Question Mark banner

How To Initiate a Key Recovery

Definition of A Key Recovery:

A key recovery, when initiated by the end-user, is a process where your:

  • Previous signing certificate is revoked;
  • New keys for it are created; and
  • A new signing certificate is created (with the same information and expiration as before).

It also allows for the same/original encryption certificate and keys to be retrieved again.

This process is normally only needed if your current certificate keys are currently unusable for some reason (i.e., deleted, forgotten private key password, etc.).

A “key recovery” is only able to be done with accounts where IdenTrust stores a copy of (or escrows) an encryption certificate private key. (Please note that IdenTrust NEVER has a copy of your signing-certificate private key.)

For accounts where IdenTrust does not escrow the encryption private key or for accounts that do not have encryption capability, a “key recovery” is not an option. A certificate replacement will need to be done instead.

To Initiate a Key Recovery:

If your organization has set up a “Certificate Coordinator” or a “Local Registration Agent” with IdenTrust, contact them to initiate the key recovery. Otherwise, please follow these steps to initiate the key recovery:

  1. Open the web page to the IdenTrust Certificate Management Center. If you are asked to choose a certificate to log in with, click “Cancel”.
  2. Enter in your account number and IdenTrust passphrase. • The account number was sent to you in a physical letter after your account was approved. • The IdenTrust passphrase is the password you chose online when you applied for the certificate.
  3. In the section showing your “Valid Certificates”, make sure your current “Encryption” certificate is selected.
  4. In the drop-down box under the “Valid Certificates”, select “I would like to request recovery of my certificate”. Then click the “Continue” button.
  5. Follow the onscreen instructions to complete the key recovery request.

Please Note: This request still needs to be processed and approved by the IdenTrust Registration department. A new letter with new retrieval information will need to be sent to you before the new certificate can be retrieved