Certificate Revocation and Problem Reporting

Certificate revocation and certificate problem reporting are an important part of online trust. Certificate revocation is used to prevent the use of certificates with compromised private keys, reduce the threat of malicious websites, and address system-wide attacks and vulnerabilities. As a member of the online community, you play an important role in helping maintain online trust by requesting certificate revocations when needed.

Certificate Revocation

Any revocation request reported to QuoVadis will be acknowledged promptly, and raised to a validation supervisor or QuoVadis management as appropriate.

QuoVadis revokes certificates for the reasons stated in the relevant QuoVadis QuoVadis CP/CPS, including the following:

  • The subscriber requests in writing that QuoVadis revoke the certificate;
  • The subscriber notifies QuoVadis that the original certificate request was not authorized and does not retroactively grant authorization;
  • QuoVadis obtains evidence that the subscriber’s private key corresponding to the public key in the certificate suffered a key compromise, or that the certificate was misused;
  • QuoVadis is made aware that a subscriber has violated one or more of its material obligations under its agreement with QuoVadis;
  • If QuoVadis determines that any of the information appearing in the certificate is not accurate or, in QuoVadis’ sole discretion, that the certificate was not issued in accordance with the terms and conditions of QuoVadis’ Policies;
  • Any other reason listed in the CA/Browser Forum Baseline Requirements along with other applicable industry standards.

Compromised Key Reporting

If you wish to report a key compromise because you have evidence that a private key corresponding to a public key in a DigiCert or QuoVadis certificate suffered a key compromise, go to our Compromised Key Service page to submit your report.

To submit your report, you’ll need to include:

  • Proof of key compromise in either of the following formats:
    • A CSR signed by the compromised private key with the Common Name “Proof of Key Compromise for DigiCert”
    • The private key itself
  • A valid email address so that you can receive confirmation of your problem report and associated certificate revocations

Certificate Problem Reporting

Subscribers, relying parties, application software vendors, and other third parties can send emails to compliance@quovadisglobal.com complaints or suspected private key compromise, certificate misuse, or other types of fraud, compromise, misuse, or inappropriate conduct related to certification.

Make sure to include a thorough description of the reason for the certificate revocation. QuoVadis will begin investigation of a certificate problem report within 24 hours of receipt and decide whether revocation or other appropriate action is warranted based on the relevant regulations or industry standards.

Qualified Certificate Revocation

Subscribers for Qualified and PKIoverheid certificates may revoke their own certificates via https://tl.quovadisglobal.com or by contacting the QuoVadis Qualified Registration Authority at +31 (0) 30 232 4320 during CET office hours or at +1 651 229 3456 outside of CET office hours.