picture of tbs certificates
picture of tbs certificates
Our products range

20120806: Comodo will stop using its Entrust root on mid-September 2012

Update: Microsoft has desactivated this Entrust root in its products on March 12, 2014

Comodo announced the disappearance of certificates issued on Entrust root (1024-bit or 2048-bit) on mi-September 2012.

Mozilla previously announced the removal of 1024-bit roots as of December 31, 2013 and the 2048-bit Entrust root being less recognized than the AddTrust External CA Root,Comodo considers its commercialization is no longer needed.

So the following product will migrate to a new issuance root as of September 15, 2012:
  • Comodo SSL
  • Comodo UCC
  • Comodo WildSSL
  • Comodo Test SSL
The other products are not concerned.

Please note:
  • The replacement products will have approximately the same recognition rate except on older software (see the list below) that won't be supported anymore:
    • Opera 6.02 to 7.54
    • JRE 1.4.2_03 to 1.5.0_13
    • Netscape 4.51 to 4.76
    • Palm OS
    • Opera Mini before 4.2
    • Nokia Symbian before 9.2
    • Windows Mobile 2002, CE5, 2003
    • Netfront 3.4
    • BlackBerry before 4.5.1

    See our comparative chat for details

  • Comodo certificates issued before mid-September 2012 will function normally until the end of 2013 (see Mozilla changes).

  • At the end of 2013 (or before), our customers could:
    • Reissue their certificate on the new root
    • Modify their chain to use Entrust 2048 intermediate, or read this
    • Do nothing, but the main browsers won't recognized the certificate from 2014 (this option can be used to keep the compatibility rate with older mobile platforms that won't delete 1024-bit roots).
    Our customers that are concerned will be individually informed during 2013. See also Comodo's support page.

  • After mid-September 2013 it won't be possible to reissue on the Entrust chain. The reissuance will be done on the new chain.