Report Certificate Security Compromise Issues

Report Certificate Security Compromise Issues

If you have an operational issue with your current certificate, please Submit a Ticket and our friendly Support team will assist.

If you are an IdenTrust certificate subscriber, relying party, subscribing organization, application software supplier or any third party who needs to report suspected certificate private key compromise, certificate misuse, or other types of fraud, compromise, misuse, inappropriate conduct, or any other matter related to the improper utilization of and reliance upon IdenTrust certificates, please contact us immediately using the Support Ticket link above or via email message to: [email protected].

When contacting IdenTrust, please ensure to provide:

  • An account number;
  • The name and contact information of the individual/organization reporting the certificate;
  • The subscriber, organization, domain, and/or PKI sponsor name;
  • The nature of the issue (illegal activity, private key compromise, etc); 
  • The date and time when the issue was discovered; and ONE of these Revocation Reason codes:
    • keyCompromise (RFC 5280 CRLReason #1)
      • Choose this certificate revocation reason code when there is a reason to believe that the private key of the certificate has been compromised. e.g. an unauthorized person has had access to the private key of the certificate. A CSR alone does not prove possession of the certificate's private key; IdenTrust must receive all information above to confirm the "keyCompromise".
    • affiliationChanged (RFC 5280 CRLReason #3)
      • Choose this certificate revocation reason code when the subject's name or other subject information in the certificate has changed, but there is no cause to suspect that the certificate's private key has been compromised.
    • superseded (RFC 5280 CRLReason #4)
      • Choose this certificate revocation reason code when requesting a new certificate to replace the existing certificate.
    • cessationOfOperation (RFC 5280 CRLReason #5)
      • Choose this certificate revocation reason when the subscriber no longer owns all of the domain names listed in the certificate due to discontinuation of the website.
    • unspecified (RFC 5280 CRLReason #0)
      • Choose this option when none of the above revocation reason codes apply to the certificate revocation request; IdenTrust will also use this revocation reason code when no code is provided.

A support team representative will file a ticket and proceed to forward contact information with the details and ticket number to the appropriate level of management or security officer via email. Upon review, the IdenTrust Security Office will follow the procedures described in the relevant Certification Practice Statement policy document and the support team representative will notify the sender of the final action taken with the problem report request.