IdenTrust Inc. Logo
Home | My Account | Contact Us  


Certificates > ECA > Revoke ECA Certificate

A certificate must be revoked when, among other reasons: it has been compromised, lost, or someone in the organization has left or been terminated.

In order to request revocation, you need to be the Subscriber, an Authorized Employee within the organization or the Trusted Correspondent.

If you are a Subscriber, follow the procedure below:

Subscriber Revocation Procedure

A Subscriberís revocation request must be communicated electronically to IdenTrust by sending a digitally signed email with the private key of the certificate to be revoked. As an additional insurance measure, the request must also be submitted over the phone by calling the IdenTrust Help Desk line 1-888-882-1104 (U.S.) or 1-801-924-8141 (International).

The digitally signed message may be submitted to IdenTrustís Help Desk ( or the organizationís authorized Trusted Correspondent. In either case, the Subscriber must provide a reason for revocation. If the revocation is being requested for reason of key compromise or suspected fraudulent use of the private key, then the revocation request must so indicate:

In case the e-mail is addressed directly to IdenTrust, upon positive verification of the digital signature, an IdenTrust RA will revoke the Subscriberís IdenTrust ECA Certificate used to create the signature.
In case the email is addressed to the Trusted Correspondent, s/he will verify the Subscriberís signature, ensure a revocation reason is provided, collect and zero out any information on the smart card or USB token, create a record, and submit the request to IdenTrustís Help Desk via e-mail and phone call.

The Trusted Correspondent will provide the Subscriberís information, a revocation reason, attach the original signed request and digitally sign the message with his/her IdenTrust ECA Certificate. Medium Hardware Certificates, such as the t-Certificate from IdenTrust, require an in-person identity verification by an IdenTrust employee or by a Trusted Correspondent. Requests for these certificates must indicate if the smart card or USB token was returned and zeroed out by including its serial number.

An IdenTrust RA will verify the Trusted Correspondentís digital signature, confirm completeness of the information, and ensure that the Trusted Correspondent is authorized by the subscribing organization. Upon positive confirmation, the RA will revoke the Subscriberís Certificate.

If the Subscriber cannot digitally sign a revocation request (i.e., locked or lost token), the individual must contact its authorized Trusted Correspondent in person and provide proof of identity equivalent to the proof provided during initial registration. If the request is for a Subscriber Certificate, after confirming the Subscriberís identity, the Trusted Correspondent will submit a digitally signed revocation request to IdenTrust's Help Desk as explained above.

If you are an authorized representative of the subscribing organization follow the procedure below:

Subscribing Organization Revocation Procedure

An organization must request revocation through its authorized Trusted Correspondents. The Trusted Correspondent is responsible for authenticating requests other than those received from the Subscriber. The Trusted Correspondent will confirm the identity of the requestor in-person or by using a message from the requestor digitally signed with an IdenTrust ECA Certificate.

In exceptional cases, when the organization does not have immediate access to a Trusted Correspondent (i.e., the Trusted Correspondent is being terminated), an organizationís representative (i.e., personnel office representative) can request revocation directly via a signed e-mail and a call to the Help Desk, or mail to the Registration Desk on company letterhead containing a notarized signature. The communication should include the information about the Subscriberís certificate to be revoked. If the revocation is being requested for reason of key compromise or suspected fraudulent use of the private key, or if the smart card or USB token could not be collected and zeroed out, then the revocation request must indicate key compromise.

M-F, 6am-5pm MST

DODI Video


ECA Medium Assurance
ECA Medium Assurance Foreign Country
ECA Medium Token Assurance Foreign Country
ECA Medium Token
ECA Medium Hardware Assurance
ECA Medium Device Assurance SSL/TLS
ECA Foreign Countries Supported


ECA Application Enablement FAQ
Request Key Recovery
Revoke Certificate
Root Certificate Downloads

Instructions for Applicant
Locations for IdenTrust Identity Verification
ECA Identity Verification
Accepted IDs for ECA
ECA Forms and Policies
Security of Unclassified DoD Information on Non-DoD Information Systems
Who can sign the Part 2 form

ECA Digital Certificates
ECA Trusted Correspondent Program
How To Become a Trusted Correspondent
IdenTrust, Inc. BBB Business Review WebTrust WebTrust Baseline EHNAC EHNAC GSA Schedule SOC
© IdenTrust, Inc. All Rights Reserved.    Home | Contact Us | Legal Policies