DigiCert revokes EV certificate due to urgent problem
Until 1 May, DigiCert was the certificate service provider for the SURF certificates service. Certificates issued before 1 May will continue to operate until the certificate's period of validity expires.
Institutions informed immediately
After the announcement, SURF immediately informed all the contact persons of the SURF certificates service, as well as the SCIPR and SCIRT security communities for the sake of security. There is also a page available with more information and instructions on how to replace and install the certificates as quickly as possible.
Request for postponement
SURF has looked into the possibility of submitting a request for postponement to DigiCert together with other parties. The period within which the certificates must be replaced and reinstalled is tight. We consider that the chance of postponement is small because DigiCert is under pressure from major browser suppliers who - because of this error - no longer wish to accept other DigiCert certificates.
No security risk
DigiCert revokes the EV certificate due to an oversight in the audit. For the time being, there is no concrete indication of a security issue.