20120806: Comodo will stop using its Entrust root on mid-September 2012
Update: Microsoft has desactivated this Entrust root in its products on March 12, 2014Comodo announced the disappearance of certificates issued on Entrust root (1024-bit or 2048-bit) on mi-September 2012.
Mozilla previously announced the removal of 1024-bit roots as of December 31, 2013 and the 2048-bit Entrust root being less recognized than the AddTrust External CA Root,Comodo considers its commercialization is no longer needed.
So the following product will migrate to a new issuance root as of September 15, 2012:
- Comodo SSL
- Comodo UCC
- Comodo WildSSL
- Comodo Test SSL
Please note:
- The replacement products will have approximately the same recognition rate except on older software (see the list below) that won't be supported anymore:
- Opera 6.02 to 7.54
- JRE 1.4.2_03 to 1.5.0_13
- Netscape 4.51 to 4.76
- Palm OS
- Opera Mini before 4.2
- Nokia Symbian before 9.2
- Windows Mobile 2002, CE5, 2003
- Netfront 3.4
- BlackBerry before 4.5.1
See our comparative chat for details
- Comodo certificates issued before mid-September 2012 will function normally until the end of 2013 (see Mozilla changes).
- At the end of 2013 (or before), our customers could:
- Reissue their certificate on the new root
- Modify their chain to use Entrust 2048 intermediate, or read this
- Do nothing, but the main browsers won't recognized the certificate from 2014 (this option can be used to keep the compatibility rate with older mobile platforms that won't delete 1024-bit roots).
- After mid-September 2013 it won't be possible to reissue on the Entrust chain. The reissuance will be done on the new chain.
Last edited on 05/26/2016 12:18:09 --- [search]