How Can We Help?

Sectigo intermediate certificates - RSA

You are here:

All participant certificates are issued by an intermediate certificate. These intermediate certificates are issued by our Trusted Root certificate. We refer to the intermediate certificate as an issuer CA certificate. The issuer can vary depending on the type of certificate and we send intermediate certificates with the subscriber certificate.

Es wird empfohlen, das Zwischenzertifikat auf einem Server zu installieren. Auf diese Weise können Sie die Vertrauenskette zwischen Stamm- und Endentitätszertifikat aufbauen. Daher werden sie als «Kettenzertifikate» bezeichnet.

You can also download the required intermediate certificate from the following table.


Domain Validation

Download ] USERTrust RSA certification authority [root certificate cross-signed] [ Download ] Sectigo RSA Domain Verification Secure Server CA [Intermediate]
Download ] Sectigo RSA DV Bundle [Intermediate + Cross-Signed]

organization validation

Download ] USERTrust RSA Certification Authority [Root Certificate Cross Signed] [ Download ] Sectigo RSA Organization Validation Secure Server CA [Intermediate]
Download ] Sectigo RSA OV Bundle [Intermediate + Cross Signed]

Erweiterte Validierung

Download ] USERTrust RSA certification body [root certificate cross-signed]
Download ] Sectigo RSA Extended Validation Secure Server CA [Advanced]
Download ] Sectigo RSA EV Bundle [Advanced + cross-signed]

code signing

  • Standard   [ Download ] Sectigo RSA code signature CA
  • EV Code Signing [ Herunterladen ] Sectigo RSA Extended Validation Code Signing CA

Secure email 

Download ] Sectigo RSA client authentication and secure email CA.

Root certificates:

Download ] SHA-2 root directory: USERTrust RSA Certification Authority
[Download] SHA-1 root directory *: AddTrust External CA root directory [valid until May 30, 2020]


Note: Only a few older systems that no longer receive updates from their manufacturer cannot trust our SHA-2 certificates. To be able to trust our SHA-2 certificates, we recommend our customers to include the Cross Signed Certificate in the server certificate chain. In this way, these older systems can trust our SHA-2 certificates.

* SHA-1-based signatures for trustworthy root certificates are no problem, since TLS clients trust them more by their identity than by the signature of their hash.


  1. SectigoRSAOrganizationValidationSecureServerCA 1/21/2019
  2. SectigoRSAExtendedValidationSecureServerCA 1/21/2019
  3. SectigoRSAClientAuthenticationandSecureEmailCA 1/21/2019
  4. SectigoRSAExtendedValidationCodeSigningCA 1/21/2019
  5. SectigoRSADomainValidationSecureServerCA 1/21/2019
  6. SectigoRSACodeSigningCA 1/21/2019
  7. SectigoRSAOVBundle 1/21/2019
  8. SectigoCodeSignBundle 1/21/2019
  9. SectigoRSAEVBundle 1/21/2019
  10. SectigoRSADVBundle 1/21/2019
  11. USERTrustRSAAddTrustCA 1/21/2019

-> for protection you will find the latest intermediate certificates (

Table of Contents