We bust the certs all the way to the CA. If it's been acquired through "extralegal" methods (an interesting word to not say "illegal", even though we all know it is), no matter who did it, security is compromised.