Two certificate with same CN "COMODO RSA Certification Authority"

[LijoJoseph]

Got a query why COMODO has one Intermediate CA (with serial number 27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22) and one Root CA ( with serial number 4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d) with same CN "COMODO RSA Certification Authority"

Recently we faced an issues where in the SSL  server we had the chain like Identity certificate => Issued by “COMODO RSA Extended Validation Secure Server CA” Intermediate CA 1 => COMODO RSA Extended Validation Secure Server CA => issued by “COMODO RSA Certification Authority” ( the one with S/N: 4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d) Since the Intermediate CA 1 itself is a root we don’t have the option to link that with Add trust Root CA and this issuing CA chain is not trusted by Mozilla leading to a certificate warning.

[Sal Amander]

It's cross-signed for ubiquity purposes as not everything out there has the COMODO RSA CA as a Root but would likely have the AddTrustExternal Root CA.

The Root version has been included since about Firefox 36 (~2/3 years ago). I suspect your web server is misconfigured in that its not presenting a full chain to the AddTrust as this is very common thing to happen, in my experience.

Have you used Comodo's SSLAnalyzer to test your site to see if it is trusted?

Have you worked with Comodo's Support to troubleshoot further? (phone/email/chat)

Did you know that Comodo's CA certificates can be found on their support site? Here I'd contact Comodo support if you need assistance in installing the CA certificates correctly. They can also help to see if the webserver is presenting the CA certificates correctly & fully.