Mar 1, 2018 Scott Rogers Alerts & Notices

Right now there is a bit of a kerfuffle in Certificate World over the mass revocation of roughly 23,000 compromised certificates after the CEO of an SSL reseller attached their private keys to an email.  There is a sometimes nuanced, sometimes spirited discussion of the whole thing on a Mozilla security policy forum, which you can read for yourself if you're into that kind of thing.

One of the points of discussion is that the reseller involved was in possession of at least the 23,000 private keys mentioned above (and presumably more).  This fact has been a source of consternation for many people following the story.

We want to go on record to state that GeoCerts does NOT possess private keys for any of our customers, never has, and does not store such keys anywhere.  The only private keys we hold are for our own certificates that we use to secure our own sites and systems.