Paypal certificate weirdness

I was about to login to Paypal, but I noticed the browser didn't display the secure icon for EV-SSL certificates, and I was pretty sure it used an EV cert, so I looked it up to be sure and found an article from back in 2008 and it already used EV back then:
https://www.networkworld.com/news/2008/051908-paypal-flaw-raises-questions-about.html
I checked the URL with SSL labs and it gives mixed analysis:
https://www.ssllabs.com/ssltest/analyze.html?d=https://www.paypal.com

I wonder if it just some mistake from IT or if something more is going on..

 

This is what i get

 

Hi BoerenkoolMetWorst and CloneRanger,

Has it anything to do with the recent Root Certificates Update?
https://www.wilderssecurity.com/showthread.php?t=347512

Just a wild guess; I don't know; brain-cells at the moment, you know...

 

What browser were you using? Are you going directly to Paypal or is a site sending you there? If so which site? When I buy from some sites it sometimes fails to show the Green EV padlock icon in Firefox. The reason it happened for me is because an image from the site I was buying from wasn't https on the Paypal page. A quick fix was to block images from that site until I was done with paypal.

An example is to go to Home Depot, put anything in your cart, click checkout now and then checkout with paypal and you'll see what I mean. No secure icon but if you click the icon and click "more information" then click the media tab you will the the non-https image. Highlight it by clicking it and then check the box below that says block images from wxw.homedepot.c0m. Close the small window and reload the page and now it shows as secure.

 

I have it both being sent from a site and by going to paypal.com directly and with both IE and FF. Firefox addon Perspectives shows 2 different certificates reported by the servers. If I check with AdblockPlus Show blockable content option(not sure if wording is correct as I use a localized non-english version) it only shows https content, no http content and IE doesn't report mixed content either.

 

Blockable content is correct. I thought mixed content may be the easy answer but it's not in your case. At this point I'm afraid I'm in over my head. I do see two certificates when I click the globe or padlock. One is a public primary certificate authority and the other is an extended EV SSL.