fbpx
Back to menu

Certificates

Certificates

Server Certificates
  • SSL/TLS Certificates

    SSL/TLS certificates encrypt information, verify identity, and strengthen consumer trust. We offer a range of certificates that cover every security need.

Software & App Certificates
  • Code Signing Certificates

    Code Signing removes the “Unknown Publisher” security warning and identifies the publisher of a piece of software or an application.

Email Certificates (S/MIME)
  • PersonalSign Certificates

    Secure your emails by applying a digital signature, encrypting your email content, or a combination of both.

Document Certificates
  • Document Signing Certificates

    Digital certificates that can be used to sign or seal digital documents like Adobe PDF files or Microsoft Office files.

Qualified Certificates
  • PSD2 Certificates

    As one of very few European providers, we offer QWAC and QSealC certificates that comply with eIDAS and PSD2.

Back to menu

Solutions

Our solutions

⚡ Discovery Tools
  • ⚡ SSL360®

    Our brand-new discovery tool SSL360™ provides total visibility and control of public-facing digital certificates across your organization: Inventory, track, monitor, and renew your certificates — all in one place!

Certificate Management

Our full range of certificate management solutions covers every need — from individual customers and startups needing one or two certificates and up to large companies looking for enterprise-grade solutions:

  • Customer Portal

    Advanced, on-demand certificate management.

  • Managed SSL

    Optimized for professional use, Managed SSL is designed around enterprise-specific security requirements.

  • Certificate Manager

    Certificate Manager fully automates the entire certificate management workflow.

  • Managed S/MIME

    For enterprise organizations looking to implement an enterprise-wide, secure email solution.

  • AppviewX Cert+

    The certificate and key lifecycle automation platform. Prevent outages and ensure constant network availability by gaining full visibility into and control over your PKI.

High-Volume Document Signing
  • Digital Signing Service

    Our cloud-based digital Signing-as-a-Service solution providing companies and organizations with an easy-to-deploy and cost-effective way to add digital signatures to their existing workflows.

eIDAS
  • eIDAS and PSD2 certificates

    As one of very few European providers, we offer QWAC and QSeal certificates that comply with eIDAS and PSD2.

SSL Certificate reseller

Want to expand your revenue stream and provide your customers with top-notch online security? Look no further than becoming a Trustzone SSL Certificate reseller partner.

Back to menu

Support

Our Support

Our Support and Service

Our first-class customer service and support is the core of our business. Read more about what we offer here.

Contact Support

Our friendly support team is ready to help you!

Knowledge Base 💡

Our collection of support content: How-to guides, Roots, Intermediates, and FAQs.

Certificate Tools

Our CSR/Certificate decoding tool with intermediate fetching

📈 Most Viewed:

How to enable TLS 1.2 on Windows Server 2008/2016

Read more
Back to menu

Insights

Insights

Articles

Occasionally, we share our take on the world of PKI and SSL/TLS encryption and authentification. Read our articles here.

Customer case stories

More than 3,000 companies have already trusted us with their certificates. Read about a couple of them here.

Events and live webinars

Sign up for one of our live webinars or product demos. We look forward to seeing you!

Back to menu

About

About

News

From time to time, new regulations and developments affect the PKI and SSL/TLS realm. Read our news updates about that here.

About Us

Our founders Jacob and Henrik started TRUSTZONE more than 15 years ago. Read more about our story here.

Our Partners

Our partnerships are an important part of our story and our business. Read more about our partners here.

Cookies & Privacy Policy
General Terms of Sale and Delivery
Support Service Level Agreement
Careers at TRUSTZONE
CSR
Contact Us

SSL Certificates: Root CA and Intermediate CA Changes

May 16, 2019

2 min read

Starting 27 May 2019, we are migrating some of our SSL products over to the GlobalSign Root R3 and the GlobalSign Root R5. We do this as part of our CA lifecycle management and to address SHA-1 Root concerns.

Express/­­­­­­­DomainSSL certificates

We are changing from using an issuing CA that chains to the GlobalSign Root R1 which is an SHA-1 Root, to the GlobalSign Root R3 which is an SHA-256 Root.

The GlobalSign Root R3 has been in use for several years issuing our EV/Extended Validation SSL certificates, and now we are moving our Express/DomainSSL issuance to this Root.

This new CA under Root R3 will be used to sign both RSA and ECC certificates.

Business/OrganisationSSL certificates

We are changing from using an issuing CA that chains to GlobalSign Root R1, to CAs that chain either to GlobalSign Root R3 or GlobalSign Root R5.

All requests for RSA Certificates will be issued under a new RSA Intermediate CA which chains to GlobalSign Root R3, while all requests for ECC Certificates will be issued under a new ECC Intermediate CA which chains to GlobalSign Root R5.

The entire chain from SSL Certificate to the Root will be consistent with respect to the key type and signing algorithms (SHA256RSA and SHA384ECDSA).

EV/Extended Validation SSL: Certificates issued from a Managed SSL account

Our EV SSL certificates, issued from a Managed SSL account (where pre-vetting is a feature), will continue to use the existing Intermediate CA for RSA keys but will use a new ECC intermediate CA that chains to GlobalSign Root R5 for ECC keys which permits a complete ECC chain.

EV/Extended Validation SSL: Certificates issued from a non-Managed SSL account:

No change – the intermediate CA for EV SSL certificates from a non-Managed SSL account will continue to use the current intermediate CA that chains to R3 (this concerns both RSA and ECC certificates).

Overview of the changes

SSL product CSR key type CA key type Root CA key type Root
Before May 27, 2019 Before May 27, 2019 After May 27, 2019 After May 27, 2019
Express/
Domain
SSL		 RSA
and
ECC		 RSA R1 RSA R3
Business/
Organisation
SSL		 RSA RSA R1 RSA R3
Business/
Organisation
SSL		 ECC RSA R1 ECC R5
EV SSL
(non-MSSL)		 RSA
and
ECC		 RSA R3 No
change		 No
change
EV SSL
(MSSL)		 RSA RSA R3 No
change		 No
change
EV SSL
(MSSL)		 ECC RSA R3 ECC R5

Important information

When installing new certificates (including renewals, SAN updates and reissues) for the above products issued after May 27, 2019, please be sure to install the new intermediate CA certificate on your web servers.

In some cases, the web server may need to be configured with the GlobalSign R3-R5 Cross Certificate and in very rare cases with Root R3 or Root R5, as part of the standard configuration process.

Certificates issued prior to May 27, 2019, will continue to work without any action needed.

Any Question? Request a Call