FAQ By Lifecycle (Maintain)

Can I update the personal information in my certificate?

In most cases, the personal information included in your certificate is your name and your email address. The only time you can change this information is when you renew your certificate. If any of the person information that is included in your certificate has changed (or will change soon), you can update the information while renewing; however, if you need to update this information and your certificate is not eligible for renewal (within 90 days of expiration), you will need to apply for a new certificate. Information that is not included in your certificate can be updated at any time via the Certificate Management Center (CMC).

Find more information about managing your certificate in our How Do I library.

Do I need to export my FATCA private key to provide to IDES?

The International Data Exchange Service (IDES) is an electronic delivery point where Financial Institutions (FI) and Host Country Tax Authorities (HCTA) can transmit and exchange FATCA data with the United States.

When purchasing a FATCA certificate to interact with the IRS, you do not need to provide the private key to IDES.

Do I need to replace my certificate?

You can determine whether your certificate needs to be replaced by trying to export the certificate. The instructions for exporting your certificate may vary based on the browser that you use. Locate the export instructions for your browser in our How Do I library. If you are able to export your certificate, then there is no need to replace it. If you cannot locate your certificate or you cannot successfully export it, then you will need to obtain a replacement certificate. Instructions for certificate replacement are also available in the How Do I library.

How can I change information in my IdenTrust account?

It is important to remember that your digital certificate is a credential that is similar to a driver's license or passport, and that when information contained in your certificate changes, you may need to obtain a new updated credential (certificate). The information contained in your certificate is stored and managed in your IdenTrust account along with other non-certificate related information, which means that some information in your account can be updated and some information is not updatable without renewing or purchase a new certificate.

You can manage your account information via the Certificate Management Center (CMC). You will use your certificate or your account number and account password to access the CMC.

1. After logging into the CMC locate the drop down box next to the prompt For Your Account, Would You Like to:

2. Select Update Your Account Information.

3. Click Continue.

4. Based on the type of certificate there are different options for updates. Follow the instructions to make allowable updates.

If the information that you need to change is not updateable, you will need to purchase a new certificate.

How do I replace my digital certificate?

Please visit our How Do I for detailed instructions to replace your certificate.

I lost my encryption certificate, how do I get a copy from you?

You need to contact a Key Recovery Officer (KRO) within your organization to initiate a Key Recovery request. The KRO will assist you in filling out the appropriate form. After the form is submitted to IdenTrust and is approved, you will receive a copy of your recovered key in the mail. If your organization does not have a KRO, you can contact specific individuals within your organization who can submit a request to IdenTrust on behalf of your organization. Those individuals are mentioned in the Subscribing Organization Authorization Agreement. Contact your supervisor or your HR department to find out who can request key recoveries from IdenTrust.

IDES requires my certificate file to have a .pem (Base64) or .der (Binary) file extension, how can I do that?

You can identify a file with a certificate in .pem format when it has the string -----BEGIN CERTIFICATE----- at the top of the sequence; and the string -----END NEW CERTIFICATE REQUEST----- at the end. For SSL certificates, at the time of initial installation the certificate is already provided in .pem format and you can save it to a file with the .pem extension. Alternatively, you can access the IdenTrust Certificate Management Center (CMC) using your account number and password where you can view and save the certificate in .pem format.

1. Log into the CMC.

2. Locate the prompt labeled For this Certificate, Would You Like to:

3. Select View Your Certificate PEM and click Continue.

4. Here you will have access to the information in .pem format and you can save it to a file with the .pem extension.

For a FATCA Organization certificate, you will be able to export the certificate from your browser in the .pem format. The extension of this file will be .cer. For specific instructions for supported browsers, visit our How Do I library.

What are the reasons that IdenTrust must revoke my certificate?

If at any time IdenTrust has been made aware of or has a belief that a certificate/private key has been compromised, we are required by all governing certificate policies to protect the integrity of the certificate by executing a revocation. Once a compromise is identified, IdenTrust must perform a revocation within a specific timeframe as defined by the governing certificate policy.

Examples where revocation is required include:

Evidence that the certificate owner is not the individual who completed the certificate application, but is calling in for technical support. This situation is typically identified when the caller is the account owner, but they cannot answer questions about information contained in the application.
Someone other than the certificate holder is calling in for assistance with installation of the certificate and has access to the password and activation code.
You are no longer employed by the organization named in your certificate.

What if my personal information changes after I have received my certificate?

Certain pieces of information provided during your initial application may change during the certificate's lifetime. Some of these pieces of information can be updated immediately, others will have to wait for the renewal process and some changes will require you submit a new application. Examples of common changes include:

My mailing address has changed.

You can update the mailing address on your account at any time by logging into the Certificate Management Center (CMC).

Once you have access the CMC, locate the prompt labeled Manage Your Account Information and select View/Update Account Information. Make the necessary changes and select Finish.

My headquarters address has changed, or my company's name has changed.

Unfortunately, you are unable to make changes regarding your organization name and/or address. This is because organization information is included in your certificate and can only be used in conjunction with conducting business on behalf of that specific organization. In order to update an organization, you must obtain a new certificate. Be aware that if you currently use your certificate to gain access to a federal or state agency, you may also need to re-register with the new company information prior to being able to use the new certificate with the agency system. We suggest that you contact the appropriate agency for further clarification.

My email address has changed.

You will have the option to change the email address associated with your certificate during the renewal process. It cannot be changed prior to a renewal. If you must have your current email included in your certificate, you will need to purchase a new certificate.

My name has changed.

You cannot change your name except at when you renew your certificate. During the renewal process , you will be asked to confirm your name. At that time you can update to your current legal name, which will be included in your new certificate . If the IdenTrust Registration Department is unable to verify the requested changes, you may be asked to send in proof of the name change by providing additional documentation such as:

Marriage Certificate
Divorce Decree (1st, last and page showing the name change)
Other court-issued documentation

If you must have a certificate that includes your new name prior to certificate renewal, you will need to purchase a new certificate.

What is revocation and how can I do it?

Revocation is the action of making your certificate unusable. This is necessary when you believe that your certificate/private key has been compromised. Revocation prevents anyone from using your certificate to create digital signatures or from accessing secure sites. It is your obligation, based on the Subscriber Agreement you accepted, to request that your certificate be revoked in the case that you believe it has been compromised. Use the following procedure to revoke your certificate:

Visit our How Do I library for instructions to replace your certificate.

Visit our Document Library to view Subscriber Agreements for each certificate policy type.

Why does IdenTrust need my marriage certificate or other name change documentation?

While IdenTrust will make every attempt to verify any name discrepancies between IDs due to marriage, divorce or other, there are instances where names cannot be verified. When this occurs, our Registration Department will reach out to you and request that you provide a notarized copy of the document confirming the name change. Examples of documents accepted include:

Marriage Certificate or License
Divorce Decree (1st, last and page showing reinstating of name)
Court-issued documentation

Please send the notarized copy of the name-changing document to:

    IdenTrust Registration
      5225 Wiley Post Way, Ste 450
      Salt Lake City, UT 84116

FAQ By Certificate Lifecycle (Maintain)