3rd CLARIFICATION STATEMENT BY DIGICERT SDN BERHAD
Date: 10th November, 2011
We refer to our two (2) Clarification Statements which we had earlier issued in response to the reports that have been circulating in several online portals alleging that Digicert Sdn Bhd has been issuing digital certificates fraudulently. Again, we wish to state our position that we view the allegations as very serious and we wish to reiterate our absolute denial of any fraudulent act on our part.
We now would like to update our customers that pursuant to our round-the-clock efforts to replace the SSL 512-bit and 1024-bit key certificates issued under Digisign Server ID - (Enrich) which have mismatched capabilities from the prescribed standards, we have to-date successfully replaced approximately fifty percent (50%) of the effected SSL certificates issued earlier with stronger key (i.e 2048-key) certificates.
We would like to reassure our customers that we are doing all that we can to ensure the expeditious replacement of the balance SSL certificates with 2048-key certificates. In order to successfully achieve this in the quickest manner possible, we would like to seek our customers’ kind co-operation in working with us closely.
As the first step, kindly immediately complete and generate the necessary Certificate Signing Request (CSR), and thereafter forward the same to us for our immediate processing. Any delay in submitting the CSR to us may in turn result in delay in the re-issuance of the certificates. This may also result in our customers’ system not being able to operate effectively and this definitely will not be in the interest of our customers. For this purpose, we seek your assistance to immediately advise us of the necessary particulars of your contact person for us to follow up on the CSR document.
As the next step after submission of the CSR to us, we would require our customers to immediately indicate to us your preference of the certificate issuer. In this case, our customers have a choice of having the replacement certificates be issued by Entrust, Inc i.e Digicert’s partner based in the Canada, or, issued by Digicert itself (Digisign Server ID 2048).
For certificates issued by Entrust, upon completion of the verification process of the CSR, the replacement certificates may take between six (6) to twenty-four (24) hours before a certificate can be issued. Our customers would then need to install the replacement certificates in their respective systems before the certificates can be used. As for certificates issued by Digicert under Digisign, the same process as abovementioned will have to be undertaken (ie verification of the CSR and installation of the certificates by the customers) except that, under this option, issuance of the replacement certificates may take between one(1) to three(3) hours only,
However, as for the certificates issued by Entrust, although the customers might have to wait slightly longer for issuance of the same, the advantage of this option is that the browser identification will be automatically carried out and the customers’ users do not need to manually install the same at the respective workstations. As for the certificates issued by Digicert under Digisign, although the issuance process of the certificates is shorter compared to the time taken by Entrust, the customers’ users will have to nevertheless manually install the browser identification at their respective workstations as and when they access the customers’ webpage. However, this manual installation is required to be undertaken one time only and that is when the customers’ users enter the customers’ webpage for the first time.
We would like to assure our customers that once the abovementioned processes are completed, our customers will be able to use certificates issued by a Certification Authority (CA),
In view of the urgency of the matter, again, we would appreciate our customers’ co-operation in this matter by reverting to us as soon as possible on the CSR and choice of certificate issuer. Again, we would like to apologize for the inconvenience caused and thank our customers for their support and understanding in this matter. We also would like to thank our partner, Entrust for extending their support to us in addressing this matter.
If further clarification on the matter is required, please do not hesitate to contact the following personnel.
Ami Azrul bin Abdullah
Hj. Amir Suhaimi Hassan
Mohd Rosdeen Hassan
Chief Executive Officer
Digicert Sdn Bhd