Knowledge Base
What are Sectigo's new RSA and ECC root and intermediate certificates (2025)?
Overview
Sectigo introduced a new set of RSA (Rivest–Shamir–Adleman) and ECC (Elliptic Curve Cryptography) root and intermediate certificates in 2025 to align with evolving security standards and maintain trust across major platforms and browsers. This article lists the root and intermediate certificates for server authentication (SSL/TLS), email protection (S/MIME, Secure/Multipurpose Internet Mail Extensions), and code signing — including the Domain Validation (DV), Organization Validation (OV), and Extended Validation (EV) chains, with and without cross-signing. You can download each certificate from the links your administrator portal provides.
How to read these tables
Each table shows the certificate chain for one root. A chain can be presented three ways: cross-signed to USERTrust, cross-signed to AAA Certificate Services, or without cross-signing. A cross-signed chain links a newer root to an older, widely trusted Certificate Authority (CA) so the chain is trusted on as many systems as possible.
Server authentication (SSL/TLS) — RSA root: Sectigo Public Server Authentication Root R46
Server authentication (SSL/TLS) — ECC root: Sectigo Public Server Authentication Root E46
|
Certificate type |
Cross-signed to USERTrust ECC Certification Authority |
Cross-signed to AAA Certificate Services |
Without cross-signing |
|
Domain Validation (DV) |
Sectigo Public Server Authentication CA DV E36 |
Sectigo Public Server Authentication CA DV E36 |
Sectigo Public Server Authentication CA DV E36 |
|
Organization Validation (OV) |
Sectigo Public Server Authentication CA OV E36 |
Sectigo Public Server Authentication CA OV E36 |
Sectigo Public Server Authentication CA OV E36 |
|
Extended Validation (EV) |
Sectigo Public Server Authentication CA EV E36 |
Sectigo Public Server Authentication CA EV E36 |
Sectigo Public Server Authentication CA EV E36 |
S/MIME RSA and ECC
|
Certificate family |
Cross-signed to USERTrust |
Cross-signed to AAA Certificate Services |
Without cross-signing |
|
S/MIME - RSA |
Sectigo Public Email Protection CA R36 |
Sectigo Public Email Protection CA R36 |
Sectigo Public Email Protection CA R36 |
|
S/MIME - ECC |
Sectigo Public Email Protection CA E36 |
Sectigo Public Email Protection CA E36 |
Sectigo Public Email Protection CA E36 |
Code signing — RSA root: Sectigo Public Code Signing Root R46
|
Certificate type |
Cross-signed to USERTrust RSA Certification Authority |
Cross-signed to AAA Certificate Services |
Without cross-signing |
|
Organization Validation (OV) |
OV Sectigo Public Code Signing CA R36 |
OV Sectigo Public Code Signing CA R36 |
OV Sectigo Public Code Signing CA R36 |
|
Extended Validation (EV) |
Sectigo Public Code Signing CA EV R36 |
Sectigo Public Code Signing CA EV R36 |
Sectigo Public Code Signing CA EV R36 |
Code signing — ECC root: Sectigo Public Code Signing Root E46
|
Certificate type |
Cross-signed to USERTrust ECC Certification Authority |
Cross-signed to AAA Certificate Services |
Without cross-signing |
|
ECC |
Sectigo Public Code Signing CA E36 |
Sectigo Public Code Signing CA E36 |
Sectigo Public Code Signing CA E36 |
Similar questions
- Where do I download Sectigo's new RSA and ECC root certificates?
- Which Sectigo intermediate certificate do I use for an SSL/TLS, S/MIME, or code signing certificate?
- What is the difference between a cross-signed and a non-cross-signed Sectigo chain?
Need assistance?
Contact our team for help with your purchase or issuing your certificate.
Live chat
Click the button below or click "Chat with an Expert" to start chatting with us now!
