To ensure there is no confusion about this: a key recovery, when
initiated by the end-user, is a process where your previous signing
certificate is revoked, new keys for it are created, and a new signing
certificate is created (with the same information and expiration as before).
It also allows for the same/original encryption certificate and keys
to be retrieved again.
This process is normally only needed if your current certificate keys
are currently unusable for some reason (deleted, forgotten private key
A 'Key Recovery' is only able to be done with accounts
where we store a copy of (or escrow) an encryption certificate private key.
(please note, that we NEVER have a copy of your signing-certificate
private key). Example types: ACES accounts that have
both signing and encryption certificates.
For accounts where we do not escrow the encryption private
key, or accounts that do not have encryption capability, a 'Key
Recovery' is not an option. A
Certificate Replacement needs to be done instead.
To initiate a key recovery:
If your organization has set up a "Certificate Coordinator" or "Local
Registration Agent" with us, you can contact them to initiate the key recovery.
Otherwise, please follow these steps to initiate the key recovery:
- Open the web page to our Certificate
Management Center. If it asks you to choose a certificate to log in with, click
- Enter in your account number, and IdenTrust Passphrase.
The account number was sent to you in a physical letter after your account was approved.
The IdenTrust Passphrase is the password you chose online when you applied for the certificate.
- In the section showing your "Valid Certificates". make sure your current Encryption certificate is selected.
- In the drop-down box under the Valid Certificates, select "I would like to request recovery of my certificate", and click the 'Continue' button.
- Follow the onscreen instructions to complete the key-recovery request.
Note: This request still needs to be processed and approved by our Registration department. A new letter with new retrieval information will need to be sent before the new certificate can be retrieved.