Have a question or solution? Post it at the SSL.com IT Security Q&A community site. All visitors welcome and it's FREE!

SSL Installation Support

Knowledge base and troubleshooting guides for ssl installation issues

Knowledgebase
Which is Root? Which is Intermediate?
Posted by Leonard Grove on 01 September 2011 04:48 PM
Question: I have received one or more files in my .zip file from SSL.com. How do I know which is which?

Answer: You will receive a .zip file from us containing: Root, Intermediate(s), and domain/end-entity certificate. The name(s) of the file(s) will depend on the type of certificate you obtain from us and the server software that was selected during purchase.

Current Comodo Certificate Hierarchies


» Code Signing
    » Root: AddTrustExternalCARoot.crt
    » Intermediate 1: UTNAddTrustObject_CA.crt
    » Intermediate 2: COMODOCodeSigningCA.crt
    » Your Code Signing Certificate

» EV/EV SGC SSL
    » Root: AddTrustExternalCARoot.crt
    » Intermediate 1: COMODOAddTrustServerCA.crt
    » Intermediate 2: COMODOExtendedValidationSecureServerCA.crt
    » End-Entity/Domain Certificate

» EssentialSSL / Free Certificate
    » Root: AddTrustExternalCARoot.crt
    » Intermediate 1: UTNAddTrustSGCCA.crt
    » Intermediate 2: ComodoUTNSGCCA.crt
    » Intermediate 3: EssentialSSLCA_2.crt
    » End-Entity/Domain Certificate

» InstantSSL/IntranetSSL/EnterpriseSSL
    » Root: AddTrustExternalCARoot.crt
    » Intermediate: ComodoHigh-AssuranceSecureServerCA.crt
    » End-Entity/Domain Certificate

» PositiveSSL
    » Root: AddTrustExternalCARoot.crt
    » Intermediate 1: UTNAddTrustServerCA.crt
    » Intermediate 2: PositiveSSLCA.crt
    » End-Entity/Domain Certificate

» UCC/Legacy
    » Root: EntrustSecureServerCA.crt
    » Intermediate: USERTrustLegacySecureServerCA.crt
    » End-Entity/Domain Certificate

Previous Certificate Hierarchies used by Comodo


Prior to 2 June 2011
» Code Signing
    » Root: UTN-USERFirst-Object.crt
    » Your Code Signing Certificate

Prior to 26 May 2010
» EV/EV SGC SSL
    » Root: AddTrustExternalCARoot.crt
    » Intermediate 1: UTNAddTrustSGCCA.crt
    » Intermediate 2: ComodoUTNSGCCA.crt
    » Intermediate 3: ComodoEVSGCCA.crt
    » End-Entity/Domain Certificate

Used between 19 March 2009 and 26 May 2010

» InstantSSL/IntranetSSL/EnterpriseSSL
    » Root: AddTrustExternalCARoot.crt
    » Intermediate 1: UTNAddTrustSGCCA.crt
    » Intermediate 2: ComodoUTNSGCCA.crt
    » Intermediate 3: ComodoHighAssuranceSecureServerCA.crt
    » End-Entity/Domain Certificate

Prior to 1 Dec 2009

» UCC/Legacy
    » Root: EntrustSecureServerCA.crt
    » Intermediate: AAACertificateServices_2.crt
    » End-Entity/Domain Certificate

Prior to 19 March 2009

» Instant/Enterprise SSL
    » Root: AddTrustExternalCARoot.crt
    » Intermediate: UTNAddTrustServerCA.crt
    » End-Entity/Domain Certificate

Note:

  1. IIS 4.x and up can use a .cer file. This file contains: Root, Intermediates, and domain certificate; all rolled into one file.

  2. IIS 6.x and up will accept a .crt(end-entity/domain certificate) file, but Root and Intermediate(s) will need to be installed manually.

  3. Apache makes use of a .ca-bundle file. This file contains the Intermediate(s) and sometimes Root certificates in a single file.
(8 votes)
This article was helpful
This article was not helpful

Comments (0)
Post a new comment 
 
Full Name:
Email:
Comments:
©2013 SSL CORP ALL RIGHTS RESERVED.