Certificate revocation process and problem reporting

Certificate revocation and certificate problem reporting are an important part of online trust. Certificate revocation is used to prevent the use of certificates with compromised private keys, reduce the threat of malicious websites, and address system-wide attacks and vulnerabilities. As a member of the online community, you play an important role in helping maintain online trust by requesting certificate revocations when needed.

Certificate revocation

Any revocation request reported to DigiCert will be acknowledged promptly, and raised to a validation supervisor or DigiCert management as appropriate.

DigiCert revokes certificates for the reasons stated in the DigiCert CPS, including the following:

  • The subscriber requests in writing that the DigiCert revoke the certificate;

  • The subscriber notifies DigiCert that the original certificate request was not authorized and does not retroactively grant authorization;

  • DigiCert obtains evidence that the subscriber's private key corresponding to the public key in the certificate suffered a key compromise;

  • DigiCert obtains evidence that the certificate was misused;

  • DigiCert is made aware that a subscriber has violated one or more of its material obligations under its agreement with DigiCert;

  • A third party provides information that leads the DigiCert to believe that the code signing certificate is compromised or is being used for suspect code; or

  • Any other reason listed in the CA/Browser Forum Baseline Requirements along with other applicable industry standards.

Certificate problem reporting

If you wish to report a key compromise, complaints, certificate misuse, or other types of fraud, or inappropriate conduct related to certification, go to https://problemreport.digicert.com.

Certificate revoke request investigation

DigiCert will begin investigation of a certificate problem report within twenty-four hours of receipt, and decide whether revocation or other appropriate action is warranted based on the Baseline Requirements and other governing industry standards.

DigiCert maintains a continuous 24/7 ability to internally respond to any high priority certificate problem report, and where appropriate, forward such complaints to law enforcement and/or revoke a certificate that is the subject of such a complaint.

For more information about the certificate revocation process, see our blog A Guide to TLS Certificate Revocations.