Knowledge Base

Which is Root? Which is Intermediate?

May 25, 2018 in SHA 1 and SHA 2

SHA-2

SHA-1 (Legacy)

Product

Certification Path (Hierarchy)

Certification Path (Hierarchy)

EV
[ inc. EV SGC & Multi-Domain ]

UserTrust / AddTrust External Root

COMODO RSA Certification Authority
COMODO RSA Extended Validation Secure Server CA
End-Entity/Domain Certificate

Download Files

UserTrust / AddTrust External Root

COMODO Certification Authority
COMODO Extended Validation Secure Server CA
End-Entity/Domain Certificate

Download Files

EnterpriseSSL/InstantSSL/PremiumSSL
[ inc. Unified Communications (UCC) & IntranetSSL]

UserTrust / AddTrust External Root

COMODO RSA Certification Authority
COMODO RSA Organization Validation Secure Server CA
End-Entity/Domain Certificate

Download Files

UserTrust / AddTrust External Root

COMODO High-Assurance Secure Server CA
End-Entity/Domain Certificate

Download Files

ComodoSSL
[ inc. ComodoSSL Wildcard & ComodoSSL UCC ]

UserTrust / AddTrust External Root

COMODO RSA Certification Authority
COMODO RSA Domain Validation Secure Server CA
End-Entity/Domain Certificate

Download Files

UserTrust / AddTrust External Root

COMODO SSL CA
End-Entity/Domain Certificate

Download Files

EssentialSSL
[ inc. EssentialSSL Wildcard / FreeSSL ]

UserTrust / AddTrust External Root

COMODO RSA Certification Authority
COMODO RSA Domain Validation Secure Server CA
End-Entity/Domain Certificate

Download Files

UserTrust / AddTrust External Root

UTN - DATACorp SGC
COMODO Certification Authority
EssentialSSL CA
End-Entity/Domain Certificate

Download Files

PositiveSSL
[ inc. PositiveSSL Wildcard & Multi-Domain]

UserTrust / AddTrust External Root

COMODO RSA Certification Authority
COMODO RSA Domain Validation Secure Server CA
End-Entity/Domain Certificate

Download Files

UserTrust / AddTrust External Root

PositiveSSL CA 2
End-Entity/Domain Certificate

Download Files

Code Signing

UserTrust / AddTrust External Root

COMODO RSA Certification Authority
COMODO RSA Code Signing CA
Code Signing Certificate

Download Files

UserTrust / AddTrust External Root

UTN-USERFirst-Object
COMODO Code Signing CA 2
Code Signing Certificate

Download Files

SHA-2

SHA-1 (Legacy)

Product

Certification Path (Hierarchy)

Certification Path (Hierarchy)

InCommon SSL

UserTrust / AddTrust External Root

USERTrust RSA Certification Authority
InCommon RSA Server CA
End-Entity/Domain Certificate Certificate

Download Files

UserTrust / AddTrust External Root

InCommon Server CA
End-Entity/Domain Certificate Certificate

Download Files

InCommon Code Signing

UserTrust / AddTrust External Root

USERTrust RSA Certification Authority
InCommon RSA Code Signing CA
Code Signing Certificate

Download Files

UserTrust / AddTrust External Root

InCommon Code Signing CA
Code Signing Certificate

Download Files

Additional Notes:

  • IIS 4.x and up can use a .cer file.
    This file contains: Root, Intermediates, and domain certificate; all rolled into one file (PKCS#7).

  • IIS 6.x and up will accept a .crt (end-entity/domain certificate) file, but Root and Intermediate(s) will need to be installed manually.

  • Apache makes use of a SSLCertificateChainFile in which we give it a file extension of .ca-bundle file.
    This file contains the Intermediate(s) and sometimes Root certificates in a single file.

  • Some Sectigo Partners have their own Sectigo certificate hierarchies. If you are unsure of your certificate hierarchy, please contact support

Related articles