CA Bundle file contains root and intermediate certificates. These certificates build the chain of trust for your domain certificate.
The Bundle files differ by the validation level of your certificate and the key type in the CSR you used to activate your certificate.
The CA Bundle file can be downloaded from your SSLs.com account. The CA Bundle file has .ca-bundle extension.
Alternatively, feel free to use the CA Bundle files from this article.
Sectigo Public Server Authentication Bundle
Domain Validation Bundles
RSA
Contains the following certificates:
- DV RSA TLS Intermediate: Sectigo Public Server Authentication CA DV R36
- RSA TLS Root: Sectigo Public Server Authentication Root R46
Depending on the case, you may also use one of the following versions of the signing certificates for your bundle instead of the RSA TLS Root:
(Version 1)
- RSA TLS Cross-Signed Intermediate: Sectigo Public Server Authentication Root R46xUSERTrust
- RSA TLS Old Root: USERTrust RSA Certification Authority
(Version 2)
- RSA TLS Cross-Signed Intermediate: Sectigo Public Server Authentication Root R46xAAA
- RSA TLS Old Root: AAA Certificate Services
ECC
Contains the following certificates:
- DV ECC TLS Intermediate: Sectigo Public Server Authentication CA DV E36
- ECC TLS Root: Sectigo Public Server Authentication Root E46
Depending on the case, you may also use one of the following versions of the signing certificates for your bundle instead of the ECC TLS Root:
(Version 1)
- ECC TLS Cross-Signed Intermediate: Sectigo Public Server Authentication Root E46xUSERTrust
- ECC TLS Old Root: USERTrust ECC Certification Authority
(Version 2)
- ECC TLS Cross-Signed Intermediate: Sectigo Public Server Authentication Root E46xAAA
- ECC TLS Old Root: AAA Certificate Services
Organization Validation Bundles
RSA
Contains the following certificates:
- OV RSA TLS Intermediate: Sectigo Public Server Authentication CA OV R36
- RSA TLS Root: Sectigo Public Server Authentication Root R46
Depending on the case, you may also use one of the following versions of the signing certificates for your bundle instead of the RSA TLS Root:
(Version 1)
- RSA TLS Cross-Signed Intermediate: Sectigo Public Server Authentication Root R46xUSERTrust
- RSA TLS Old Root: USERTrust RSA Certification Authority
(Version 2)
- RSA TLS Cross-Signed Intermediate: Sectigo Public Server Authentication Root R46xAAA
- RSA TLS Old Root: AAA Certificate Services
ECC
Contains the following certificates:
- OV ECC TLS Intermediate: Sectigo Public Server Authentication CA OV E36
- ECC TLS Root: Sectigo Public Server Authentication Root E46
Depending on the case, you may also use one of the following versions of the signing certificates for your bundle instead of the ECC TLS Root:
(Version 1)
- ECC TLS Cross-Signed Intermediate: Sectigo Public Server Authentication Root E46xUSERTrust
- ECC TLS Old Root: USERTrust ECC Certification Authority
(Version 2)
- ECC TLS Cross-Signed Intermediate: Sectigo Public Server Authentication Root E46xAAA
- ECC TLS Old Root: AAA Certificate Services
Extended Validation Bundles
RSA
Contains the following certificates:
EV RSA TLS Intermediate: Sectigo Public Server Authentication CA EV R36
RSA TLS Root: Sectigo Public Server Authentication Root R46
Depending on the case, you may also use one of the following versions of the signing certificates for your bundle instead of the RSA TLS Root:
(Version 1)
RSA TLS Cross-Signed Intermediate: Sectigo Public Server Authentication Root R46xUSERTrust
RSA TLS Old Root: USERTrust RSA Certification Authority
(Version 2)
RSA TLS Cross-Signed Intermediate: Sectigo Public Server Authentication Root R46xAAA
RSA TLS Old Root: AAA Certificate Services
ECC
Contains the following certificates:
EV ECC TLS Intermediate: Sectigo Public Server Authentication CA EV E36
ECC TLS Root: Sectigo Public Server Authentication Root E46
Depending on the case, you may also use one of the following versions of the signing certificates for your bundle instead of the ECC TLS Root:
(Version 1)
ECC TLS Cross-Signed Intermediate: Sectigo Public Server Authentication Root E46xUSERTrust
ECC TLS Old Root: USERTrust ECC Certification Authority
(Version 2)
ECC TLS Cross-Signed Intermediate: Sectigo Public Server Authentication Root E46xAAA
ECC TLS Old Root: AAA Certificate Services
Sectigo Secure Server CA Bundle under SHA2 USERTrust Root (legacy)
Domain Validation
Contains “Sectigo RSA Domain Validation Secure Server CA”/”Sectigo ECC Domain Validation Secure Server CA” intermediate certificate (depending on the key encryption method), signed by “USERTrust RSA Certification Authority” SHA-2 root certificate.
Organization Validation
Contains “Sectigo RSA Organization Validation Secure Server CA”/”Sectigo ECC Organization Validation Secure Server CA” intermediate certificate (depending on the key encryption method), signed by “USERTrust RSA Certification Authority” SHA-2 root certificate.
Extended Validation
Contains “Sectigo RSA Extended Validation Secure Server CA”/”Sectigo ECC Extended Validation Secure Server CA” intermediate certificate (depending on the key encryption method), signed by “USERTrust RSA Certification Authority” SHA-2 root certificate.
Sectigo Secure Server CA Bundle under AAA Certificate Services Root (legacy)
These Bundles may be used on some legacy systems.
Domain Validation
Contains “Sectigo RSA Domain Validation Secure Server CA”/”Sectigo ECC Domain Validation Secure Server CA”, signed by “USERTrust RSA Certification Authority” (new)/USERTrust ECC Certification Authority” (new), cross-signed by “AAA Certificate Services”.
Organization Validation
Contains “Sectigo RSA Organization Validation Secure Server CA”/”Sectigo ECC Organization Validation Secure Server CA”, signed by “USERTrust RSA Certification Authority” (new)/USERTrust ECC Certification Authority” (new), cross-signed by “AAA Certificate Services”.
Extended Validation
Contains “Sectigo RSA Extended Validation Secure Server CA”/”Sectigo ECC Extended Validation Secure Server CA”, signed by “USERTrust RSA Certification Authority” (new)/USERTrust ECC Certification Authority” (new), cross-signed by “AAA Certificate Services”.
Comodo SHA2 Bundle under SHA2 Root (legacy)
These might still be needed for some systems if ‘Comodo’ Bundle is required particularly.