Best Practices 12-17-2020

Report Certificate Problems and Request Key Compromise Revocation at Speed: DigiCert's New Automated Revocation Solution

Jeremy Rowley

You can now submit a report of a private key compromise quickly and automatically get a revocation, if needed, with DigiCert’s Certificate Problem Reporting tool.

Responding to certificate problem reports and certificate revocation are key responsibilities of a certificate authority, and they are important aspects of ensuring online trust.

As part of our ongoing commitment to making the internet a safer space, ensuring the integrity of our certificates and continuously improving our processes, DigiCert recently released a new Certificate Problem Reporting Tool for compromised private keys, available to the general public.

How it works

The process for reporting compromised keys previously involved contacting the DigiCert support team. This new process enables faster responses and action. The reporting tool accepts evidence of compromised private keys and systematically verifies whether evidence provided is sufficient proof of compromise. If confirmed, the system schedules the impacted certificates for revocation.

Anyone can submit a problem report, including security researchers, customers and the general public. The new tool is available at problemreport.digicert.com.

How to use the Certificate Problem Reporting Tool

Note: if you own the affected certificate, you should use your CertCentral account to revoke and reissue it.

To submit a report of a compromised private key, follow these steps:

    To report other certificate problems, including certificate misuse, fraud or inappropriate conduct, send an email to revoke@digicert.com detailing the issue and the certificate details.

    Once you have submitted your problem report, DigiCert will investigate the issue within 24 hours and determine appropriate action, including revocation, in-line with CA/B Forum Baseline Requirements and industry standards.

    Learn more

    For more information on certificate revocations and the process DigiCert uses, see our blog "A Guide to TLS Certificate Revocations.”

  1.  
      problemreport.digicert.com

UP NEXT
PKI

3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min

Featured Stories

12-04-2024

How artificial intelligence is reshaping digital trust

12-18-2024

Announcing the new open-source DCV library from DigiCert

How to spot a fraudulent website