[Skip navigation links]

QV TrustLink

What is the purpose of the shared secret question (and answer)?
In QuoVadis TrustLink, in order to obtain your AdminID (digital certificate) to access TrustLink, you need to supply a shared secret answer. The shared secret answer is either a passphrase given to you by AusCERT's Primary Administrator; or it can be an answer to a shared question and shared answer that you give to AusCERT. You will need to remember the shared answer (or keep the shared secret passphrase secure by other means) for future reference in case you lose your AdminID, or if it is compromised, and you need your current AdminID to be revoked and a new AdminID to be issued.
Therefore, please keep the shared secret somewhere safe for future reference. If you ask AusCERT to change your AdminID you will need to provide the shared secret passphrase, or shared secret answer to prove your identity. For further information on this topic, see the QuoVadis Knowledge Base. Top
What is an AdminID?
An AdminID is the name QuoVadis gives to the special digital certificate that Administrators use to access the QuoVadis TrustLink portal. You will not be able to access TrustLink without it. If you lose your AdminID, or it gets compromised, you will need to contact AusCERT's Primary Administrator to revoke the AdminID to obtain a new one. Before AusCERT can issue you with a new AdminID, you will need to supply your shared secret passphrase or shared secret answer to prove your identity.  
I have a Windows operating system. What browsers can I use to access TrustLink with my AdminID?
The instructions in the QV Knowledge Base article and  QV TrustLink Admin Guide (pages 17-20) to install the AdminID are for Windows Internet Explorer, but you can generate the key pair for your AdminID on other browsers for Windows such as Firefox and Safari. Chrome is not supported. It is important that you download and install the AdminID on the same browser on the same computer that used to generate your AdminID keypair and which you plan to access TrustLink in future. (If you plan to use a different browser to the one you used to generate the keypair to access TrustLink, then it is important you make the private key "exportable" when setting the key pair up in Windows, so you can export it later, as required).  Top
I use a Mac. Can I access TrustLink with my AdminID on a Mac?
Yes. First use Safari on Mac to generate the AdminID keypair. This will load the AdminID into the Keychain Access.  Once you have done that, then you will need to set up an Identity Preference for TrustLink.  In order to do this, follow the instructions in the QuoVadis Knowledge Base article.   Once the Identity Preference is set up, you should be able to use Safari on Mac to access TrustLink. 
If you wish to use Firefox on Mac, then you can generate the AdminID directly within Firefox.  Please note however that as Firefox and Safari use different stores for certificates, you will not be able to switch between the two unless you export the AdminID from one and import into the other. Chrome is not supported on Mac as it cannot handle certificate installation.
I use Chrome on Linux. Can I access TrustLink with my AdminID on my Linux box?
No. TrustLink no longer supports direct certificate installation on Google Chrome when installed on Linux.  Top
I use Firefox on Linux. Can I access TrustLink with my AdminID on my Linux box?
Yes. TrustLink supports direct certificate installation into Firefox when installed on Linux, by generating the keypair in the built-in Firefox certificate store. The QuoVadis Knowledge Base article may assist.  Although, the article doesn't have a section on Linux yet, the installation process is generally the same except instead of "Options", look for "Preferences". It is also possible to import a PKCS#12 file into Firefox (assuming you have a private key/certificate that is marked as "exportable"). Top
How do I add, remove or change the contact details for an Administrator in TrustLink?
During the transition arrangements, AusCERTwill enroll all existing RAOs and DRAOs for your organisation which are in the CSM into TrustLink.

If you wish to make changes to the Administrators who are enrolled in TrustLink then the Sub-LRAO for your organisation needs to complete and sign the Agent Administrator Form and send it to AusCERT AusCERT CS.  AusCERT will then action the request. The Sub-LRAO is the person who is authorised within your organisation to request changes to the Administrators for your organisation's TrustLink account.  If you are unsure who the Sub-LRAO is please telephone AusCERT membership or send an email to cs@auscert.org.au.  Top

I have created and installed my AdminID but I can't login to "Administrator" on TrustLink. What should I do?
In this situation please telephone the Primary Administrator for the AusCERT Certificate Service, who will be able to revoke your existing certificate and send a new invitation to generate a new AdminID. Before contacting AusCERT by telephone please have your shared secret answer ready to prove your identity. Before generating and installing the new certificate, it is recommended you delete the revoked certificate from the browser; and review the FAQs for installing the AdminID above. Top
Why doesn't the "Generate Certificate" link doesn't contain any policy templates to request a certificate?
The "Generate Certificate" link is a feature that is not enabled for your TrustLink account. QV recommends against using this feature, which is only intended for end-user certificates (not SSL certificates). As an Administrator, if you want to generate a SSL certificate request, click on the "Invite Subscriber" link and create a Subscriber account for yourself. Log in to the Subscriber account by clicking the "Subscriber" button on the TrustLink portal and then complete the certificate request form, include the CSR and submit. For more details about requesting SSL certificates refer to the QV TrustLink Subscriber Guide.  An email notification will then be sent to all the Administrators in your organisation notifying them that there is a new certificate request awaiting review and approval. You (as the Administrator) or any one of the other Administrators can review, modify, approve or reject the request. Top
How do I manage the Subscribers and the SSL certificates they have been issued?
The "Manage Subscribers" link allows you to view all Subscribers for the account, view and revoke their SSL certificates; change their contact details and reset their password for their Subscriber account; or disable their account.  For more details refer to QV TrustLink Administrator Guide, page 36  Top
What happens when a Subscriber leaves? Can I transfer their certificates to be managed by another Subscriber?
Yes. Please contact AusCERT to transfer the certificates for one Subscriber to another Subscriber within your organisation. Top
What does the "Request parameters" permission mean?
This is explained in the QV TrustLink Administrator Guide on page 29. It allows an Administrator with this privilege to customise the Certificate Request Form that Subscribers for their organisation complete. The fields can be mandatory or optional. Typically, AusCERT has assigned this privilege to Sub-LRAOs that are Administrators. Top
How long does it take for an SSL certificate to be issued?
If all the domain/s in the certificate request are listed in TL as domains approved for your organisation, then the SSL certificate will be issued within a few minutes of it being approved by one of the Agent Administrators for your organisation.  If you are a Subscriber, you can check which domains are approved for your organisation by going to "My Organisations and Domains" link in your Subscriber account.  If you are an Administrator, from your TL Administrator account go to "Manage Organisations" and view the "Domains" for your organisation.
If you are a Subscriber waiting for a certificate to be approved, please contact your organisation's administrators. AusCERT and QV cannot approve certificate requests for your organisation.
However, if a certificate request includes domain/s not yet approved for use by your organisation, it will not be able to be approved until the domain has been added and approved by QV.  In this case contact your Administrator to assist with the domain approval procedures for QVTop