Security issue notification

Certificate Problem Report for a TLS- or S/MIME certificate

You would like to inform us about a problem concerning a TLS or S/MIME certificate, issued by D-Trust GmbH. This certificate is issued according to the CA/B Forum’s TLS Baseline Requirements and/or EV guidelines or S/MIME Baseline Requirements. In case of a non-compliance to the requirements mentioned prior, please do not hesitate to report this to us. To do so, fill out the form below and submit it to us.

Your certificate problem report

Would you like to inform us of a problem with a TLS or S/MIME certificate issued by D-Trust GmbH?

It is not a technical problem, such as faulty installation.*

This certificate does not comply with the BR/EV or S/MIME requirements of the CA/B Forum.*

Select one of the following options depending on which certificate is concerned.

TLS Certificate

Report a problem with a TLS certificate (end-entity certificate) that was issued by D-Trust GmbH for my organization or for a domain belonging to my organization.

Report a problem with a TLS certificate (end-entity certificate) issued by D-Trust GmbH.

S/MIME certificate

Report a problem with an S/MIME certificate (end entity certificate) issued by D-Trust GmbH for my organisation or for a domain belonging to my organisation.

Report a problem with an S/MIME certificate (end entity certificate) issued by D-Trust GmbH.

CA certificate

Report a problem with an issuing CA certificate issued by D-Trust GmbH.

1. Reason for revocation

Please let us know why the certificate should be revoked.*

Please write us your message.

2. Which certificate is concerned?

Certificate serial number (Hex)* Please enter the certificate serial Number.

Please enter the certificate serial number of the certificate in question.

URL under which the TLS certificate is used

Mandatory field in case of a problem with the certificate type TLS certificate

crt.sh URL (optional)

3. Contact details

First name* Please write your first name.

Family name* Please write your last name.

e-mail* Please enter your email address.

Phone number

Please note: Enter with international dialing code without “0” in the area code and without spaces.

*Required

Privacy Policy

Who is responsible within the meaning of the GDPR?

As a certificate issuer, D-Trust must – in accordance with the guidelines of the CA/Browser Forum – offer the option of reporting a potential certificate incident and, if applicable, requesting revocation. The only responsible body in this regard:

D-Trust GmbH
Kommandantenstr. 15
10969 Berlin
E-Mail: info@d-trust.net

You can reach our data protection officer at the email address: datenschutz@d-trust.net

Why do we collect data as part of this process, and on what legal basis do we base its processing?

D-Trust GmbH is obliged to contact both the notifying party and the certificate holder in order to clarify the circumstances involved.

Go to the following pages for the baseline requirements of the CA/B forum:

TLS certificates: https://cabforum.org/working-groups/server/baseline-requirements/documents/
S/MIME certificates: https://cabforum.org/working-groups/smime/documents/

To this end, the following data is collected from the notifying parties: first name, surname, e-mail (mandatory fields) and telephone number (optional).

The legitimate interest of D-Trust GmbH lies in maintaining the integrity of our products, ensuring functional business operations and complying with the requirements of the CA/Browser Forum.

How do we process the data, and how long is it stored?

The personal data from the notification will be retained for as long as is necessary to reach a decision on the notification. After the reported circumstances have been clarified and, if necessary, the certificate concerned has been revoked, the data will be deleted at the end of the following year.

Who is informed about this case?

Bundesdruckerei GmbH and D-Trust GmbH receive the contents of the report, including the personal data of the reporter, as part of processing the case.

The respective conformity assessment body and competent supervisory authority receive the contents of the notification without the personal data of the notifier as part of processing or auditing the case.

The certificate holder and interested third parties who are registered in the CA/Browser Forum (https://cabforum.org/) as certificate consumers receive the contents of the notification via their established communication channels (e.g., https://bugzilla.mozilla.org/) without the personal data of the notifier.