Intermediate certificates - RSA
All subscriber certificates are issued by an Intermediate Certificate. These Intermediate Certificates are issued by our Trusted Root Certificate. We refer to the Intermediate Certificate as the Issuer CA certificate. The Issuer may vary depending upon the type of certificate and we send Intermediate Certificates with the subscriber certificate.
We recommend that you install the Intermediate Certificate on a Server. This will help build the trust chain between Root and End Entity Certificate, hence we call them "chain certificates".
You can also download the required Intermediate Certificate from the table below.
SSL
Domain Validation
[Download] Sectigo RSA Domain Validation Secure Server CA [ Intermediate ]
[Download ] USERTrust RSA Root xSigned using AAA CA [ Cross Signed ]
(Or)
[Download] Sectigo RSA DV Bundle [ Intermediate + Cross Signed ]
Organization Validation
[Download ] Sectigo RSA Organization Validation Secure Server CA [ Intermediate ]
[Download ] USERTrust RSA Root xSigned using AAA CA [ Cross Signed ]
(Or)
[Download] Sectigo RSA OV Bundle [ Intermediate + Cross Signed ]
Extended Validation
[Download] Sectigo RSA Extended Validation Secure Server CA [ Intermediate ]
[Download ] USERTrust RSA Root xSigned using AAA CA [ Cross Signed ]
(Or)
[Download] Sectigo RSA EV Bundle [ Intermediate + Cross Signed ]
Code Signing - Intermediate
- Standard [Download] Sectigo RSA Code Signing CA
- EV Code Sign [Download] Sectigo RSA Extended Validation Code Signing CA
For Code Signing Certificates, issued on or after June 1, 2021
- Standard
- [Download ] Sectigo Public Code Signing CA R36
- [Download ] SectigoPublicCodeSigningRootR46_AAA [ Cross Signed ]
- EV Code Sign
- [Download ] Sectigo Public Code Signing CA EV R36
- [Download ] SectigoPublicCodeSigningRootR46_AAA [ Cross Signed ]
Secure Email
[Download ] Sectigo RSA Client Authentication and Secure Email CA
Root Certificates:
[Download] SHA-2 Root : USERTrust RSA Certification Authority
[Download ] AAA Certificate Services
[Download] SHA-1 Root* : AddTrust External CA Root [ expires after May 30, 2020 ]
Note: Few legacy systems, that no longer receive any updates from their vendor, may not trust our SHA-2 Certificates. To enable them to trust our SHA-2 Certificates, we recommend our customers to include the Cross Signed Certificate into the Server Certificate chain. This will enable those legacy systems to trust our SHA-2 Certificates.
* SHA-1-based signatures for trusted root certificates are not a problem because TLS clients trust them by their identity, rather than by the signature of their hash.
[ ref : https://security.googleblog.com/2014/09/gradually-sunsetting-sha-1.html ]
