QuoVadis root SSL certificates causing issues for Android 4.x users
- Product: campusM
Description
QuoVadis are issuing all new SSL certificates with an SSL root certificate of "QuoVadis Root CA 2 G3". This certificate is not trusted by Android 4.4 (Kit Kat) and below and results in either the inability for these devices from accessing services signed by the QuoVadis Root CA 2 G3 certificate.
This impacts campusM, preventing users from authenticating their app (if the certificate is used to sign services on the campusM Connect Layer) or the inability to access external services through the app (for example Moodle) where this service is signed using this SSL Certificate.
This could be an issue for UK universities as QuoVadis are SSL certificate providers for JISC, who issue them to universities free of charge as part of their network services.
Impact
campusM users will be affected by the limitations of this certificate, where the end user is using a device with Android 4.4 or below as the Operating System (OS).
- If the QuoVadis Root CA 2 G3 certificate is being used as the SSL root certificate on the campusM Connect Layer (CCL), this will prevent users from accessing the CCL and stopping them from authenticating their sessions.
- Where the QuoVadis Root CA 2 G3 certificate is used for other on-campus or 3rd party services that have been linked to or integrated with campusM (for example Moodle), these will also fail to load.
Resolution
Replace the QuoVadis Root CA 2 G3 SSL certificate with an alternative that supports Android 4.X.
How to check a sites Certificate
Chrome
- Go to the site you want to check (for example, https://qvsslrca2g3-ev-v.quovadisglobal.com/)
- Browse to the Chrome developer console (https://developer.chrome.com/devtools)
- Click on the ‘Security’ tab.
- You should see the "View Certificate" button, which will allow you to browse the certification path
If you see "QuoVadis Root CA 2 G3" at the root, then the site is certified by the QuoVadis SSL root certificate that will cause issues for Android 4.X.
Firefox
- Go to the site you want to check (for example, https://qvsslrca2g3-ev-v.quovadisglobal.com/)
- Click on the padlock icon next to the URL in the address bar
- Click the ">" to "More Information" - "Security"
- Click "View Certificate" then "Details", which will allow you to browse the certification path
If you see "QuoVadis Root CA 2 G3" at the root, then the site is certified by the QuoVadis SSL root certificate that will cause issues for Android 4.X.
Internet Explorer
- Go to the site you want to check (for example, https://qvsslrca2g3-ev-v.quovadisglobal.com/)
- Click on the padlock icon next to the URL in the address bar
If you see "QuoVadis Root CA 2 G3" at the root, then the site is certified by the QuoVadis SSL root certificate that will cause issues for Android 4.X.
- Article last edited: 25-Sep-2017