Certificate Revocation and Problem Reporting

Certificate revocation and the reporting of certificate problems are important components of online trust. The option to block a certificate is important in order to prevent the use of certificates with compromised private keys, to reduce the threat from malicious websites, and to eliminate system-wide attacks and vulnerabilities. As a member of the online community, you play an important role in maintaining online trust by requesting the revocation of certificates when necessary.

Certificate Revocation

Each revocation request submitted to QuoVadis will be confirmed and, where appropriate, forwarded to a validation supervisor or the QuoVadis management team.

QuoVadis shall revoke certificates based on the reasons specified in the QuoVadis CP/CPS (Certificate Policy/Certificate Practice Statement), including the following:

  • The subscriber requests in writing that QuoVadis revoke the certificate;
  • The subscriber notifies QuoVadis that the original certificate request was not authorized and does not retroactively grant authorization;
  • QuoVadis obtains evidence that the subscriber’s private key corresponding to the public key in the certificate suffered a key compromise, or that the certificate was misused;
  • QuoVadis is made aware that a subscriber has violated one or more of its material obligations under its agreement with QuoVadis;
  • If QuoVadis determines that any of the information appearing in the certificate is not accurate or, in QuoVadis’ sole discretion, that the certificate was not issued in accordance with the terms and conditions of QuoVadis’ Policies;
  • Any other reason listed in the CA/Browser Forum Baseline Requirements along with other applicable industry standards.

Compromised Key Reporting

If you have evidence that a QuoVadis certificate key pair has been compromised, please click on the following link: Key Compromise

In order to submit your report, please provide the following information:

  • CSR signed using the compromised private key with the Common Name (CN)
  • “Proof of Key Compromise for DigiCert”
  • Relevant private key
  • Valid e-mail address so that we can send a confirmation

Certificate Problem Reporting

Subscribers, partners, software developers and other third parties can e-mail Compliance in order to report complaints, potentially compromised private keys, misuse or inappropriate conduct related to QuoVadis certificates.

The e-mails must specify clear and justifiable reasons for the revocation of the certificate. Within 24 hours of receipt, QuoVadis will initiate the required investigation and decide on the basis of the applicable regulations and industry standards whether a revocation or another suitable action is called for.