Comodo CA Ltd. (“Comodo”) has recently generated two ECC root certificates. The purpose of
this Addendum to the Comodo Certification Practice Statement (“ACPS”) is to amend version
1.03 of the EV Comodo Certification Practice Statement (“CPS”) to include the Comodo’s ECC
root certificates in Comodo’s CPS. All provisions of the CPS not specifically amended or added
herein remain in full force and effect and where applicable shall apply to the new product
offerings. Amended portions in this ACPS are included within brackets. Nothing in the CPS shall
be deemed omitted, deleted or amended unless expressly stated in this ACPS or identified in
brackets below. Information not located in brackets is to be included in addition to all information
in the CPS. Headings from the CPS are included to identify the location of the Amended
information, and are not intended to be duplicative.
Acronyms / Terms Used in the ECC Certificate Addendum to Comodo EV CPS:
RSA An asymmetric encryption algorithm suitable for digital signatures.
ECC Elliptic Curve Cryptography – A more modern family of asymmetric encryption algorithms
of which ECDSA is suitable for digital signatures.
1 General
. . . .
1.8 Comodo PKI Hierarchy
Comodo uses the COMODO ECC Certification Authority, COMODO Certification Authority, UTN-
USERFIRST-Hardware, UTN – DATACorp SGC, and AddTrust External CA Root for its Root CA
Certificates for EV Certificates. This allows Comodo to issue highly trusted EV Certificates by
inheriting the trust level associated with the Comodo root certificates (named “COMODO ECC
Certificate Authority” and “COMODO Certificate Authority”), UTN root certificates (named “UTN-
USERFIRST-Hardware” and “UTN – DATACorp SGC"), and the AddTrust root certificate (named
“AddTrust External CA Root”). The ability to issue trusted certificates from these different roots
provides Comodo with additional flexibility and trust. The following high-level representation of
the Comodo PKI is used to illustrate the hierarchy utilized.
1.8.1 EV Certificates
Comodo issues EV certificates from two different root CAs.
Certificates issued from the COMODO ECC Certification Authority are visible on Browsers or
platforms that Trust that root as follows:
COMODO ECC Certification Authority (serial number = 1f 47 af aa 62 00 70 50 54 4c 01 93 9b 63
99 2a, expiry = 18 January 2038 23:59:59)
COMODO EV SSL ECC CA (serial number = TBA, expiry = 31 December 2019 23:59:59)
End Entity SSL (serial number = x, expiry = 12 to 27 months from issuance)
Certificates issued from the COMODO Certification Authority are:-
Visible on Browsers on platforms that Trust the “COMODO Certification Authority” root as follows:
COMODO Certification Authority (serial number = 4e 81 2d 8a 82 65 e0 0b 02 ee 3e 35 02 46 e5
3d, expiry = 31 December 2029 23:59:59)
COMODO EV SSL CA (serial number = 21 d9 5f 9e a9 bf ee 5d e9 d2 7c e4 0a 4e 21 0c,
expiry = 31 December 2019 23:59:59)
End Entity SSL (serial number = x, expiry = 12 to 27 months from issuance)