23,000 revoked certificates of Trustico-DigiCert

The certification authority (CA) DigiCert, at the end of February, sent an email to Trustico's customers informing that their certificates had been compromised and that they would cancel them.

A few weeks earlier, Trustico informed that it would stop issuing certificates from Symantec, a company belonging to DigiCert, and all its subsidiaries. This is because Google will not trust the certificates issued by these CA.

According to external sources, Trustico requested DigiCert to revoke 50,000 certificates but DigiCert refused. DigiCert claimed that only customers can cancel the certificate or that there is a security problem with private keys. After its refusal, Trustico sent 23,000 private keys via email to DigiCert, according to Jeremy Rowley CPO of DigiCert.

 After this, DigiCert cancelled those 23,000 compromised certificates, although the remaining 27,000 refused to revoke them.