 |
Certificates > ECA > Revoke ECA Certificate
|
A certificate must be revoked when, among other reasons: it has been compromised,
lost, or someone in the organization has left or been terminated.
In order to request revocation, you need to be the Subscriber, an Authorized
Employee within the organization or the Trusted Correspondent.
If you are a Subscriber, follow the procedure below:
Subscriber Revocation Procedure
A Subscriber’s revocation request must be communicated electronically to IdenTrust by
sending a digitally signed email with the private key of the certificate to be
revoked. As an additional insurance measure, the request must also be submitted
over the phone by calling the IdenTrust Help Desk line 1-888-882-1104 (U.S.)
or 1-801-924-8141 (International).
The digitally signed message may be submitted to IdenTrust’s Help Desk
(ecaserviceshelpdesk@identrust.com) or the organization’s authorized Trusted
Correspondent. In either case, the Subscriber must provide a reason for revocation.
If the revocation is being requested for reason of key compromise or suspected
fraudulent use of the private key, then the revocation request must so indicate:
|
 |
In case the e-mail is addressed directly to IdenTrust, upon positive verification
of the digital signature, an IdenTrust RA will revoke the Subscriber’s IdenTrust
ECA Certificate used to create the signature.
|
|
In case the email is addressed to the Trusted Correspondent, s/he will verify the
Subscriber’s signature, ensure a revocation reason is provided, collect and zero out
any information on the smart card or USB token, create a record, and submit the
request to IdenTrust’s Help Desk via e-mail and phone call.
|
|
The Trusted Correspondent will provide the Subscriber’s information, a revocation
reason, attach the original signed request and digitally sign the message with
his/her IdenTrust ECA Certificate. Medium Hardware Certificates, such as the
t-Certificate from IdenTrust, require an in-person identity verification by an
IdenTrust employee or by a Trusted Correspondent. Requests for these certificates
must indicate if the smart card or USB token was returned and zeroed out by
including its serial number.
An IdenTrust RA will verify the Trusted Correspondent’s digital signature, confirm
completeness of the information, and ensure that the Trusted Correspondent is
authorized by the subscribing organization. Upon positive confirmation, the RA
will revoke the Subscriber’s Certificate.
If the Subscriber cannot digitally sign a revocation request (i.e., locked or lost
token), the individual must contact its authorized Trusted Correspondent in person
and provide proof of identity equivalent to the proof provided during initial
registration. If the request is for a Subscriber Certificate, after confirming
the Subscriber’s identity, the Trusted Correspondent will submit a digitally
signed revocation request to IdenTrust's Help Desk as explained above.
If you are an authorized representative of the subscribing organization follow
the procedure below:
Subscribing Organization Revocation Procedure
An organization must request revocation through its authorized Trusted
Correspondents. The Trusted Correspondent is responsible for authenticating requests
other than those received from the Subscriber. The Trusted Correspondent will confirm
the identity of the requestor in-person or by using a message from the requestor
digitally signed with an IdenTrust ECA Certificate.
In exceptional cases, when the organization does not have immediate access to a
Trusted Correspondent (i.e., the Trusted Correspondent is being terminated),
an organization’s representative (i.e., personnel office representative) can
request revocation directly via a signed e-mail and a call to the Help Desk,
or mail to the Registration Desk on company letterhead containing a notarized
signature. The communication should include the information about the Subscriber’s
certificate to be revoked. If the revocation is being requested for reason of key
compromise or suspected fraudulent use of the private key, or if the smart card or
USB token could not be collected and zeroed out, then the revocation request must
indicate key compromise.
|
|
|
|
SALES CONTACT
RELATED CONTENT
AFTER YOU BUY
OTHER
CUSTOMER SUPPORT
|
|
