USERTrust RSA Certification Authority - Expires in May 2020
A new intermediate certificate is available here: USERTrust RSA Certification Authority (2028)
Intermediate certificate used for the issuance of Sectigo / Comodo CA certificates. Linked to AddTrust External CA Root.
You'll find the text version here under, or download it here.
If you are looking for the root version of this certificate, you can find it here.
Valid until May 30 10:48:38 2020 GMT
Length: 4096 bits
Note: The Addtrust External CA root that issued all Sectigo, TBS X509 and PositiveSSL server certificates will expire in May 2020. See: Sectigo / Comodo CA: expiration of Addtrust root
Its CRL is available here: http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl
-----BEGIN CERTIFICATE----- MIIFdzCCBF+gAwIBAgIQE+oocFv07O0MNmMJgGFDNjANBgkqhkiG9w0BAQwFADBv MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjAN BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sIs9CsVw127c0n00yt UINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnGvDoZtF+mvX2do2NC tnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQIjy8/hPwhxR79uQf jtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfbIWax1Jt4A8BQOujM 8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0tyA9yn8iNK5+O2hm AUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97Exwzf4TKuzJM7UXiV Z4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNVicQNwZNUMBkTrNN9 N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5D9kCnusSTJV882sF qV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJWBp/kjbmUZIO8yZ9 HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ5lhCLkMaTLTwJUdZ +gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzGKAgEJTm4Diup8kyX HAc/DVL17e8vgg8CAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTv A73gJMtUGjAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/ BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1Ud HwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4 dGVybmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0 dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAJNl9jeD lQ9ew4IcH9Z35zyKwKoJ8OkLJvHgwmp1ocd5yblSYMgpEg7wrQPWCcR23+WmgZWn RtqCV6mVksW2jwMibDN3wXsyF24HzloUQToFJBv2FAY7qCUkDrvMKnXduXBBP3zQ YzYhBx9G/2CkkeFnvN4ffhkUyWNnkepnB2u0j4vAbkN9w6GAbLIevFOFfdyQoaS8 Le9Gclc1Bb+7RrtubTeZtv8jkpHGbkD4jylW6l/VXxRTrPBPYer3IsynVgviuDQf Jtl7GQVoP7o81DgGotPmjw7jtHFtQELFhLRAlSv0ZaBIefYdgWOWnU914Ph85I6p 0fKtirOMxyHNwu8= -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) Serial Number: 13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36 Signature Algorithm: sha384WithRSAEncryption Issuer: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root Validity Not Before: May 30 10:48:38 2000 GMT Not After : May 30 10:48:38 2020 GMT Subject: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) Modulus: 00:80:12:65:17:36:0e:c3:db:08:b3:d0:ac:57:0d: 76:ed:cd:27:d3:4c:ad:50:83:61:e2:aa:20:4d:09: 2d:64:09:dc:ce:89:9f:cc:3d:a9:ec:f6:cf:c1:dc: f1:d3:b1:d6:7b:37:28:11:2b:47:da:39:c6:bc:3a: 19:b4:5f:a6:bd:7d:9d:a3:63:42:b6:76:f2:a9:3b: 2b:91:f8:e2:6f:d0:ec:16:20:90:09:3e:e2:e8:74: c9:18:b4:91:d4:62:64:db:7f:a3:06:f1:88:18:6a: 90:22:3c:bc:fe:13:f0:87:14:7b:f6:e4:1f:8e:d4: e4:51:c6:11:67:46:08:51:cb:86:14:54:3f:bc:33: fe:7e:6c:9c:ff:16:9d:18:bd:51:8e:35:a6:a7:66: c8:72:67:db:21:66:b1:d4:9b:78:03:c0:50:3a:e8: cc:f0:dc:bc:9e:4c:fe:af:05:96:35:1f:57:5a:b7: ff:ce:f9:3d:b7:2c:b6:f6:54:dd:c8:e7:12:3a:4d: ae:4c:8a:b7:5c:9a:b4:b7:20:3d:ca:7f:22:34:ae: 7e:3b:68:66:01:44:e7:01:4e:46:53:9b:33:60:f7: 94:be:53:37:90:73:43:f3:32:c3:53:ef:db:aa:fe: 74:4e:69:c7:6b:8c:60:93:de:c4:c7:0c:df:e1:32: ae:cc:93:3b:51:78:95:67:8b:ee:3d:56:fe:0c:d0: 69:0f:1b:0f:f3:25:26:6b:33:6d:f7:6e:47:fa:73: 43:e5:7e:0e:a5:66:b1:29:7c:32:84:63:55:89:c4: 0d:c1:93:54:30:19:13:ac:d3:7d:37:a7:eb:5d:3a: 6c:35:5c:db:41:d7:12:da:a9:49:0b:df:d8:80:8a: 09:93:62:8e:b5:66:cf:25:88:cd:84:b8:b1:3f:a4: 39:0f:d9:02:9e:eb:12:4c:95:7c:f3:6b:05:a9:5e: 16:83:cc:b8:67:e2:e8:13:9d:cc:5b:82:d3:4c:b3: ed:5b:ff:de:e5:73:ac:23:3b:2d:00:bf:35:55:74: 09:49:d8:49:58:1a:7f:92:36:e6:51:92:0e:f3:26: 7d:1c:4d:17:bc:c9:ec:43:26:d0:bf:41:5f:40:a9: 44:44:f4:99:e7:57:87:9e:50:1f:57:54:a8:3e:fd: 74:63:2f:b1:50:65:09:e6:58:42:2e:43:1a:4c:b4: f0:25:47:59:fa:04:1e:93:d4:26:46:4a:50:81:b2: de:be:78:b7:fc:67:15:e1:c9:57:84:1e:0f:63:d6: e9:62:ba:d6:5f:55:2e:ea:5c:c6:28:08:04:25:39: b8:0e:2b:a9:f2:4c:97:1c:07:3f:0d:52:f5:ed:ef: 2f:82:0f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Authority Key Identifier: keyid:AD:BD:98:7A:34:B4:26:F7:FA:C4:26:54:EF:03:BD:E0:24:CB:54:1A X509v3 Subject Key Identifier: 53:79:BF:5A:AA:2B:4A:CF:54:80:E1:D8:9B:C0:9D:F2:B2:03:66:CB X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Certificate Policies: Policy: X509v3 Any Policy X509v3 CRL Distribution Points: Full Name: URI:http://crl.usertrust.com/AddTrustExternalCARoot.crl Authority Information Access: OCSP - URI:http://ocsp.usertrust.com Signature Algorithm: sha384WithRSAEncryption 93:65:f6:37:83:95:0f:5e:c3:82:1c:1f:d6:77:e7:3c:8a:c0: aa:09:f0:e9:0b:26:f1:e0:c2:6a:75:a1:c7:79:c9:b9:52:60: c8:29:12:0e:f0:ad:03:d6:09:c4:76:df:e5:a6:81:95:a7:46: da:82:57:a9:95:92:c5:b6:8f:03:22:6c:33:77:c1:7b:32:17: 6e:07:ce:5a:14:41:3a:05:24:1b:f6:14:06:3b:a8:25:24:0e: bb:cc:2a:75:dd:b9:70:41:3f:7c:d0:63:36:21:07:1f:46:ff: 60:a4:91:e1:67:bc:de:1f:7e:19:14:c9:63:67:91:ea:67:07: 6b:b4:8f:8b:c0:6e:43:7d:c3:a1:80:6c:b2:1e:bc:53:85:7d: dc:90:a1:a4:bc:2d:ef:46:72:57:35:05:bf:bb:46:bb:6e:6d: 37:99:b6:ff:23:92:91:c6:6e:40:f8:8f:29:56:ea:5f:d5:5f: 14:53:ac:f0:4f:61:ea:f7:22:cc:a7:56:0b:e2:b8:34:1f:26: d9:7b:19:05:68:3f:ba:3c:d4:38:06:a2:d3:e6:8f:0e:e3:b4: 71:6d:40:42:c5:84:b4:40:95:2b:f4:65:a0:48:79:f6:1d:81: 63:96:9d:4f:75:e0:f8:7c:e4:8e:a9:d1:f2:ad:8a:b3:8c:c7: 21:cd:c2:ef
Alternative certification chain entirely in SHA256 or more
This intermediate certificate is signed with SHA384 hash algorithm, but the root certificate it depends on - AddTrust External CA Root
- is signed in SHA1.
This historical chain presents a high compatibility rate with old systems or browsers that cannot be updated.
If you work with strict clients or systems that only accept full SHA256 (or more) certification chain, you can install the following chain on your server. It has the same name but it signed in SHA284: USERTrust RSA Certification Authority. Then the chain will be shortened and won't include a SHA1-signed certificate anymore.
See our Full installation procedure.
The root version of USERTrust RSA Certification Authority certificate is available here: USERTrust RSA Certification Authority