EV Certificate Revocation Information & Reporting

EV SSL Certificate Revocation Reporting for DigiCert

Any revocation request reported to DigiCert will be acknowledged promptly, and raised to the Validation Supervisor or DigiCert Management Immediately.

DigiCert will revoke an EV Certificate it has issued upon the occurrence of any of the following events:

(a) The Subscriber requests revocation of its Extended Validation Certificate;
(b) The Subscriber indicates that the original EV Certificate Request was not authorized and does not retroactively grant authorization;
(c) DigiCert obtains reasonable evidence that the Subscriber's Private Key (corresponding to the Public Key in the Extended Validation Certificate) has been compromised, or that the EV Certificate has otherwise been misused;
(d) DigiCert receives notice or otherwise become aware that a Subscriber violates any of its material obligations under the Subscriber Agreement;
(e) DigiCert receives notice or otherwise become aware that a court or arbitrator has revoked a Subscriber's right to use the domain name listed in the EV Certificate, or that the Subscriber has failed to renew its domain name;
(f) DigiCert receives notice or otherwise become aware of a material change in the information contained in the EV Certificate;
(g) A determination, in the CA's sole discretion, that the EV SSL Certificate was not issued in accordance with the terms and conditions of the EV Guidelines or the CA's EV Policies;
(h) If DigiCert determines that any of the information appearing in the EV SSL Certificate is not accurate.
(i) DigiCert ceases operations for any reason and has not arranged for another EV CA to provide revocation support for the EV Certificate;
(j) DigiCert's right to issue EV Extended Validation Certificates expires or is revoked or terminated [unless the CA makes arrangements to continue maintaining the CRL/OCSP Repository];
(k) DigiCert Private Key for that EV SSL Certificate has been compromised;
(m) DigiCert receives notice or otherwise become aware that a Subscriber has been added as a denied party or prohibited person to a blacklist, or is operating from a prohibited destination under the laws of the CA's jurisdiction of operation.

Reporting:

If you wish to have a certificate revoked for any of the above reasons, please send an email to EVRevoke@DigiCert.com - Make sure to include a thorough description of the reason for the certificate revocation.

In addition to EV Certificate revocation, Subscribers, Relying Parties, Application Software Vendors, and other third parties with can send emails to EVRevoke@DigiCert.com reporting complaints or suspected Private Key compromise, Extended Validation Certificate misuse, or other types of fraud, compromise, misuse, or inappropriate conduct related to EV SSL Certification (Certificate Problem Reports).

Investigation:

DigiCert will begin investigation of all Certificate Problem Reports within twenty-four (24) hours and decide whether revocation or other appropriate action is warranted based on at least the following criteria:
(i) The nature of the alleged problem;
(ii) Number of SSL Certificate Problem Reports received about a particular EV Certificate or website;
(iii)The identity of the complainants (for example, complaints from a law enforcement official that a web site is engaged in illegal activities have more weight than a complaint from a consumer alleging they never received the goods they ordered); and
(iv) Relevant legislation in force.

Response:

DigiCert maintains a continuous 24/7 ability to internally respond to any high priority Certificate Problem Report, and where appropriate, forward such complaints to law enforcement and/or revoke an EV SSL Certificate that is the subject of such a complaint.