Skip to main content
banner image
venafi logo

What Is an EV Multi-Domain SSL Certificate Revocation Information and Reporting Policy?

What Is an EV Multi-Domain SSL Certificate Revocation Information and Reporting Policy?

Certificate Revocation
August 14, 2018 | David Bisson

A user may choose to request revocation of a digital certificate under their control. They might make such a request if they accidentally shared the key used to build the certificate on a public website or learn that hackers stole the key off their company's servers. Upon receiving the user's request, the issuing Certificate Authority (CA) may cancel the certificate and thereby remove the HTTPS connection from the certificate owner's domain.

Revocation does not always begin with the user, however. Many CAs have specific guidelines for when they must revoke a certificate. Some of these parameters make revocation possible even if the CA has not heard from the owner.

To illustrate, SSL certificate provider Entrust says it must revoke extended validation (EV) Multi-Domain SSL Certificates under several conditions that do not require initiation from the Subscriber. These include the following:

  • It learns that the Subscriber's private key is likely compromised or that someone has abused one of its EV Multi-Domain SSL Certificates.
  • It receives notice that a Subscriber has disobeyed part of its Subscriber Agreement.
  • It becomes aware of judicial decision that prevents the Subscriber from using the domain name listed in the EV Multi-Domain SSL Certificate or a failure by the Subscriber to renew that domain.
  • It learns any of the information contained the EV Multi-Domain SSL Certificate has changed and/or is not accurate.

Under these and similar circumstances, Entrust or another reputable CA will launch an investigation of all Certificate Problem Reports it might have received within 24 hours from the Subscriber or other third-parties. It will determine the nature of the problem, the number of Certificate Problem Reports it has received, and the identities of those who submitted those reports. The CA will then use that information to decide if revocation is a justified response.

Such strict revocation guidelines help emphasize the need for organizations to properly manage their certificates. Organizations should make sure they store their keys in a safe place, for example. Plus, organizations should have automated certificates management solutions that track all anomalies in their certificates and issue alerts when appropriate.

The Venafi Platform is designed to give organizations full control over their certificates. As such, it provides separation of duties so that companies can report on each certificate's status, regardless of the CA that it is issued by. The Venafi platform also integrates with centralized SIEM systems, thereby enabling personnel to track, detect, report, and issue alerts on any certificate anomalies.

Safeguard your digital certificates today.

Related posts

Like this blog? We think you will love this.
wildcard certificates
Featured Blog

Wildcard Certificates Make Encryption Easier, But Less Secure

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

David Bisson
David Bisson

David is a Contributing Editor at IBM Security Intelligence.David Bisson is a security journalist who works as Contributing Editor for IBM's Security Intelligence, Associate Editor for Tripwire and Contributing Writer for Gemalto, Venafi, Zix, Bora Design and others.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more