DigiCert Statement on Trustico Certificate Revocation

February 28, 2018 DigiCert

Today, DigiCert issued the following statement regarding Trustico certificate revocation:

“Trustico requested revocation of their Symantec, GeoTrust, Thawte and RapidSSL certificates, claiming the certificates were compromised. When we asked for proof of the “compromise,” Trustico did not provide details on why they were requesting the immediate revocation. Trustico’s CEO indicated that Trustico held the private keys for those certificates, and then emailed us approximately 20,000 certificate private keys. When he sent us those keys, his action gave us no choice but to act in accordance with the CA/Browser Forum Baseline Requirements, which mandate that we revoke a compromised certificate within 24 hours. As a CA, we had no choice but to follow the Baseline Requirements. Following our standard revocation process, we gave notice via email to each certificate holder whose private keys had been exposed to us by Trustico, so they could have time to get a replacement certificate.

In communications today, Trustico has suggested that this revocation is due to the upcoming Google Chrome distrust of Symantec roots. That is incorrect. We want to make it clear that the certificates needed to be revoked because Trustico sent us the private keys; this has nothing to do with future potential distrust dates.

The upcoming Chrome distrust situation is entirely separate. We are working closely to help customers with certificates affected by the browser distrust, and we are offering free replacement certificates through their existing customer portals. That process is well underway.”

Previous Article
Replace Your Symantec-Issued Certificates Ahead of Chrome 66 Beta (March 15)
Replace Your Symantec-Issued Certificates Ahead of Chrome 66 Beta (March 15)

Free replacement certificates are available—visit your existing Symantec, Thawte, GeoTrust, and RapidSSL po...

Next Article
Connected Cars Need a Security Solution: Use PKI
Connected Cars Need a Security Solution: Use PKI

Roughly a quarter billion connected cars will be on our roads by 2020. That’s only two years away and we’re...