DCA Root Service
DCA Root CA G1
Trusted Certificate Service TCS
Request your instant cert now
Guide and tools
Production CA (MS)
Manage Your Certificates
(for non-TCS users)
Find a local registrar
Help with your request
Host certificate requests
Submit your request
Download your certificate
Renew your certificate
NL e-Infra Zero
Legacy Cert Request Guide
Change a passphrase
OpenSSL for Windows
Request a revocation
Revocation of compromised certificates is essential to computer security. Worldwide. Please help us in protecting these resources!
Your own certificate has been compromised
If your own certificate has been compromised, if you have forgotten your passphrase, or when you suspect someone else, in any way, has gotten access to your private key, you must revoke your certificate at once. The impact on your (grid) activities is limited, since you can get a new certificate immediately by visiting an RA, and it will have the very same name -- so you do not need to re-register with your user community or virtual organsiation. And: you significantly help in protecting the ICT infrastructure world-wide. A small impact for you, and a big help in reducing cyberthreats.
I am a relying party and observe suspicious behaviour
If you are a relying party, computer centre, or anyone else, and you
have serious suspicions against a certificate issues by the DutchGrid CA,
please report it to us, and provide sufficient details to us to evaluate
the compromise. The CA needs reasonable evidence that either (i) the
private key has become compromised or (ii) that the certificate
is used to authenticate for purposes that are incompatible with the
permitted use of the certificate, namely that the user has used the
certificate for actions that are incompatible with the "purpose of
cross-organisational distributed resource access, solely in the context
of academic and research and similar, not-commercially competitive,
applications" (CP/CPS section 1.1). Please bear in mind that we cannot
normally release subscriber information for privacy reasons, but we
can contact the subscriber ourselves if needed.
I (still) have access to the private key
If you have access to the private key, whether you are the original owner of the certificate or you are a third party that has accidentally obtained access to the unencrypted private key, please use it to send a digitally signed revocation request by email to the CA at firstname.lastname@example.org. You can send such a signed email through your regular email client (importuing the certificate if needed), or through a set of command-line steps explained in the S/MIME email manual.
Sending an unsigned revocation request
Please complete this form to request revocation. The CA will react to it as soon as reasonably possible to legitimate requests.