In most cases, the personal information included in your certificate is your name and your email address. The only time you can change this information is when you renew your certificate. If any of the person information that is included in your certificate has changed (or will change soon), you can update the information while renewing; however, if you need to update this information and your certificate is not eligible for renewal (within 90 days of expiration), you will need to apply for a new certificate. Information that is not included in your certificate can be updated at any time via the Certificate Management Center (CMC).
Find more information about managing your certificate in our How Do I library.
The International Data Exchange Service (IDES) is an electronic delivery point where Financial Institutions (FI) and Host Country Tax Authorities (HCTA) can transmit and exchange FATCA data with the United States.
When purchasing a FATCA certificate to interact with the IRS, you do not need to provide the private key to IDES.
You can determine whether your certificate needs to be replaced by trying to export the certificate. The instructions for exporting your certificate may vary based on the browser that you use. Locate the export instructions for your browser in our How Do I library. If you are able to export your certificate, then there is no need to replace it. If you cannot locate your certificate or you cannot successfully export it, then you will need to obtain a replacement certificate. Instructions for certificate replacement are also available in the How Do I library.
It is important to remember that your digital certificate is a credential that is similar to a driver's license or passport, and that when information contained in your certificate changes, you may need to obtain a new updated credential (certificate). The information contained in your certificate is stored and managed in your IdenTrust account along with other non-certificate related information, which means that some information in your account can be updated and some information is not updatable without renewing or purchase a new certificate.
You can manage your account information via the Certificate Management Center (CMC). You will use your certificate or your account number and account password to access the CMC.
1. After logging into the CMC locate the drop down box next to the prompt For Your Account, Would You Like to:
2. Select Update Your Account Information.
3. Click Continue.
4. Based on the type of certificate there are different options for updates. Follow the instructions to make allowable updates.
If the information that you need to change is not updateable, you will need to purchase a new certificate.
You need to contact a Key Recovery Officer (KRO) within your organization to initiate a Key Recovery request. The KRO will assist you in filling out the appropriate form. After the form is submitted to IdenTrust and is approved, you will receive a copy of your recovered key in the mail. If your organization does not have a KRO, you can contact specific individuals within your organization who can submit a request to IdenTrust on behalf of your organization. Those individuals are mentioned in the Subscribing Organization Authorization Agreement. Contact your supervisor or your HR department to find out who can request key recoveries from IdenTrust.
You can identify a file with a certificate in .pem format when it has the string -----BEGIN CERTIFICATE----- at the top of the sequence; and the string -----END NEW CERTIFICATE REQUEST----- at the end. For SSL certificates, at the time of initial installation the certificate is already provided in .pem format and you can save it to a file with the .pem extension. Alternatively, you can access the IdenTrust Certificate Management Center (CMC) using your account number and password where you can view and save the certificate in .pem format.
1. Log into the CMC.
2. Locate the prompt labeled For this Certificate, Would You Like to:
3. Select View Your Certificate PEM and click Continue.
4. Here you will have access to the information in .pem format and you can save it to a file with the .pem extension.
For a FATCA Organization certificate, you will be able to export the certificate from your browser in the .pem format. The extension of this file will be .cer. For specific instructions for supported browsers, visit our How Do I library.
If at any time IdenTrust has been made aware of or has a belief that a certificate/private key has been compromised, we are required by all governing certificate policies to protect the integrity of the certificate by executing a revocation. Once a compromise is identified, IdenTrust must perform a revocation within a specific timeframe as defined by the governing certificate policy.
Examples where revocation is required include:
Certain pieces of information provided during your initial application may change during the certificate's lifetime. Some of these pieces of information can be updated immediately, others will have to wait for the renewal process and some changes will require you submit a new application. Examples of common changes include:
My mailing address has changed.
You can update the mailing address on your account at any time by logging into the Certificate Management Center (CMC).
Once you have access the CMC, locate the prompt labeled Manage Your Account Information and select View/Update Account Information. Make the necessary changes and select Finish.
My headquarters address has changed, or my company's name has changed.
Unfortunately, you are unable to make changes regarding your organization name and/or address. This is because organization information is included in your certificate and can only be used in conjunction with conducting business on behalf of that specific organization. In order to update an organization, you must obtain a new certificate. Be aware that if you currently use your certificate to gain access to a federal or state agency, you may also need to re-register with the new company information prior to being able to use the new certificate with the agency system. We suggest that you contact the appropriate agency for further clarification.
My email address has changed.
You will have the option to change the email address associated with your certificate during the renewal process. It cannot be changed prior to a renewal. If you must have your current email included in your certificate, you will need to purchase a new certificate.
My name has changed.
You cannot change your name except at when you renew your certificate. During the renewal process , you will be asked to confirm your name. At that time you can update to your current legal name, which will be included in your new certificate . If the IdenTrust Registration Department is unable to verify the requested changes, you may be asked to send in proof of the name change by providing additional documentation such as:
If you must have a certificate that includes your new name prior to certificate renewal, you will need to purchase a new certificate.
Revocation is the action of making your certificate unusable. This is necessary when you believe that your certificate/private key has been compromised. Revocation prevents anyone from using your certificate to create digital signatures or from accessing secure sites. It is your obligation, based on the Subscriber Agreement you accepted, to request that your certificate be revoked in the case that you believe it has been compromised. Use the following procedure to revoke your certificate:
Visit our How Do I library for instructions to replace your certificate.
Visit our Document Library to view Subscriber Agreements for each certificate policy type.
Storage devices such as the USB token and Smart card have limited space available to store certificates. Different certificate types have different file sizes, meaning a storage device will likely only be able to hold 3–4 certificate pairs, depending on the device being used.
We recommend purchasing a new HID USB token or HID Smart card after three renewals, or after three certificates have been stored on the device to ensure the device doesn't run out of storage space when retrieving another certificate. If you do run out of storage space, you will need to purchase a new device or remove old certificates that are no longer needed.*
You will be able to purchase new hardware when renewing your certificate, or you may purchase one by contacting our Support Team at +1 (888) 339-8904.
*Removing old certificates may impact your ability to decrypt email messages encrypted with that certificate. Whenever possible, we suggest removing old signing certificates only.
While IdenTrust will make every attempt to verify any name discrepancies between IDs due to marriage, divorce or other, there are instances where names cannot be verified. When this occurs, our Registration Department will reach out to you and request that you provide a notarized copy of the document confirming the name change. Examples of documents accepted include:
Please send the notarized copy of the name-changing document to:
5225 Wiley Post Way, Ste 450
Salt Lake City, UT 84116