Intermediate CA (Issuing CA):
SMIME Intermediate
RSA: Sectigo Public Email Protection CA R36 (https://crt.sh/?d=4267304694)
ECC: Sectigo Public Email Protection CA E36 (https://crt.sh/?d=4267304699)
DV TLS Intermediate
RSA: Sectigo Public Server Authentication CA DV R36 (https://crt.sh/?d=4267304690)
ECC: Sectigo Public Server Authentication CA DV E36 (https://crt.sh/?d=4267304693)
OV TLS Intermediate
RSA: Sectigo Public Server Authentication CA OV R36 (https://crt.sh/?d=4267304698)
ECC: Sectigo Public Server Authentication CA OV E36 (https://crt.sh/?d=4267304689)
EV TLS Intermediate
RSA: Sectigo Public Server Authentication CA EV R36 (https://crt.sh/?d=4267304687)
ECC: Sectigo Public Server Authentication CA EV E36 (https://crt.sh/?d=4267304692)
Root CAs:
SMIME Roots
RSA: Sectigo Public Email Protection Root R46 (https://crt.sh/?d=4256644602)
ECC: Sectigo Public Email Protection Root E46 (https://crt.sh/?d=4256644601)
DV TLS Roots
RSA: Sectigo Public Server Authentication Root R46 (https://crt.sh/?d=4256644734)
ECC: Sectigo Public Server Authentication Root E46 (https://crt.sh/?d=4256644603)
OV TLS Roots
RSA: Sectigo Public Server Authentication Root R46 (https://crt.sh/?d=4256644734)
ECC: Sectigo Public Server Authentication Root E46 (https://crt.sh/?d=4256644603)
EV TLS Roots
RSA: Sectigo Public Server Authentication Root R46 (https://crt.sh/?d=4256644734)
ECC: Sectigo Public Server Authentication Root E46 (https://crt.sh/?d=4256644603)
Code signing Roots:
RSA: OV Sectigo Public Code Signing CA R36 Download
RSA: OV SectigoPublicCodeSigningRootR46_USERTrust Root [Cross Signed ] Download
RSA:: EV Sectigo Public Code Signing CA EV R36 Download
RSA: SectigoPublicCodeSigningRootR46_USERTrust Root [ Cross Signed ] Download
Legacy AAA Root
AAA Certificate Services [Download ]
USERTrustRSAAAACA (Cross Sign) [Download ]
All our new Root CAs, have been cross signed by both of our long-standing Root CAs:
- AAA Certificate Services
- USERTrust RSA Certification Authority (For RSA)
- USERTrust ECC Certification Authority (For ECC)
Cross sign Intermediate OV (Sectigo Public Server Authentication Root R46): https://crt.sh/?d=11405654893
New Public OV CA Bundle: New OV public CA Bundle download
Through these cross-signings, we extend the ubiquity of the new Root CAs, so they are also trusted on legacy systems that may not know about these new CA certificates but do know about the long-standing Root CAs mentioned above.
CAs often control multiple root certificates, and generally the older the root, the more widely distributed it is on older platforms. In order to take advantage of this fact, CAs generate cross certificates to ensure that their certificates are as widely supported as possible. A cross certificate is where one root certificate is used to sign another.
The cross certificate uses the same public key and Subject as the root being signed.
For more information about the Sectigo Root and Issuing CA Hierarchy, please refer to the below:
https://www.sectigo.com/knowledge-base/detail/Sectigo-new-Public-Roots-and-Issuing-CAs-Hierarchy/kA0Uj0000004IrB
Please refer to the attached Sectigo Hierarchy document for additional information.
