There are occasions when certificates need to be edited, for example because a typo or other error being introduced at the point of issue.
Of course, being an important document relied upon by others, the editing of certificates needs to be controlled. Traditionally an issued certificate with an error might have been replaced, but this is also time consuming and costly for the issuing authority, creating its own problems about the certificates in circulation.
Our approach is to allow certificates to be edited, but to maintain an audit log so changes can be inspected.
Only authorised users of the issuing authority may edit certificates. They can do this by using the 'Edit Certificate' button that will be shown on the digital certificate page when they have sufficient permissions.
The certificate's audit log is visible to anyone who can see the digital certificate (i.e. because the certificate is set to public or because a share link has been provided for a private certificate). This is reached via the 'View Audit Log' button on the digital certificate page.
The audit log shows who made the changes, when they were made, and what the values were before and after the change. The issuer can also see who was the editor within the organisation.
Some certificate fields are private (visible only to the issuer and the recipient). If these fields are edited, the entries in the audit log are marked as private and also only visible to the issuer and recipient.
The audit log also records if the status of the certificate changes such as the certificate being suspended, revoked, made public or made private.