What is CA bundle?

CA bundle is a file that contains root and intermediate certificates. The end-entity certificate along with a CA bundle constitutes the certificate chain.

The chain is required to improve compatibility of the certificates with web browsers and other kind of clients so that browsers recognize your certificate and no security warnings appear.

Comodo may send you a complete CA bundle in a zip file with a *.ca-bundle extension or root and intermediate certificates separately.

In case you have received the intermediate and root certificates as separate files, you should combine them into a single one to have a complete CA_bundle. But since the certificates in the CA bundle should be in a particular order, it could be not clear what the correct sequence of root and intermediate certificates is.

For example, the current CA Bundle for the Sectigo (former Comodo) DV certificate contains:
  • "Sectigo RSA Domain Validation Secure Server CA"/"Sectigo ECC Domain Validation Secure Server CA" intermediate certificate (depending on the key encryption method)
  • "USERTrust RSA Certification Authority" SHA-2 root certificate that signs the previous one and is cross-signed by the old "AddTrust External CA Root" SHA1 root certificate (not included to the file).
Both certificates may be contained in the fulfillment email along the end-entity certificate issued for your website. While, obviously, yourdomain.crt would be a public certificate issued for your domain name, it could be not clear how to create a correct CA bundle for it with the other two files.

      That is why we created already combined Bundle files for you, and you can find the one you need here.

127173 times

Need help? We're always here for you.