We also asked Trustico to cease offering any tools to generate and/or retain customer private keys. They have complied with this request and have confirmed that they do not intend to offer any such tools again in the future.

Trustico have also confirmed to us that they were not, and are not, in possession of the private keys that correspond to any of the certificates that they have requested for their customers through Comodo CA.

On 02/03/18 15:25, Rich Smith via dev-security-policy wrote:
Comodo CA has investigated the reports posted to this list relating to the
suspected compromise of the private key corresponding to
https://crt.sh/?id=206535041.  Trustico have assured us that the private key
could not have been compromised.  However, since it will be hard to convince
everyone that this is the case, Trustico have agreed to obtain a replacement
certificate with a new keypair.  Once that new certificate has been
installed, Comodo CA will revoke https://crt.sh/?id=206535041.

Rich Smith
Sr. Compliance Manager
Comodo CA
Rob Stradling
Senior Research & Development Scientist
dev-security-policy mailing list

Reply via email to