Solution
Most websites that allow client authentication using QuoVadis digital
certificates use the QuoVadis Issuing Certification Authority 2 as the
intermediate certificate.
With the expiration of this certificate, certificates that were once
issued out of this sub CA will be issued out of the QuoVadis Issuing CA
G3.
In order to allow these new certificates access using client
authentication, the QuoVadis Issuing CA G3 must be installed on the
Windows server that contains website at the computer account level. The
steps required to do this are outlined below.
First you must open the Microsoft Management Console.
- Click on Start and then Run.
- In the Run window, type MMC in the Open: field and click on OK.
- The Console1 window will appear.
- Click on File at the top and then select Add/Remove Snap-in... Alternatively, you can press Ctrl + M.
- In the new window, click on the Add... button at the bottom. This will open a third window.
- Scroll down in the Add Standalone Snap-in window and find the Certificates component. Once found, highlight it and click on the Add button at the bottom. Alternatively, you can double-click on Certificates.
In a new window, you will be given 3 options for which account you want the certificates snap-in to manage.
- Select the Computer account radio button and click on the Next button.
- At the next screen, click on the Finish button.
- Back in the Add Standalone Snap-in window, click on the Close button.
- Click on the OK button in the Add/Remove Snap-in window.
You should be back in the Console1 window. You will see that the Certificates (Local Computer) has been added on the left hand pane.
- Click on the "+" sign next to Certificates (Local Computer) to expand it.
- Locate and expand the Intermediate Certification Authorities store and then click on the Certificates folder underneath it.
In the right hand pane, you should see a list of certificates.
- Download the QuoVadis Issuing CA G3 and place it on the server.
- Right-click on the Certificates folder underneath the Intermediate Certification Authorities folder and in the drop-down menu, select All Tasks and then click on Import.
- The Certificate Import Wizard will appear. At the welcome screen, click on the Next button.
- You must specify the file to import. Click on the Browse... button and find and select the QuoVadis Issuing CA G3 certificate that you downloaded onto your server. Once selected, it should appear in the File name: field. Click on the Next button.
- On the next screen, the option for Place all certificates in the following store should be selected by default and in the Certificate store: field should be Intermediate Certification Authorities. Click on the Next button.
- At the summary screen, click on the Finish button.
You should get a message that reads, "The import was successful."
If your server previously trusted QuoVadis certificates issued out of
QuoVadis Issuing Certification Authority 2, then you should not need to
further edit your Trust List as both sub CAs are issued out of the
QuoVadis Root Certification Authority.