SSL – Which is Root? Which is Intermediate?

Which is Root? Which is Intermediate?

You will receive a ZIP file from us containing: Root, Intermediate(s), and domain/end-entity
certificate. The name(s) of the file(s) will depend on the type of certificate you obtain from
us and the server software that was selected during purchase.

Current Comodo Certificate Hierarchies

    • Root: AddTrustExternalCARoot.crt
    • Intermediate 1: COMODOAddTrustServerCA.crt
    • Intermediate 2: COMODOExtendedValidationSecureServerCA.crt
    • End-Entity/Domain Certificate
  • StandardSSL Certificate/ StandardSSL WildCard / Standard UC Certificate (UCC)
    • Root: AddTrustExternalCARoot.crt
    • Intermediate: ComodoHigh-AssuranceSecureServerCA.crt
    • End-Entity/Domain Certificate
  • EnkeltSSL Certificat/ EnkeltSSL Wildcard / EnkeltSSL UCC
    • Root: AddTrustExternalCARoot.crt
    • Intermediate: ComodoSSLCA.crt
    • End-Entity/Domain Certificate
  • Code Signing
    • Root: AddTrustExternalCARoot.crt
    • Intermediate 1: UTNAddTrustObject_CA.crt
    • Intermediate 2: COMODOCodeSigningCA2.crt
    • Your Code Signing Certificate
  • Kernel Mode Code Signing (KMCS) Cross-Signed CAs for Microsoft Systems
    • AddTrustExternalCARoot_kmod.crt (AddTrust External CA Root)
    • UTN-USERFirst-Object_kmod.crt (UTN-USERFirst-Object)
    • COMODORSACertificationAuthority_kmod.crt (COMODO RSA Certification Authority)

• IIS 4.x and up can use a .cer file. This file contains: Root, Intermediates, and domain
certificate; all rolled into one file.

• IIS 6.x and up will accept a .crt (end-entity/domain certificate) file, but Root and
Intermediate(s) will need to be installed manually.

• Apache makes use of a .ca-bundle file. This file contains the Intermediate(s) and
sometimes Root certificates in a single file.

If you still are unsure, please contact us at

Comments are closed