Sectigo CA is changing its SSL Certificate Roots.

Sectigo SSL Certificate Roots are changing as USERTrust Roots.

Sectigo(Formerly Comodo CA), from 14^th January 2019 is changing its roots. All certificates issued and reissued from Sectigo will carry USERTrust Roots. Recently, Comodo CA changed its name to Sectigo hence as the next phase of transition Comodo is exchanging its brand with Sectigo and in the process, it is undertaking these changes.

Let us discuss the Root CAs and intermediaries since all operating systems maintain a Root store also known as trust store which has a set of root certificates which are live on your system, they are used to issue trusted digital certificates like SSL/TLS and signing certificates. So when you visit a website your browser will check the authenticity with the SSL/TLS certificate by tracing the signature on the end user’s SSL/TLS certificate. In case you get an error then the connection fails & if you wish to solve it contact us by clicking on the below link.

The requirements of the root programs are very stringent, as the CAs must undergo audits and review processes before the introduction of new roots since they issue trusted certificates and any compromise would lead to a massive disaster. So, it is much easier to tweak the intermediate rather than the root, also the leaf certificates have a lifespan of a maximum of 27 months.

Sectigo is trying to distance itself from the Comodo brand, hence having Roots and Intermediates that say “Comodo” is not acceptable, let us see how Sectigo will handle this transition from a PKI standpoint given the time it takes getting a root accepted into the various root programs.

So effective 14^th January 2019 Sectigo CA will start using USERTrust Roots CAs instead of Comodo CAs Roots CAs. USERTrust Roots CAs has been in business since 2000 which is likely to expire in 2020 but has been extended up to 2038 with the newer version.

Let us now consider the impact on the existing Comodo & Sectigo customers. Sectigo says they want to assure all customers and partners that this change will happen seamlessly with no action needed, your existing certificates, issuing CAs, and roots will remain active and trusted. Whereby the new Sectigo intermediates will be used to satisfy new requests and renewal requests, and requests that are pending at the time of this transition in turn.

Read the official statement from Sectigo, on Sectigo Root Changes.

Important Points to Know:

• All certificates issued by Sectigo will continue to be trusted globally.
• There is no action required by the customers.
• There is no need to re-issue or replace certificates until expiry.
• All the current Comodo CA and Sectigo CA certificates issued with the old roots will continue to work until expiry.
• Then finally, if you have a branded issuing CA nothing will change with that and all new certificates issued or reissued on and after 14th January 2019 will be provided with new intermediates and roots as USERTrust roots.

Learn detail guide on what is an SSL Certificate chain and work it works.

List of Sectigo SSL certificate