RESOLVED: QMplus certificate issue - affecting access for Mac users

RESOLVED: QMplus certificate issue - affecting access for Mac users

by Site Administrator (QMplus) -
Number of replies: 0

Monday, 18th January 2021

ITS has resolved this issue...

https://www.its.qmul.ac.uk/service-status/resolved/incidents/title-868080-en.html


-----------

We have become aware of a QMplus access issue affecting Mac computers when the most recent version of Chrome (87.0.4280.141) is being used. Should you be using a Mac computer, please use an alternative browser in the interim, until this issue is fixed. 

Apologies for any disruption caused. 


---------------------------------------------------------------------------------------------------------------

It has been brought to our attention that many certificates issued via the old version of the Jisc Certificate Service (provided by Digicert/QuoVadis) are, as of last night, showing browser errors due to revocation of the issuing intermediate certificate. This is due to Digicert revoking an old version of the intermediate (not the certificates themselves).

To fix this issue, you will need to update the certificate chain your webserver is presenting to include the new version of the intermediate that actually issued your certificate, these can be found here:

http://trust.quovadisglobal.com/qvsslg2.crt

http://trust.quovadisglobal.com/qvsslg3.crt

To be clear: you do not need to replace the certificate itself.

Note: if you're not sure which to use, if you use https://crt.sh to query for your affected certificate, e.g. (www.example.com), identify your certificate in the list, and look at the issuer name and see if it ends in G2 or G3 - and then choose the new intermediate accordingly and update the chain configured in your web server.

This issue is affecting many people worldwide, beyond the Jisc Certificate Service. We apologise for any issues this has caused our members, but Jisc was not made aware of the change in issuing intermediate by our old supplier and was not warned about the revocation of the old version. This kind of issue should be minimised/disappear with the new Jisc Certificate Service, provided by Sectigo.