Trustico wanted to do a mass revocation, was told by DigiCert that they can’t do that without there being a documented breach, so the CEO emailed the private keys to DigiCert which by definition is a breach.
Because that’s the mature, professional response.
Then Trustico failed to notify DigiCert properly that there was a breach.
It’s a shitshow and it’s all Trustico’s fault from what I can tell.
Holy crap. Shit show doesn’t even begin to describe this.
1 Like