How to enable SHA256 certificates from QuoVadis Global SSL ICA G2 on Windows Server 2003

Problem

SHA256 SSL certificates issued out of QuoVadis Global SSL ICA G2 do not work on my Windows Server 2003.

Resolution

QuoVadis SSL certificates are now being issued using the SHA256 algorithm in line with Microsoft's requirements.  This means that you are now required to install the updated QuoVadis Global SSL ICA G2 intermediate certificate on your server.  Previously, you needed the QuoVadis Global SSL ICA intermediate which is a SHA1-based certificates. More information on this can be found on our Installing SSL page.


Though support for SHA256 is not included in Windows Server 2003 Service Pack 2 by default, it is available for download as a hotfix in KB 938397 (http://support.microsoft.com/kb/938397).


KB 938397 is not available via Windows Update and needs to be requested via the “View and request hotfix downloads” link on the support page. Please note that KB 938397 is also offered for Windows Server 2003 Service Pack 1.


Important Note: This hotfix appears to restart your server without a prompt. If you are installing this hotfix on a production server, it is highly recommended that you install this hotfix out of hours or during a maintenance window.


More information can be found in the Microsoft Blog found at http://blogs.technet.com/b/pki/archive/2010/09/30/sha2-and-windows.aspx.

Add Feedback