Where do I get a CA Bundle file?

CA Bundle file contains root and intermediate certificates. These certificates build the chain of trust for your domain certificate.

The Bundle files differ by the validation level of your certificate and the key type in the CSR you used to activate your certificate.

The CA Bundle file can be downloaded from your SSLs.com account. The CA Bundle file has .ca-bundle extension.
Alternatively, feel free to use the CA Bundle files from this article.

Sectigo Public Server Authentication Bundle

Domain Validation

RSA

• DV RSA Intermediate Secure Server R36
• DV RSA Root USERTrust R36

ECC

• DV ECC Intermediate Secure Server R36
• DV ECC Root USERTrust R36

Organization Validation

RSA

• OV RSA Intermediate Secure Server R36
• OV RSA Root USERTrust R36

ECC

• OV ECC Intermediate Secure Server R36
• OV ECC Root USERTrust R36

Extended Validation

RSA

• EV RSA Intermediate Secure Server R36
• EV RSA Root USERTrust R36

ECC

• EV ECC Intermediate Secure Server R36
• EV ECC Root USERTrust R36

Sectigo Secure Server CA Bundle under SHA2 USERTrust Root (legacy)

Domain Validation

Contains “Sectigo RSA Domain Validation Secure Server CA”/”Sectigo ECC Domain Validation Secure Server CA” intermediate certificate (depending on the key encryption method), signed by “USERTrust RSA Certification Authority” SHA-2 root certificate.

• Sectigo RSA DV SHA2 Bundle under SHA2 root
• Sectigo ECC DV SHA2 Bundle under SHA2 root

Organization Validation

Contains “Sectigo RSA Organization Validation Secure Server CA”/”Sectigo ECC Organization Validation Secure Server CA” intermediate certificate (depending on the key encryption method), signed by “USERTrust RSA Certification Authority” SHA-2 root certificate.

• Sectigo RSA OV SHA2 Bundle under SHA2 root
• Sectigo ECC OV SHA2 Bundle under SHA2 root

Extended Validation

Contains “Sectigo RSA Extended Validation Secure Server CA”/”Sectigo ECC Extended Validation Secure Server CA” intermediate certificate (depending on the key encryption method), signed by “USERTrust RSA Certification Authority” SHA-2 root certificate.

• Sectigo RSA EV SHA2 Bundle under SHA2 root
• Sectigo ECC EV SHA2 Bundle under SHA2 root

Sectigo Secure Server CA Bundle under AAA Certificate Services Root (legacy)

These Bundles may be used on some legacy systems.

Domain Validation

Contains “Sectigo RSA Domain Validation Secure Server CA”/”Sectigo ECC Domain Validation Secure Server CA”, signed by “USERTrust RSA Certification Authority” (new)/USERTrust ECC Certification Authority” (new), cross-signed by “AAA Certificate Services”.

• RSA DV Bundle with new Root
• ECC DV Bundle with new Root

Organization Validation

Contains “Sectigo RSA Organization Validation Secure Server CA”/”Sectigo ECC Organization Validation Secure Server CA”, signed by “USERTrust RSA Certification Authority” (new)/USERTrust ECC Certification Authority” (new), cross-signed by “AAA Certificate Services”.

• RSA OV Bundle with new Root
• ECC OV Bundle with new Root

Extended Validation

Contains “Sectigo RSA Extended Validation Secure Server CA”/”Sectigo ECC Extended Validation Secure Server CA”, signed by “USERTrust RSA Certification Authority” (new)/USERTrust ECC Certification Authority” (new), cross-signed by “AAA Certificate Services”.

• RSA EV Bundle with new Root
• ECC EV Bundle with new Root

Comodo SHA2 Bundle under SHA2 Root (legacy)

These might still be needed for some systems if ‘Comodo’ Bundle is required particularly.

Domain Validation

• COMODO RSA DV SSL bundle
• COMODO ECC DV SSL bundle

Organization Validation

• COMODO RSA OV SSL bundle
• COMODO ECC OV SSL bundle

Extended Validation

• COMODO RSA EV SSL bundle
• COMODO ECC EV SSL bundle