WP Provider
WP Provider
151 Google recensies
Inge Scholman
Snelle en goede service! Kan altijd op WP-provider rekenen!
Colin Harzing
Fijne hosting partner. Altijd snel en responsief. Neemt al je zorgen uit handen omtrent hosting. Echt een aanrader!
Jan Hartog
Supr snelle en vakkundige service! Heel fijn bedrijf!
Philippe Neven
Fijne partner om mee samen te werken. Ontzorgen je volledig op hosting gebied en zijn gespecialiseerd in WordPress. Wanneer er iets is, ontvangen wij altijd snel en persoonlijk een reactie en worden onze vragen ook snel opgelost. Kortom, wij worden goed geholpen en ontzorgd!
Steven E.
WP Provider has gone above and beyond to surpass my expectations. Their customer support is exceptional, and their performance is reliable, making them a true gem in the Wordpress hosting industry
Marijnke Vincent
Super snel en fijne service en klantcommunicatie!
Max van Velsen
Fijne, professionele en vooral snelle service! Krijg altijd snel en concreet antwoord op mijn vragen. Niks slechts op aan te merken.
Wat een fijne partij! Goed bereikbaar, meteen hulpvaardig. Wij zijn heel tevreden.
Raymond Ros
Zeer tevreden, aftersales dik in orde bij WP Provider!
John Gruter
Wat een topservice leveren zij. Altijd snel een oplossing als er wat is. Als iemand een website wilt laten maken of beheren, bent u hier aan het goede adres, tegen normale prijzen. Blije Voeteb

Phasing out Addtrust External CA root certificate

On May 30, 2020, the widely used Sectigo (Comodo) Root certificate, called the AddTrust External CA Root, will expire. This certificate has been active since May 30, 2000, and has been widely supported since its launch. The successor to this root certificate is called the Comodo RSA Certification Authority Root and will expire in 2038. This article explains how phasing out the root certificate works and why no additional actions are needed on the server side.

Chain of Trust

Each SSL certificate is issued under a root certificate. Root certificates are self-signed certificates verified by a CA such as Sectigo and included in a browser’s trusted root store. This is important for SSL certificate support: when more browsers trust a root certificate, the SSL certificates issued under this root certificate will be more widely trusted.

Between a root certificate and an SSL certificate are one or more intermediate certificates. Together they provide a complete chain (“chain of trust”) of the root certificate. By using intermediate certificates, the root certificate itself does not need to sign a certificate. This allows the root certificate to remain offline, making it less vulnerable to misuse. Intermediate certificates can be considered signposts to the root certificate. An SSL certificate is signed by an intermediary and the intermediary by the root certificate. Not installing it may in some cases cause errors when visiting the page on which the certificate is active.


Building a good compatibility of a new root takes time. Therefore, Sectigo SSL certificates are cross-signed under two different root certificates, the previously discussed Addtrust External CA root with a validity until May 2020 and the relatively new – and because of this less widely supported – Comodo RSA Certification Authority root certificate valid until May 2038.

In addition, the Comodo RSA Certification Authority issued another interim certificate. The name of this intermediate depends on the signed SSL certificate below it. For example, the name of the intermediary that signs EV certificates is the COMODO RSA EV Secure Server CA . The latter intermediate product is signed by both the Comodo RSA Certification authority intermediate certificate and the eponymous main certificate of the same name, also known as cross-signing. Due to the cross-signing technique, two valid root certificates are known and both can be used.

Can the Sectigo (Comodo) certificate still be trusted?

Because of the compatibility and widespread browser support of the Addtrust External CA root certificate, this root certificate is still offered. When it expires and a customer already has the Comodo RSA Certification Authority root in their trusted root, it will be used automatically. As a result, installing the old root as of May 30, 2020 will no longer cause problems. You will find that newer customers who are familiar with the Comodo RSA Certification Authority root are already using it. Today, certificates are issued with a maximum validity of two years. As a result, the certificate may have a longer validity period than the root certificate you are using. By using the cross-singing technique, this does not lead to problems.

Some visitors still use legacy devices. Therefore, we recommend using the old chain. As of May 30, 2020, legacy devices that do not have the new root in the trusted root will unfortunately throw an error.

Note: A Windows Server automatically provides the shortest chain. It is possible to disable the new root certificate until the Addtrust External CA root certificate expires.

The list below shows all the minimal versions of software that will have no problems. All browsers and operating systems older than the versions below do not contain new root certificates and may give errors.


macOS Sierra 10.12.1 Public Beta 2
iOS 10
Windows XP
Windows Phone

Firefox 3.0.4
Firefox 36

Android 2.3
Android 5.1

Java JRE 8h51

Browser releases after December 2012
360 Browser:

SE 10.1.1550.0 and Extreme browser 11.0.2031.0
This test environment allows you to check if your installation is causing problems. To do this, adjust the clock to a date after June 1, 2020.

Overlap in naming and expiration dates

Under the old ‘Addtrust External CA’ root, the ‘Comodo RSA Certification Authority’ intermediary is present. ‘Root’ and ‘intermediate’ both expire on May 30, 2020. In addition, the expiring certificate has the same name as the new Comodo RSA Certification Authority root certificate.


Each certificate has its own unique thumbprint. Of the above certificates, these are:

Addtrust External CA Root root certificate:


Comodo RSA Certification Authority intermediate certificate:


Comodo RSA Certification Authority root certificate:


This way, you can verify with certainty which certificate is present on the server.


Picture of admin


Laatste berichten

Follow us