
+                                      'no-ocsp-url-cert',
+                                      EE_basic_constraints + EE_full_ku +
+                                      Server_eku + authority_key_ident +
+                                      no_ocsp_url_ext_aia + endentity_crl +
+                                      mozilla_testing_ev_policy,
+                                      int_key, int_cert);
+    import_untrusted_cert(no_ocsp_cert, 'no-ocsp-url-cert');
+
     [bad_ca_key, bad_ca_cert] = CertUtils.generate_cert_generic( db,
                                       srcdir,
                                       1,
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/int-ev-valid.der b/security/manager/ssl/tests/unit/test_ev_certs/int-ev-valid.der
index 9c0326f80cf..b2bd73d86a9 100644
Binary files a/security/manager/ssl/tests/unit/test_ev_certs/int-ev-valid.der and b/security/manager/ssl/tests/unit/test_ev_certs/int-ev-valid.der differ
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/int-ev-valid.p12 b/security/manager/ssl/tests/unit/test_ev_certs/int-ev-valid.p12
index 85b53836e0a..b7ed643442f 100644
Binary files a/security/manager/ssl/tests/unit/test_ev_certs/int-ev-valid.p12 and b/security/manager/ssl/tests/unit/test_ev_certs/int-ev-valid.p12 differ
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/int-non-ev-root.der b/security/manager/ssl/tests/unit/test_ev_certs/int-non-ev-root.der
index 701965d58ab..d03e2a56b86 100644
Binary files a/security/manager/ssl/tests/unit/test_ev_certs/int-non-ev-root.der and b/security/manager/ssl/tests/unit/test_ev_certs/int-non-ev-root.der differ
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/int-non-ev-root.p12 b/security/manager/ssl/tests/unit/test_ev_certs/int-non-ev-root.p12
index cfe09d2fc83..801d2841ae7 100644
Binary files a/security/manager/ssl/tests/unit/test_ev_certs/int-non-ev-root.p12 and b/security/manager/ssl/tests/unit/test_ev_certs/int-non-ev-root.p12 differ
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/key3.db b/security/manager/ssl/tests/unit/test_ev_certs/key3.db
index 260c0c35dce..48e7fc98d47 100644
Binary files a/security/manager/ssl/tests/unit/test_ev_certs/key3.db and b/security/manager/ssl/tests/unit/test_ev_certs/key3.db differ
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-url-cert.der b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-url-cert.der
new file mode 100644
index 00000000000..e0a507cff5a
Binary files /dev/null and b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-url-cert.der differ
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root.der b/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root.der
index 7710ddede79..c0680882c56 100644
Binary files a/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root.der and b/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root.der differ
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/non-evroot-ca.der b/security/manager/ssl/tests/unit/test_ev_certs/non-evroot-ca.der
index 7ece52a952d..b6d7b3147b1 100644
Binary files a/security/manager/ssl/tests/unit/test_ev_certs/non-evroot-ca.der and b/security/manager/ssl/tests/unit/test_ev_certs/non-evroot-ca.der differ
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/non-evroot-ca.p12 b/security/manager/ssl/tests/unit/test_ev_certs/non-evroot-ca.p12
index a88d8e725a3..70f46e346b4 100644
Binary files a/security/manager/ssl/tests/unit/test_ev_certs/non-evroot-ca.p12 and b/security/manager/ssl/tests/unit/test_ev_certs/non-evroot-ca.p12 differ