How do I Install My AdminID in Trust/Link Client Dev Environment

Problem

How do I Install My AdminID in Trust/Link Client Dev Environment?
 
I receive the following error when trying to install my AdminID in Trust/Link Client Dev: "Error installing certificate. Error description = CertEnroll::CX509Enrollment::InstallResponse: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider."

Resolution

The CA that issues certificates in our development environment is not a trusted CA.  As a security feature, your computer will not allow CertEnroll to install a certificate that chains to a root that it does not trust.  In order to use the Trust/Link Client Dev Environment, you must trust the QuoVadis No Reliance Root CA G2.  This article will describe the steps to install this and assumes you are doing this on a Windows operating system.
 
Important Note: These instructions ONLY apply to the development instance of Trust/Link and not to the production environment.  If you have any issues or questions, please contact QuoVadis Support.
Additional Note: These instructions will only work with Internet Explorer, Microsoft Edge and Google Chrome installed on Windows.  If you use Mozilla Firefox as your primary browser (or potentially other browsers), then these instructions should be followed but will not work as these other browser types contain their own certificate store and are independent of the Microsoft Certificate Store.
 
  1. Obtain the QuoVadis No Reliance Root CA G2 root certificate from http://trust.quovadisglobal.com/qvnrcag2.crt.
  2. Open up Run on your computer (Windows 7 is usually Start > Run; in Windows 10, you must right-click the Start button and select Run).
  3. Type in MMC into the Open: field and click OK.The Console1 window will appear.
  4. Click on File at the top and then select Add/Remove Snap-in...  Alternatively, you can press Ctrl + M.
  5. In the new window, select Certificates from the Available snap-ins: section and click on the Add > button in the middle. This will open a new window where you will be given 3 options for which account you want the certificates snap-in to manage.
  6. Select the Computer account radio button and click on the Next button.
  7. At the next screen (where it has Local computer selected), click on the Finish button.
  8. Back in the Add or Remove Snap-ins window, click on the OK button.
  9. You should be back in the Console1 window.  You will see that the Certificates (Local Computer) has been added on the left-hand pane.
  10. Click on the "+" sign or ">" symbol next to Certificates (Local Computer) to expand it.
  11. Locate and expand the Trusted Root Certification Authorities store and then click on the Certificates folder underneath it.
  12. In the right-hand pane, you should see a list of certificates.
  13. Right-click on the Certificates folder underneath the Trusted Root Certification Authorities folder and in the drop-down menu, select All Tasks and then click on Import.
  14. The Certificate Import Wizard will appear.  At the welcome screen, click on the Next button.
  15. You must specify the file to import.  Click on the Browse... button and find and select the QuoVadis No Reliance Root CA G2 certificate file that you downloaded in step 1 of this guide.  Once selected, it should appear in the File name: field.  Click on the Next button.
  16. On the next screen, the option for Place all certificates in the following store should be selected by default and in the Certificate store: field should be Trusted Root Certification Authorities.  Click on the Next button.
  17. At the summary screen, click on the Finish button.
  18. The QuoVadis No Reliance Root CA G2 should appear in the right-hand pane list (which is sorted alphabetically).
After you have done this, you can close the Console 1 window. When it asks if you wish to Save console settings to Console1, select No.
 
You should now attempt or retry to install your AdminID for access to the Development version of Trust/Link.

Add Feedback