Where do I get a CA Bundle file?

CA Bundle file contains root and intermediate certificates. These certificates build the chain of trust for your domain certificate.

The Bundle files differ by the validation level of your certificate and the key type in the CSR you used to activate your certificate.

The CA Bundle file can be downloaded from your SSLs.com account. The CA Bundle file has .ca-bundle extension.
Alternatively, feel free to use the CA Bundle files from this article.

New Sectigo CA Bundles

Domain Validation

RSA

• DV RSA Intermediate Secure Server R36
• DV RSA Root USERTrust R36

ECC

• DV ECC Intermediate Secure Server R36
• DV ECC Root USERTrust R36

Organization Validation

RSA

• OV RSA Intermediate Secure Server R36
• OV RSA Root USERTrust R36

ECC

• OV ECC Intermediate Secure Server R36
• OV ECC Root USERTrust R36

Extended Validation

RSA

• EV RSA Intermediate Secure Server R36
• EV RSA Root USERTrust R36

ECC

• EV ECC Intermediate Secure Server R36
• EV ECC Root USERTrust R36

Legacy Sectigo and Comodo CA Bundles

Sectigo SHA2 Bundles under SHA2 root (not cross-signed)

These are now the default Bundles provided in the fulfillment emails and available for download in the account panel.

Domain Validation

Contains “Sectigo RSA Domain Validation Secure Server CA”/”Sectigo ECC Domain Validation Secure Server CA” intermediate certificate (depending on the key encryption method), signed by “USERTrust RSA Certification Authority” SHA-2 root certificate.

• Sectigo RSA DV SHA2 Bundle under SHA2 root
• Sectigo ECC DV SHA2 Bundle under SHA2 root

Organization Validation

Contains “Sectigo RSA Organization Validation Secure Server CA”/”Sectigo ECC Organization Validation Secure Server CA” intermediate certificate (depending on the key encryption method), signed by “USERTrust RSA Certification Authority” SHA-2 root certificate.

• Sectigo RSA OV SHA2 Bundle under SHA2 root
• Sectigo ECC OV SHA2 Bundle under SHA2 root

Extended Validation

Contains “Sectigo RSA Extended Validation Secure Server CA”/”Sectigo ECC Extended Validation Secure Server CA” intermediate certificate (depending on the key encryption method), signed by “USERTrust RSA Certification Authority” SHA-2 root certificate.

• Sectigo RSA EV SHA2 Bundle under SHA2 root
• Sectigo ECC EV SHA2 Bundle under SHA2 root

Sectigo Bundles Cross-signed with AAA Root

These Bundles may be used on some legacy systems.

Domain Validation

Contains “Sectigo RSA Domain Validation Secure Server CA”/”Sectigo ECC Domain Validation Secure Server CA”, signed by “USERTrust RSA Certification Authority” (new)/USERTrust ECC Certification Authority” (new), cross-signed by “AAA Certificate Services”.

• RSA DV Bundle with new Root
• ECC DV Bundle with new Root

Organization Validation

Contains “Sectigo RSA Organization Validation Secure Server CA”/”Sectigo ECC Organization Validation Secure Server CA”, signed by “USERTrust RSA Certification Authority” (new)/USERTrust ECC Certification Authority” (new), cross-signed by “AAA Certificate Services”.

• RSA OV Bundle with new Root
• ECC OV Bundle with new Root

Extended Validation

Contains “Sectigo RSA Extended Validation Secure Server CA”/”Sectigo ECC Extended Validation Secure Server CA”, signed by “USERTrust RSA Certification Authority” (new)/USERTrust ECC Certification Authority” (new), cross-signed by “AAA Certificate Services”.

• RSA EV Bundle with new Root
• ECC EV Bundle with new Root

Comodo SHA2 Bundles under SHA2 Root

These might still be needed for some systems if ‘Comodo’ Bundle is required particularly.

Domain Validation

• COMODO RSA DV SSL bundle
• COMODO ECC DV SSL bundle

Organization Validation

• COMODO RSA OV SSL bundle
• COMODO ECC OV SSL bundle

Extended Validation

• COMODO RSA EV SSL bundle
• COMODO ECC EV SSL bundle