IdenTrust Inc. Logo
Home | Login | Contact Us  


Support > HOW-TO > Question Back

How do I get a key recovery?

To ensure there is no confusion about this: a key recovery, when initiated by the end-user, is a process where your previous signing certificate is revoked, new keys for it are created, and a new signing certificate is created (with the same information and expiration as before). It also allows for the same/original encryption certificate and keys to be retrieved again.

This process is normally only needed if your current certificate keys are currently unusable for some reason (deleted, forgotten private key password, etc).

A 'Key Recovery' is only able to be done with accounts where we store a copy of (or escrow) an encryption certificate private key. (please note, that we NEVER have a copy of your signing-certificate private key). Example types: ACES accounts that have both signing and encryption certificates.

For accounts where we do not escrow the encryption private key, or accounts that do not have encryption capability, a 'Key Recovery' is not an option. A Certificate Replacement needs to be done instead.

To initiate a key recovery:

If your organization has set up a "Certificate Coordinator" or "Local Registration Agent" with us, you can contact them to initiate the key recovery. Otherwise, please follow these steps to initiate the key recovery:

  1. Open the web page to our Certificate Management Center. If it asks you to choose a certificate to log in with, click 'Cancel'.
  2. Enter in your account number, and IdenTrust Passphrase.
  3. The account number was sent to you in a physical letter after your account was approved.
    The IdenTrust Passphrase is the password you chose online when you applied for the certificate.
  4. In the section showing your "Valid Certificates". make sure your current Encryption certificate is selected.
  5. In the drop-down box under the Valid Certificates, select "I would like to request recovery of my certificate", and click the 'Continue' button.
  6. Follow the onscreen instructions to complete the key-recovery request.
    Note: This request still needs to be processed and approved by our Registration department. A new letter with new retrieval information will need to be sent before the new certificate can be retrieved.

Certificate Management Center
FAQ: Before You Buy
HOW-TO: Backup a Certificate
HOW-TO: Replace a Certificate
FAQ: General
Support Main
IdenTrust, Inc. BBB Business Review WebTrust WebTrust Baseline EHNAC EHNAC GSA Schedule SOC
© IdenTrust, Inc. All Rights Reserved.    Home | Contact Us | Legal Policies