Certificate Revocation
Any revocation request reported to TunTrust will be acknowledged promptly, and raised to a validation supervisor or TunTrust management as appropriate.
A revocation request may be submitted using one of the following methods:
Certificate |
Possible Methods for Revocation |
---|---|
ID-Trust |
- Physical presence before a TunTrust RA operator: Either the Certificate Manager or the Legal Representative of the Subscriber must be physically present at the headquarters of TunTrust and request the revocation of a Certificate in writing using the ID-Trust revocation form after providing a valid ID.
-Subscribers can revoke their certificates online through their personal space on the ECERT platform.
-Subscribers can revoke their certificates online using TunTrust revocation online service. In this case, the Subscriber is required to provide the email address listed in the certificate that needs to be revoked. A revocation challenge will be sent to this email address and the Subscriber needs to provide it for the certificate revocation to be processed. |
DigiGo |
- Physical presence before a TunTrust RA operator: Either the Certificate Manager or the Legal Representative of the Subscriber must be physically present at the headquarters of TunTrust and request the revocation of a Certificate in writing using the DigiGo revocation form after providing a valid ID.
- Subscribers can revoke their certificates online on the DigiGo platform.
- Subscribers can revoke their certificates online using TunTrust revocation online service. In this case, the Subscriber is required to provide the email address listed in the certificate that needs to be revoked. A revocation challenge will be sent to this email address and the Subscriber needs to provide it for the certificate revocation to be processed. |
SSL |
- Physical presence before a TunTrust RA operator: Either the Certificate Manager or the Legal Representative of the Subscriber must be physically present at the headquarters of TunTrust and request the revocation of a Certificate in writing using the SSL revocation form after providing a valid ID.
- Subscribers can revoke their certificates online using TunTrust revocation online service. In this case, the Subscriber is required to provide:
|
Other |
- Physical presence before a TunTrust RA operator: Either the Certificate Manager or the Legal Representative of the Subscriber must be physically present at the headquarters of TunTrust and request the revocation of a Certificate in writing after providing a valid ID. |
TunTrust revokes certificates for the reasons stated in the relevant CP/CPS. These reasons include the following:
- TunTrust obtains evidence that the Subscriber’s Private Key corresponding to the Public Key in the Certificate suffered a Key Compromise;
- TunTrust is made aware of a demonstrated or proven method that can easily compute the Subscriber’s
Private Key based on the Public Key in the Certificate; - TunTrust obtains evidence that the Certificate was misused;
- TunTrust is made aware that a Subscriber has violated one or more of its material obligations under the Subscriber Agreement;
- TunTrust is made aware of a material change in the information contained in the Certificate;
- TunTrust is made aware that the Certificate was not issued in accordance with the CA/Browser Forum Baseline Requirements or the applicable CP/CPS;
- TunTrust determines or is made aware that any of the information appearing in the Certificate is inaccurate;
- Any other reason listed in the CA/Browser Forum Baseline Requirements along with other applicable industry standards.
Certificate Problem Reporting
Subscribers, relying parties, application software vendors, and other third parties can send to revoke'@'tuntrust.tn emails of suspected private key compromise, certificate misuse, or other types of fraud, compromise, misuse, or inappropriate conduct related to certification.
Make sure to include a thorough description of the reason for the certificate revocation. TunTrust will begin investigation of a certificate problem report within 24 hours of receipt and decide whether revocation or other appropriate action is warranted based on the relevant regulations or industry standards.