How do I initiate a key recovery?
To ensure there is no confusion about this: a key recovery, when initiated by the end-user, is a process where your previous signing certificate is revoked, new keys for it are created, and a new signing certificate is created (with the same information and expiration as before). It also allows for the same/original encryption certificate and keys to be retrieved again.
This process is normally only needed if your current certificate keys are currently unusable for some reason (deleted, forgotten private key password, etc.).
A key recovery can only be performed where IdenTrust stores a copy of (or escrows) the encryption certificate private key. (Please note that we NEVER have a copy of your signing-certificate private key). In some cases, depending on the type of certificate, we cannot recover your encryption keys.
For accounts where we do not escrow the encryption private key, or accounts that do not have encryption capability, a key recovery is not an option; however, you may be able to initiate a certificate replacement instead. Visit our How Do I library to learn more about certificate replacement.
To Initiate a Key Recovery:
If your organization has set up a "Certificate Coordinator" or "Local Registration Agent" with us, you can contact them to initiate the key recovery. Otherwise, please follow these steps to initiate the key recovery:
1. Access the Certificate Management Center. If you are prompted to choose a certificate to log in, click Cancel.
2. Enter your account number and your account password.
- The account number was sent to you in a physical letter after your account was approved.
- The account password is the one that you provided online when you applied for your certificate.
3. In the section showing your Valid Certificates make sure your current encryption certificate is selected.
4. In the drop-down box under Valid Certificates, select I would like to request recovery of my certificate
5. Click the Continue button.
6. Follow the onscreen instructions to complete the key recovery request.
Note: This request needs to be processed and approved by a member of our Registration department. A new notification with new retrieval information will need to be sent before your new certificate can be retrieved.