QuoVadis root SSL certificates causing issues for Android 4.x users

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Product: campusM

Description

QuoVadis are issuing all new SSL certificates with an SSL root certificate of "QuoVadis Root CA 2 G3". This certificate is not trusted by Android 4.4 (Kit Kat) and below and results in either the inability for these devices from accessing services signed by the QuoVadis Root CA 2 G3 certificate.

This impacts campusM, preventing users from authenticating their app (if the certificate is used to sign services on the campusM Connect Layer) or the inability to access external services through the app (for example Moodle) where this service is signed using this SSL Certificate.

This could be an issue for UK universities as QuoVadis are SSL certificate providers for JISC, who issue them to universities free of charge as part of their network services.

Impact

campusM users will be affected by the limitations of this certificate, where the end user is using a device with Android 4.4 or below as the Operating System (OS).

- If the QuoVadis Root CA 2 G3 certificate is being used as the SSL root certificate on the campusM Connect Layer (CCL), this will prevent users from accessing the CCL and stopping them from authenticating their sessions.

- Where the QuoVadis Root CA 2 G3 certificate is used for other on-campus or 3^rd party services that have been linked to or integrated with campusM (for example Moodle), these will also fail to load.

Resolution

Replace the QuoVadis Root CA 2 G3 SSL certificate with an alternative that supports Android 4.X.

How to check a sites Certificate

Chrome

Go to the site you want to check (for example, https://qvsslrca2g3-ev-v.quovadisglobal.com/)
Browse to the Chrome developer console (https://developer.chrome.com/devtools)
Click on the ‘Security’ tab.
You should see the "View Certificate" button, which will allow you to browse the certification path

If you see "QuoVadis Root CA 2 G3" at the root, then the site is certified by the QuoVadis SSL root certificate that will cause issues for Android 4.X.

KitKat Image1.jpg

KitKat Image2.jpg

Firefox

Go to the site you want to check (for example, https://qvsslrca2g3-ev-v.quovadisglobal.com/)
Click on the padlock icon next to the URL in the address bar
Click the ">" to "More Information" - "Security"
Click "View Certificate" then "Details", which will allow you to browse the certification path

If you see "QuoVadis Root CA 2 G3" at the root, then the site is certified by the QuoVadis SSL root certificate that will cause issues for Android 4.X.

Internet Explorer

Go to the site you want to check (for example, https://qvsslrca2g3-ev-v.quovadisglobal.com/)
Click on the padlock icon next to the URL in the address bar

If you see "QuoVadis Root CA 2 G3" at the root, then the site is certified by the QuoVadis SSL root certificate that will cause issues for Android 4.X.

Article last edited: 25-Sep-2017