Sectigo(Formerly Comodo CA), from 14th January 2019 all certificates issued and reissued from Sectigo will carry USERTrust roots, since recently, Comodo CA changed its name to Sectigo, as the next phase of transition Comodo is exchanging its brand with Sectigo and in the process, it is undertaking these changes.
Let us discuss about the Root CAs and intermediaries, since all operating systems maintains a Root store also known as trust store which has a set of root certificates which are live on your system, they are used to issue trusted digital certificates like SSL/TLS and signing certificates, so when you visit a website your browser will check the authenticity with the SSL/TLS certificate by tracing the signature on the end user’s SSL/TLS certificate, in case you get an error then the connection fails.
The requirements of the root programs are very stringent, as the CAs must undergo audits and review processes before the introduction of new roots since they issue trusted certificates and any compromise would lead to a massive disaster. So, it is much easier to tweak the intermediate rather than the root, also the leaf certificates have a lifespan of a maximum of 27 months. Sectigo is trying to distance itself from the Comodo brand, hence having Roots and Intermediates that say “Comodo” is not acceptable, let us see how Sectigo will handle this transition from a PKI standpoint given the time it takes getting a root accepted into the various root programs, so effective 14th January 2019 Sectigo CA will start using USERTrust Root CAs instead of Comodo CAs Roots CAs.USERTrust CAs has been in business since 2000 which is likely to expire in 2020 but has been extended up to 2038 with the newer version.
Let us now consider the impact on the existing Comodo/ Sectigo customers, Sectigo says We want to assure all customers and partners that this change will happen seamlessly with no action needed, your existing certificates, issuing CAs, and roots will remain active and trusted. Whereby the new Sectigo intermediates will be used to satisfy new requests and renewal requests, and requests that are pending at the time of this transition in turn