If there is a contract between DigiCert & Alegeus Technologies, stating that DigiCert could potentially revoke contracts within 24h and Alegeus client contracts state that clients have more than 24h to deal with expired certs, then I feel like it's Alegeus problem, who over-promised to their clients and should have carefully read their contracts.
More to the point, Alegeus should have a system in place that can re-issue certificates within 24 hours since that is the timetable that their registrar works under.
The lawsuit smells like them trying to buy time to fix their IT problems. Even if it loses or gets tossed out all they needed was that preliminary injunction. It's really sucky for DigiCert who have to choose which party to anger, the courts or the browser manufacturers, just because this healthcare company doesn't have its act together.
> The Service Specific Terms are incorporated by reference into this Agreement
> “Service Specific Terms” mean additional terms specific to certain Services as set forth at
www.digicert.com/service-specific-terms, which are incorporated herein to the extent applicable to any specific Services procured by Customer hereunder (which includes the Certificate Terms of Use with respect to Customer’s use of any Certificates).
> The Certificate Terms of Use available at www.digicert.com/certificate-terms (the “Certificate Terms of Use”) apply to Certificates other than Qualified Certificates and PKIoverheid Certificates requested or issued by Customer. The applicable Certificate Terms of Use are incorporated herein by reference.
> DigiCert may revoke a Certificate without notice for the reasons stated in the CPS, including if DigiCert reasonably believes that:
> Industry Standards or DigiCert’s CPS require Certificate revocation, or revocation is necessary to protect the rights, confidential information, operations, or reputation of DigiCert or a third party.
