Symantec ECA End of Life and Transition FAQ

Solution ID:    SO29059    Updated:    07/21/2017

Solution

Symantec ECA End of Life and Transition FAQ

 

A. General

  1. What is happening?

    Symantec has announced the End of Sale for ECA certificates. ECA certificate sales and renewals ended on August 16, 2016. Please find below the end of service information including revocation and refunds on ECA certificates.

     

     On September 25, 2017, all ECA subscriber and Trusted Agent ECA certificates will be revoked.

     

  2. Why did Symantec terminate its participation in the DoD ECA program?

    Symantec has participated in the ECA program since 2005 (when it was operated by VeriSign). Like any business, Symantec continuously evaluates the landscape to determine what products should continue, be accelerated or terminated. In doing so, it was determined that ECA was not a good fit for Symantec’s product portfolio.

     

  3. Where can I buy ECA certificates?

    Symantec has worked out an arrangement with IdenTrust, another ECA vendor, to make it easier for you to start buying ECA certificates from IdenTrust. IdenTrust has a reputation for excellent customer service, which we believe will provide customers with a great experience.

 

 

B. Sales

  1. How do I purchase a new certificate from IdenTrust?

    Symantec’s ECA pages have been updated with a link to a page hosted by IdenTrust for Symantec customers. You can purchase ECA certificates from IdenTrust by following this link.  For reference, the link is https://www.identrust.com/symantec/.

     

  2. I purchased a certificate and subsequently lost it. In the past Symantec has provided a free replacement. Can I get my certificate reissued?

    If you lose your certificate and need a replacement prior to November 30, 2016, please contact Symantec ECA support (eca_support@symantec.com) so they can reissue the certificate. After November 30, 2016, Symantec will not be able to reissue any previously issued certificates. You will then need to apply for a new certificate from IdenTrust (https://www.identrust.com/symantec/).
     

  3. I purchased a certificate before August 16, 2016 – but my paperwork was approved after that date. Can I still get a certificate from Symantec?

    In general, orders that are currently in process will be fulfilled.  If you completed a payment for an order that could not be processed by September 30, 2016, you can request a refund. (Please note that your credit card was not charged if Symantec did not complete your order.)  You can request a refund for these orders. Specific refund instructions are forthcoming.

     

  4. Will my tokens/smart cards work with the new vendor or do I need to purchase new ones?

    To ensure 100% compatibility with IdenTrust systems, you must purchase a new token or smart card, which is provided with customized driver software. To decrypt previously encrypted emails and files, store your current token/smart card, which will work with the new customized driver software.

     

  5. How do I renew an existing Symantec ECA certificate?

    ECA certificates cannot be issued or renewed after August 16, 2016. Please use the referral link on the ECA pages to purchase a new certificate from IdenTrust (https://www.identrust.com/symantec/).

     

  6. If I purchase my certificate with IdenTrust, do I have to go through the verification process again?

    Unfortunately, per the DoD ECA Certificate Policy, verification data cannot be transferred between Certificate Authorities. You will need to be verified by IdenTrust.

     

  7. Our company has a Symantec Trusted Agent.What happens now?Does IdenTrust offer similar services?

    Yes, IdenTrust has a comparable Trusted Agent offering. Trusted Agents will need to apply and be verified by IdenTrust at https://www.identrust.com/trustedagent/.

     

  8. If I get a new certificate from IdenTrust, will I need to register the certificate with relying

    parties like JPAS?

    The various relying party systems work differently.  In some cases, systems will validate the ECA certificate and allow the user to have access without re-registering.  Other systems will register the user’s ECA certificate with the relying party access control system; in this case, if a user gets a new certificate, it needs to be re-registered.

     

  9. If I need the ECA Medium Hardware Assurance, does IdenTrust offer identity verification services?

    Contact IdenTrust at (888) 339-8906 for the latest Identity and Authentication locations and to schedule your appointment.  From outside of the United States, please contact IdenTrust at +1 (801) 384-3482.
     

  10. Does IdenTrust support Apple systems?

    IdenTrust supports OSX 10.9 thru 10.11.

     

  11. Who do I contact to get IdenTrust set up as a vendor so we can place an order?

    To get IdenTrust setup as a vendor, please email Registration@IdenTrust.com.  IdenTrust will respond to your inquiry. 

     

  12. Who do I contact at IdenTrust for orders done by purchase order or for bulk orders?

    To purchase five (5) or more certificates, please contact a member of the IdenTrust ECA sales team directly at (866) 299-3335. Alternatively, you may contact the IdenTrust sales team at SymantecECAReferral@IdenTrust.com.

     

  13. If I am outside of the United States in a FVEY country, how will this affect me?

    Five Eyes (or FVEY) refers to the intelligence alliance comprised of Australia, Canada, New Zealand, the United Kingdom and the United States.   IdenTrust has prepared a matrix indicating who can sign the Part 2:  In-Person Identification Form.  You can find this matrix at https://www.identrust.com/pdf/Identity_Verification.pdf

     

  14. I am located outside of the United States and used an ADE last time.If I renew with IdenTrust, what is the process?
    Instructions for applying for a foreign ECA certificate can be found at: 
    https://identrust.com/certificates/eca/step-by-step-medium-token-foreign.html

 

 

C. Support

  1. Will Symantec still provide support for current certificates?

    Symantec will continue to support revocation of ECA certificates until September 25, 2017 for customers that request it. Symantec will also support installation of previously purchased certificates until September 25, 2017.  Please also see answers to questions B2 and B3.

  2. Will I still need my Symantec ECA digital certificate to decrypt archived emails?
    Yes, any emails encrypted with a certificate can only be decrypted by the same certificate. You should securely store your private key until you no longer need to decrypt those emails.

     

  3. How can I recover a key I lost from a Symantec issued certificate?

    Key recovery requests will be accepted until September 25, 2017. No key can be recovered after that date. Please see this link for the key recovery request form:

    https://eca2048.pki.symantec.com/client/KeyRecoveryRequestForm.pdf

     

  4. What kind of support does IdenTrust offer?

    There are a number of ways to contact IdenTrust for support:
    Email: 
    Helpdesk@IdenTrust.com
    Live Chat:  www.IdenTrust.com/chat
    Telephone:

         Within the United States:  (888) 339-8906

         From outside of the United States: +1 (801) 384-3482
    The support team is available Monday through Friday from 1:00 a.m. to 6:00 p.m. (Mountain Time) excluding major holidays.

 

 

D. Refunds

NOTE: If you would like a refund for the remaining validity period left on your ECA certificate, please direct your requests for refunds directly to Symantec and NOT IdenTrust. Refund requests must be submitted by December 1, 2017. Refund requests will not be accepted after this date.

  1. My certificate was/will still be valid at the time of the system shutdown when all certificates are revoked. Can I request a refund for the unexpired time on the certificate?

    Yes.  You can request a refund from Symantec for unexpired time but all refund requests MUST BE RECEIVED BY DECEMBER 1, 2017. REFUND REQUESTS WILL NOT BE ACCEPTED  AFTER THAT TIME. Please submit a refund request via email to: 

    eca-authentication@symantec.com.  Please include the following information:

     

  • Type ECA Refund + Your company name in the subject line
  • First and last name
  • Company name
  • Email address entered during enrollment of the certificates
  • Date you enrolled
  • Date your credit card was billed or state if your credit card has not yet been charged
  • The reason for the refund
  • A copy of the Symantec invoice or sales order number

 

  1. I have tokens / smart cards as part of a bulk purchase that I have not used*.Can I get a refund for those?

    Yes.  You can request a refund from Symantec for unused tokens* but all refund requests MUST BE RECEIVED BY DECEMBER 1, 2017. REFUND REQUESTS WILL NOT BE ACCEPTED AFTER THAT TIME. Please submit a refund request via email to:  eca-authentication@symantec.com.  Please include the following information:

     

  • Type ECA Refund + Your company name in the subject line
  • First and last name
  • Company name
  • Email address entered during enrollment of the certificates
  • Date you enrolled
  • Date your credit card was billed or state if your credit card has not yet been charged
  • The reason for the refund
  • A copy of your Symantec invoice or sales order number

Symantec Customer Support will reply to your request.  Refund orders are processed twice a month; therefore, refunds may take four (4) to six (6) weeks to complete.


*Tokens / smart cards that have certificates already installed cannot be refunded.

 

  1. Can I request a refund for a certificate that is still valid before September 25, 2017?

    Yes, but first, you must revoke your certificate by following the procedure here:
    https://knowledge.symantec.com/support/eca-support/index?page=content&id=SO10446

    Remember, once your certificate is revoked, you can no longer use it.  If you still need the services associated with an ECA certificate, make sure you have obtained a new certificate from IdenTrust before you revoke your current certificate.  You can then request a refund from Symantec for the unexpired time on your certificate. 

     

    For example, if you purchased a 3-year certificate and there are still 2 years of validity remaining, you will receive a refund for the 2-year period.  Please submit your request via email to:  eca-authentication@symantec.com and include the following information:
     

  • Type ECA Refund + Your company name in the subject line
  • First and last name
  • Company name
  • Email address entered during enrollment of the certificates
  • Date you enrolled
  • Date your credit card was billed or state if your credit card has not yet been charged
  • The reason for the refund
  • A copy of your Symantec invoice or sales order number

Symantec Customer Support will reply to your request.  Refund orders are processed twice a month; therefore, refunds may take four (4) to six (6) weeks to complete.

 

  1. I lost my certificate.Can I request a refund, rather than getting a replacement, before September 25, 2017? What if I have previously requested that my certificate be revoked?

    Yes, you can request a refund from Symantec for the unexpired time left on the certificate that was lost or already revoked.  Please email eca-authentication@symantec.com with the following information:

     

  • Type ECA Refund + Your company name in the subject line
  • First and last name
  • Company name
  • Email address entered during enrollment of the certificates
  • Date you enrolled
  • Date your credit card was billed or state if your credit card has not yet been charged
  • The reason for the refund
  • A copy of your Symantec invoice or sales order number

Symantec Customer Support will reply to your request.  Refund orders are processed twice a month; therefore, refunds may take four (4) to six (6) weeks to complete.

 

 

E. Termination

  1. When will the Symantec ECA system be shut off?

    The End of Life date for the Symantec ECA offering is September 25, 2017. All valid certificates will be revoked on that date and placed on the final certificate revocation list.

     

  2. What happens if I still have a valid certificate at that time?

    Any active certificates on September 25, 2017 will be revoked. You may request a refund for unused time remaining on your certificates. See FAQ D1 above

     

  3. If my certificate is revoked and I still need a certificate, what should I do?

    Please contact IdenTrust per FAQ B1 above.

Attachment

Symantec ECA End of Life and Transition FAQ - Updated - 010517.pdf
514K • 2 minute(s) @ 56k, < 1 minute @ broadband


Contact Support

Find Answers