Free Trial
Contact Us

FAQs

FAQsSSL

Sectigo Public Intermediates and Roots

Updated on June 25, 2025

Intermediate CA (Issuing CA):

 

For SMIME Intermediate (Until March 1st, 2025)

RSA: Sectigo RSA Client Authentication and Secure Email CA (https://crt.sh/?d=924467858)

ECC: Sectigo ECC Client Authentication and Secure Email CA (https://crt.sh/?d=924467856)

SMIME Intermediate (After March 1st, 2025)

RSA: Sectigo Public Email Protection CA R36 (https://crt.sh/?d=4267304694)

ECC: Sectigo Public Email Protection CA E36 (https://crt.sh/?d=4267304699)

 

DV TLS Intermediate (until June 2, 2025)

RSA: Sectigo RSA Domain Validation Secure Server CA (https://crt.sh/?d=924467861)

ECC: Sectigo ECC Domain Validation Secure Server CA (https://crt.sh/?d=924467852)

DV TLS Intermediate (After June 2, 2025)

RSA: Sectigo Public Server Authentication CA DV R36 (https://crt.sh/?d=4267304690)

ECC: Sectigo Public Server Authentication CA DV E36 (https://crt.sh/?d=4267304693)

 

OV TLS Intermediate (Until May 15, 2025)
RSA: Sectigo RSA Organization Validation Secure Server CA (https://crt.sh/?d=924467857) 

ECC: Sectigo ECC Organization Validation Secure Server CA (https://crt.sh/?d=924467859)

 

OV TLS Intermediate (After May 15, 2025)

RSA: Sectigo Public Server Authentication CA OV R36 (https://crt.sh/?d=4267304698)

ECC: Sectigo Public Server Authentication CA OV E36 (https://crt.sh/?d=4267304689)

 

EV TLS Intermediate (Until April 15, 2025)

RSA: Sectigo RSA Extended Validation Secure Server CA (https://crt.sh/?d=924467854)

ECC: Sectigo ECC Extended Validation Secure Server CA (https://crt.sh/?d=924467862)

 

EV TLS Intermediate (After April 15, 2025)

RSA: Sectigo Public Server Authentication CA EV R36 (https://crt.sh/?d=4267304687)

ECC: Sectigo Public Server Authentication CA EV E36 (https://crt.sh/?d=4267304692)

 

 

Root CAs :

SMIME (Until March 1st, 2025)

RSA: USERTrust RSA Certification Authority (https://crt.sh/?d=1199354)

ECC: USERTrust ECC Certification Authority (https://crt.sh/?d=2841410)

 

SMIME (After March 1st. 2025)

RSA: Sectigo Public Email Protection Root R46 (https://crt.sh/?d=4256644602)

 ECC: Sectigo Public Email Protection Root E46 (https://crt.sh/?d=4256644601)

 

DV TLS Root CA (until June 2, 2025)

RSA: USERTrust RSA Certification Authority (https://crt.sh/?d=1199354)

ECC: USERTrust ECC Certification Authority (https://crt.sh/?d=2841410)

 

DV TLS Roots (After June 2, 2025)

RSA: Sectigo Public Server Authentication Root R46 (https://crt.sh/?d=4256644734)

ECC: Sectigo Public Server Authentication Root E46 (https://crt.sh/?d=4256644603)

 

OV TLS Roots (Until May 15, 2025)

RSA: USERTrust RSA Certification Authority (https://crt.sh/?d=1199354)

ECC: USERTrust ECC Certification Authority (https://crt.sh/?d=2841410)

 

OV TLS Roots (After May 15, 2025)

RSA: Sectigo Public Server Authentication Root R46 (https://crt.sh/?d=4256644734)

ECC: Sectigo Public Server Authentication Root E46 (https://crt.sh/?d=4256644603)

 

EV TLS Roots (until April 15, 2025)

RSA: USERTrust RSA Certification Authority (https://crt.sh/?d=1199354)

ECC: USERTrust ECC Certification Authority (https://crt.sh/?d=2841410)

 

EV TLS Roots (After April 15, 2025)

RSA: Sectigo Public Server Authentication Root R46 (https://crt.sh/?d=4256644734)

ECC: Sectigo Public Server Authentication Root E46 (https://crt.sh/?d=4256644603)

 

 

Code signing:
RSA: OV Sectigo Public Code Signing CA R36 Download

RSA: OV SectigoPublicCodeSigningRootR46_USERTrust Root [Cross Signed ] Download

RSA:: EV Sectigo Public Code Signing CA EV R36 Download

RSA: SectigoPublicCodeSigningRootR46_USERTrust Root [ Cross Signed ] Download

 

Legacy AAA Root

AAA Certificate Services [Download ]

USERTrustRSAAAACA (Cross Sign) [Download ]

 

 

All our new Root CAs, have been cross-signed by both of our long-standing Root CAs:

  • AAA Certificate Services
  • USERTrust RSA Certification Authority (For RSA)

Through these cross-signings, we extend the ubiquity of the new Root CAs, so they are also trusted on legacy systems that may not know about these new CA certificates but do know about the long standing Root CAs mentioned above.

CAs often control multiple root certificates, and generally the older the root the more widely distributed it is on older platforms. In order to take advantage of this fact, CAs generate cross certificates to ensure that their certificates are as widely supported as possible. A cross certificate is where one root certificate is used to sign another.

The cross certificate uses the same public key and Subject as the root being signed.

Please refer to the attached Sectigo Hierarchy document for additional information. 

 


 

Attachments

New OV Sectigo Public CA Bundle (May 19, 2025)
Sectigo CA Hierarchy (May 19, 2025)

Need help?

Need help making a purchase? Contact us today to get your certificate issued right away.

Live chat

Click the button below or click "Chat with an Expert" to start chatting with us now!

Start Chat

Call us today

United States
+1 888 266 6361
France
+33 3 66 72 95 95
Italy
+39 02 4792 1708
Spain
+34 900 838 451
Germany
+49 800 1002328
International
+1 914 732 844

Resources