DigiNotar CA certificates will be revoked on September 28 2011

23-09-2011 | English

The PKIoverheid Policy Authority (PA) revokes both DigiNotar PKIoverheid CA certificates on Wednesday 28 September 2011. It specifically concerns the following CA certificates:

  • DigiNotar PKIoverheid CA Overheid en Bedrijven (serialnumber 01 31 69 b0)
  • DigiNotar PKIoverheid CA Organisatie - G2 (serialnumber 01 31 34 bf)

Reason for revoking is an "Interim Report" published by Fox-IT on 5 September 2011, about the break-in at DigiNotar. This report shows that both CAs are not misused, but are compromised.

Therefore PKIoverheid PA has planned to revoke 'DigiNotar PKIoverheid CA Overheid en Bedrijven' and 'DigiNotar PKIoverheid CA Organisatie - G2', based on requirement 4.9.1-1 of the PKIoverheid Certificate Policy section 3a and 3b.
In addition, OPTA terminated the registration of DigiNotar BV on 14 September 2011 at 12:00 pm CET. OPTA also instructed DigiNotar to revoke the qualified personal certificates within 14 calendar days. Furthermore, the Court of Haarlem declared DigiNotar BV bankrupt on 20 September 2011.

The PKIoverheid PA didn't revoke both CA certificates directly on September 5th 2011. PKIoverheid PA followed the Dutch government which first required insight about the consequences of immediate revoking. Given the overall importance to prevent social and economic damage caused by an immediate revoking of the respective CAs, it was decided to use a controlled transition scenario where end users were given the opportunity to switch to other suppliers of PKIoverheid certificates.

The completion of several impact studies have shown that revoking of the respective CAs is now possible. The PKIoverheid PA has planned to do so on 28 September 2011.

More information on DigiNotar

Delen via: LinkedIn