Sectigo Root CA

Sectigo CA is changing its SSL Certificate Roots.

user trust Roots are replacing Sectigo SSL Certificate Roots.
Sectigo (formerly Comodo CA) is changing its name as of January 14, 2019. user trust Roots will be included on all certificates issued and reissued by Sectigo. Comodo CA recently changed its name to Sectigo, and as part of the next step of transformation, Comodo is trading its brand with Sectigo and making these adjustments.

Let’s talk about Root CAs and intermediaries, because all operating systems have a Root store, also known as a trust store, that has a set of live root certificates that are used to issue trusted digital certificates like SSL/TLS and signing certificates. When you visit a website, your browser will validate the SSL/TLS certificate’s authenticity by tracing the signature on the end user’s SSL/TLS certificate. If you receive an error, the connection has failed; if you need assistance, please contact us using the link below.

Sectigo root certificate not trusted

The root program’s criteria are quite strict, as CAs must go through audits and review processes before introducing new roots, as they issue trusted certificates and any compromise would result in a catastrophic tragedy. As a result, tweaking the intermediate is significantly easier than tweaking the root, and leaf certificates have a maximum lifespan of 27 months.

Sectigo is attempting to remove itself from the Comodo brand, thus “Comodo” Roots and Intermediates are not allowed. It will be interesting to observe how Sectigo handles this shift from a PKI perspective, considering the time it takes to have a root accepted into the various root programs.

As a result, Sectigo CA will begin employing USERTrust Roots CAs instead of Comodo CAs Roots CAs as on January 14, 2019. The USERTrust Roots CAs have been in operation since 2000, and while the current version is set to expire in 2020, the newer version has been extended until 2038.

Roots of the USERTrust

Let’s look at how this will affect existing Comodo and Sectigo clients. Sectigo wants to reassure all customers and partners that the transition will be easy and that existing certificates, issuing CAs, and roots will continue to be operational and trusted. The new Sectigo intermediates will be utilised to fulfil new and renewal requests, as well as requests that are currently pending at the time of the changeover.

Sectigo’s official announcement on Sectigo Root Changes may be found here.