Government revokes trust in DigiNotar certificates

It has emerged in recent days that hackers recently broke into the firm DigiNotar, resulting in the issue of fraudulent security certificates. Certificates are needed to ensure the security of internet traffic. DigiNotar issues two kinds of certificate, its ‘own brand’ and ‘PKI Overheid’ (PKI government) certificates. Since the beginning of this week, its own-brand certificates have no longer been accepted as secure.

The results of an investigation by the IT security firm Fox IT were announced on friday. They show that there is a possibility that DigiNotar’s PKI Overheid certificates have also been compromised. This means that users of government websites can no longer be sure that they are accessing the sites they intend to. They may get a message saying that the websites can no longer be trusted.

The following measures have been taken to ensure that security can once more be guaranteed as soon as possible.

  •  Websites will switch to other PKI certificate authorities as soon as possible.
  • There will be a controlled transition in which the operational management of all DigiNotar certificates will be taken over.
  • Taking over operational management will make it possible to monitor whether there is any misuse during the transitional phase. IT security specialists will be brought in to complete the transitional phase as quickly as possible.

While this is a very difficult situation for DigiNotar, it is cooperating in a professional manner in the take-over of operational management and the replacement of its certificates.

Information for companies that use the certificates

The certificate problem may also have an impact on companies that use these certificates. The above measures have been drawn up in consultation with the Confederation of Netherlands Industry and Employers (VNO-NCW).

Business users can obtain more information about the replacement of certificates from www.logius.nl or by calling the Logius service centre (0900 5554555).