Request a revocation

Revocation of compromised certificates is essential to computer security. Worldwide. Please help us in protecting these resources!

Your own certificate has been compromised

If your own certificate has been compromised, if you have forgotten your passphrase, or when you suspect someone else, in any way, has gotten access to your private key, you must revoke your certificate at once. The impact on your (grid) activities is limited, since you can get a new certificate immediately by visiting an RA, and it will have the very same name -- so you do not need to re-register with your user community or virtual organsiation. And: you significantly help in protecting the ICT infrastructure world-wide. A small impact for you, and a big help in reducing cyberthreats.

I am a relying party and observe suspicious behaviour

If you are a relying party, computer centre, or anyone else, and you have serious suspicions against a certificate issues by the DutchGrid CA, please report it to us, and provide sufficient details to us to evaluate the compromise. The CA needs reasonable evidence that either (i) the private key has become compromised or (ii) that the certificate is used to authenticate for purposes that are incompatible with the permitted use of the certificate, namely that the user has used the certificate for actions that are incompatible with the "purpose of cross-organisational distributed resource access, solely in the context of academic and research and similar, not-commercially competitive, applications" (CP/CPS section 1.1). Please bear in mind that we cannot normally release subscriber information for privacy reasons, but we can contact the subscriber ourselves if needed.

Providing excerpts of log files showing either compromise or suspect behaviour can help us evaluate the situation. You should send confidential information in an encrypted form to the CA managers. If you have information that should not be shared with the suspected subscriber, please indicate such material clearly.

I (still) have access to the private key

If you have access to the private key, whether you are the original owner of the certificate or you are a third party that has accidentally obtained access to the unencrypted private key, please use it to send a digitally signed revocation request by email to the CA at You can send such a signed email through your regular email client (importuing the certificate if needed), or through a set of command-line steps explained in the S/MIME email manual.

Sending an unsigned revocation request

Please complete this form to request revocation. The CA will react to it as soon as reasonably possible to legitimate requests.