Knowledge Base

Intermediate certificates - RSA

All subscriber certificates are issued by an Intermediate Certificate. These Intermediate Certificates are issued by our Trusted Root Certificate.  We refer to the Intermediate Certificate as the Issuer CA certificate.  The Issuer may vary depending upon the type of certificate and we send Intermediate Certificates with the subscriber certificate.

We recommend that you install the Intermediate Certificate on a Server. This will help build the trust chain between Root and End Entity Certificate, hence we call them "chain certificates".

You can also download the required Intermediate Certificate from the table below.

SSL

• Domain Validation

[Download] Sectigo RSA Domain Validation Secure Server CA [ Intermediate ]
[Download ] Sectigo RSA Domain Validation Secure Server CA [ CA Bundle+ Cross Signed Certificates]

• Organization Validation

[Download ] Sectigo RSA Organization Validation Secure Server CA [ Intermediate ]
[Download ] Sectigo RSA Organization Validation Secure Server CA [ CA Bundle+Cross Signed Certificates]

• Extended Validation

[Download] Sectigo RSA Extended Validation Secure Server CA [ Intermediate ]
[Download ] Sectigo RSA Extended Validation Secure Server CA [ CA Bundle+Cross Signed Certificates]

Note:  Sometimes, you may not find a matching Intermediate Certificate in the above list. In that case you can easily download the Intermediate Certificate from your domain certificate. Please open the server certificate and check the details tab to see 'Authority Information Access' field, where you can find the URL to download the intermediate certificate.

Code Signing - Intermediate

• Standard
  • [Download ] Sectigo Public Code Signing CA R36
  • [Download  ] SectigoPublicCodeSigningRootR46_USERTrust Root [ Cross Signed ]
• EV Code Sign
  • [Download ] Sectigo Public Code Signing CA EV R36
  • [Download  ] SectigoPublicCodeSigningRootR46_USERTrust Root [ Cross Signed ]

 

Secure Email

[Download ] Sectigo RSA Client Authentication and Secure Email CA

 

Entrust Issuing CAs 

[Download] Entrust DV TLS Issuing RSA CA 2

[Download] Entrust OV TLS Issuing RSA CA 2

[Download] Entrust EV TLS Issuing RSA CA 2

Additional Download: Recommended to import 'Sectigo Public Server Authentication Root R46 x USERTrust RSA CA' cross signed root certificate on the certificate chain. This certificate can be downloaded from the 'Cross Signed Root Certificates' Section on this page.

 

Cross Signed Root Certificates:

[Download] Sectigo Public Server Authentication Root R46 x USERTrust RSA CA 

Root Certificates:

[Download] SHA-2 Root : USERTrust RSA Certification Authority
[Download] AAA Certificate Services 
[Download] Sectigo Public Server Authentication Root R46

 

* SHA-1-based signatures for trusted root certificates are not a problem because TLS clients trust them by their identity, rather than by the signature of their hash.
[ ref : https://security.googleblog.com/2014/09/gradually-sunsetting-sha-1.html ]