When Trustico® issues your SSL Certificate, it's signed by an Intermediate Certificate Authority (CA). These Intermediate CAs are in turn signed by a trusted Root Certificate Authority.
The specific Intermediate CA (also known as the Issuer CA) that signs your SSL Certificate may vary depending on the SSL Certificate type.
For optimal security and browser compatibility, we strongly recommend installing the Intermediate Certificate on your server. This installation creates a complete chain of trust from the Root CA through to your End Entity Certificate.
Below you'll find links to where you can download the necessary Intermediate Certificate for your specific needs.
The following Intermediates should be used for Trustico® branded SSL Certificates issued after 24 May 2025.
RSA Domain Validation (DV) Intermediates
Our SSL Certificates are available in two cryptographic variants : RSA and ECC. For RSA-based SSL Certificates, we use the RSA DV SSL CA 2 Intermediate SSL Certificate, which is specifically designed to issue and validate RSA algorithm SSL Certificates.
Trustico® RSA DV SSL CA 2 🔗
We additionally recommend the installation of the cross-chain version of the Sectigo Public Server Authentication Root R46 Intermediate. This ensures ubiquity across a broad range of devices.
Sectigo Public Server Authentication Root R46 (Cross Chain issued by USERTrust RSA Certification Authority) 🔗
Usually, we include your Intermediate SSL Certificates during the issuance process. If you are not sure what to install, please refer to your fulfilment e-mail for clarification.
ECC (Elliptic Curve Cryptography) Domain Validation (DV) Intermediates
For customers who prefer the newer ECC (Elliptic Curve Cryptography) SSL Certificates, we use the ECC DV SSL CA 2 Intermediate SSL Certificate.
ECC offers comparable security to RSA while using shorter key lengths, resulting in faster processing times and lower computational overhead.
Trustico® ECC DV SSL CA 2 🔗
The choice between RSA and ECC Intermediate SSL Certificates must match your SSL Certificate type - RSA Intermediates for RSA SSL Certificates, and ECC Intermediates for ECC SSL Certificates.
Organization Validation Intermediate
We offer Organization Validated SSL Certificates in both RSA and ECC cryptographic formats. For our RSA-type OV SSL Certificates, issuance and validation are handled by the RSA OV SSL CA 2 Intermediate SSL Certificate, purpose-built for RSA algorithm OV SSL Certificate management.
Trustico® RSA OV SSL CA 2 🔗
Customers selecting our ECC (Elliptic Curve Cryptography) OV SSL Certificates benefit from the ECC OV SSL CA 2 Intermediate SSL Certificate.
This modern cryptographic approach matches RSA's security standards but excels in efficiency, featuring shorter key lengths that enable faster processing and minimize computational demands.
Trustico® ECC OV SSL CA 2 🔗
Note : Matching your Intermediate SSL Certificate to your OV SSL Certificate type is essential - use RSA Intermediates with RSA OV SSL Certificates, and ECC Intermediates with ECC OV SSL Certificates to ensure proper functionality.
Extended Validation Intermediate
Extended Validation SSL Certificates from Trustico® come in two cryptographic options : RSA and ECC.
When you choose an RSA-based EV SSL Certificate, it's issued through our RSA EV SSL CA 2 Intermediate SSL Certificate, engineered specifically for RSA algorithm EV SSL Certificate validation and issuance.
Trustico® RSA EV SSL CA 2 🔗
If you opt for our ECC (Elliptic Curve Cryptography) EV SSL Certificates, these are issued through the ECC EV SSL CA 2 Intermediate SSL Certificate.
The advantage of ECC technology lies in its ability to deliver RSA-equivalent security levels while utilizing shorter key lengths, which translates to improved processing speed and reduced server resources.
Trustico® ECC EV SSL CA 2🔗
Important : Your Intermediate SSL Certificate selection must align with your chosen EV SSL Certificate type. RSA Intermediate SSL Certificates pair with RSA EV SSL Certificates, while ECC Intermediate SSL Certificates must be used with ECC EV SSL Certificates.
Windows IIS Problems?
If you are having problems with IIS and your chain, it has been noticed that there can be some issues with their chain-building technology. Essentially, Windows as a client will try and build the shortest available chain.
This works well for a client machine but is not so well for a server - which should send the longest available chain (as longest, usually is the most ubiquitous chain).
One solution is by removing the shorter (non cross-chain) Sectigo Public Server Authentication Root R46 from the Root and Intermediate stores and adding it specifically to the Untrusted Certificates list.
Doing this will the force sending the longer Sectigo Public Server Authentication Root R46 (Cross Chain issued by USERTrust RSA Certification Authority)
