- SSL Products
- My Account
Trustico® has already provided some input in response to specific issues in that debate but would like to take this opportunity to 'set the record straight' as it considers itself to have been unfairly and wrongly maligned.
An Important Statement From Trustico®
There has been considerable public comment concerning Trustico® and DigiCert® over the past weeks. Trustico® has already provided some input in response to specific issues in that debate but would like to take this opportunity to ‘set the record straight’ as it considers itself to have been unfairly and wrongly maligned.
Trustico® has through itself and its predecessor companies been a reseller of SSL certificates for nearly 15 years. Trustico® prides itself on its quality of service, its relationships with its customers and its desire to protect their best interests. In the course of that long trading history, Trustico® has worked closely alongside Symantec® as a reseller of its SSL certificates throughout that time.
In early 2017, Google announced the forthcoming distrust of all Symantec® SSL Certificate brands on Google Chrome. In late-2017, Symantec® sold its SSL Certificate business to DigiCert®. From the time of the Google announcement, through the change of control of the Symantec® SSL business, Trustico® has been working hard on behalf of its customers to establish from Symantec®/ DigiCert® a full understanding of the Google distrust issues. This information has not been forthcoming which, resulted in Trustico® announcing to DigiCert® in February 2018 that it was contemplating ending its relationship to sell Symantec® SSL Certificates.
In response, DigiCert® gave the required notice (as the agreement permitted it to) to bring to an end the reseller agreement with Trustico®. Realising that the requested full clarification of the Google distrust issues was not now ever going to be forthcoming, Trustico® (acting in the best interests of its customers) took steps to protect its customers from what it considered to be unsafe certificates.
Trustico® is and was fully permitted under the terms of the Symantec® subscriber agreement to take action to revoke certificates on customers’ behalf. However, despite DigiCert®’s attention being drawn to the express provisions of the subscriber agreement that entitle Trustico® to take such action, DigiCert® refused to revoke stating that they would only do so by either performing a verification of control over the domain or receiving the private keys associated with the certificate.
Trustico® expressed to DigiCert® significant discomfort with handing over the private keys to the certificates. Private keys are held by Trustico® in ‘trust’ and so are secure (being kept in offline cold storage). Given the above concerns, Trustico®, acting in what it considered to be the best interests of its customers, elected to disclose the private keys so that DigiCert® would perform a revocation as they were refusing to do so otherwise.
Trustico®’s desire to take action in the genuine best interests of its customer base by procuring revocation of certificates in the manner requested by DigiCert® has led to confusion and misinformation being presented to the outside world as follows:
Trustico® has and is suffering significantly as a result of the misrepresentation of the position and, as you will appreciate, is considering its position legally with respect to these issues and others. Whilst Trustico® accepts that it could have done certain things better since the revocation request (and has held its hands up in that regard), its actions have all been legitimate both in terms of contractual arrangements and to best protect the interests of its longstanding customer base.
Replacement orders are available from alternative CAs to all affected customers at no cost. Trustico® is continuing to work with all its customers to ensure they are have a working and trusted SSL certificate.
Trustico® by Red 16, Inc.
The products we offer are reliable, high quality and competitively priced. Trustico® includes a no risk refund guarantee on our SSL Certificate products. Within thirty days of order Customer may request a cancellation and full refund of a Customer qualifying SSL Certificate product for any reason. Our Refund Guarantee