Articles in Root

Share Via Email

How to install the QuoVadis Issuing CA G3 for Client Authentication on IIS 5 or IIS 6?

Solution

Most websites that allow client authentication using QuoVadis digital certificates use the QuoVadis Issuing Certification Authority 2 as the intermediate certificate.
With the expiration of this certificate, certificates that were once issued out of this sub CA will be issued out of the QuoVadis Issuing CA G3.

In order to allow these new certificates access using client authentication, the QuoVadis Issuing CA G3 must be installed on the Windows server that contains website at the computer account level.  The steps required to do this are outlined below.

First you must open the Microsoft Management Console.

  1. Click on Start and then Run.

  2. In the Run window, type MMC in the Open: field and click on OK.

  3. The Console1 window will appear.

  4. Click on File at the top and then select Add/Remove Snap-in...  Alternatively, you can press Ctrl + M.

  5. In the new window, click on the Add... button at the bottom.  This will open a third window.

  6. Scroll down in the Add Standalone Snap-in window and find the Certificates component.  Once found, highlight it and click on the Add button at the bottom.  Alternatively, you can double-click on Certificates.

    7. In a new window, you will be given 3 options for which account you want the certificates snap-in to manage.

  7. Select the Computer account radio button and click on the Next button.

  8. At the next screen, click on the Finish button.

  9. Back in the Add Standalone Snap-in window, click on the Close button.

  10. Click on the OK button in the Add/Remove Snap-in window.

    11. You should be back in the Console1 window.  You will see that the Certificates (Local Computer) has been added on the left hand pane.

  11. Click on the "+" sign next to Certificates (Local Computer) to expand it.

  12. Locate and expand the Intermediate Certification Authorities store and then click on the Certificates folder underneath it.

    13. In the right hand pane, you should see a list of certificates.

  13. Download the QuoVadis Issuing CA G3 and place it on the server.

  14. Right-click on the Certificates folder underneath the Intermediate Certification Authorities folder and in the drop-down menu, select All Tasks and then click on Import.

  15. The Certificate Import Wizard will appear.  At the welcome screen, click on the Next button.

  16. You must specify the file to import.  Click on the Browse... button and find and select the QuoVadis Issuing CA G3 certificate that you downloaded onto your server.  Once selected, it should appear in the File name: field.  Click on the Next button.

  17. On the next screen, the option for Place all certificates in the following store should be selected by default and in the Certificate store: field should be Intermediate Certification Authorities.  Click on the Next button.

  18. At the summary screen, click on the Finish button.

You should get a message that reads, "The import was successful."

If your server previously trusted QuoVadis certificates issued out of QuoVadis Issuing Certification Authority 2, then you should not need to further edit your Trust List as both sub CAs are issued out of the QuoVadis Root Certification Authority.

 

Legal


DigiCert is the world’s premier provider of high-assurance digital certificates—providing trusted SSL, private and managed PKI deployments, and device certificates for the emerging IoT market. Since our founding almost fifteen years ago, we’ve been driven by the idea of finding a better way. A better way to provide authentication on the internet. A better way to tailor solutions to our customer’s needs.

© 2020 DigiCert, Inc. All rights reserved. DigiCert, its logo and CertCentral are registered trademarks of DigiCert, Inc. Norton and the Checkmark Logo are trademarks of NortonLifeLock Inc. used under license. Other names may be trademarks of their respective owners.