Installing ExternalCARoot for Positive SSL on Apache+Mod_SSL


I’m trying to install a Positive SSL cert on Apache + Mod_SSL using the instructions given in the support section. I was given these files in my zip

Root CA Certificate - AddTrustExternalCARoot.crt
Intermediate CA Certificate - UTNAddTrustServerCA.crt
Intermediate CA Certificate - ResellerFlyCertificateServices.crt
Your PositiveSSL Certificate - mydomain_com.crt

First off, it doesn’t say anything in the instructions about installing the AddTrustExternalCARoot.crt file. What do I need to do with this, if anything?

Second, I’ve been having trouble getting the verification chain down. The zip didn’t come with the ca-bundle file that the instructions said I needed, so support sent me one. The site still comes up as “cannot be verified up to a trusted certification authority.” I just noticed in the downloads section that there was a new ca-bundle file as of 9/21/06, so I’m going to give this a try (I was issued my cert on 10/13/06, and sent the older ca-bundle). Can anyone verify that this is the ca-bundle that I should be using?

Thanks for your help.


If you select Apache as the web server during the application we will send you a bundle file with the certificates all ready to use.

The AddTrustExternalCARoot.crt file is not needed in all applications, but we provide it just in case.

If you need a postiveSSL bundle then it can be downloaded from:,1

If you still have problems, please submit the problem to our support department.


Wow. I’m glad I read the previous reply before you erased it.

Anyway, regarding the SSL bundle, I obviously know there is a bundle in the downloads section, because I said as much in my first message. However, I’ve tried both bundles, and neither works with the certificate I was issued. Why can’t you verify which one should work with my cert as I asked?

I did select Apache as the web server with my application and no bundle file was sent. This was through your reseller, so it could have been their screwup.

I have submitted my problems to support here and at to no avail. The certificate is still not trusted in IE. Inevitably both start by pointing me to the installation instructions, which I have read and followed and that still do not allow proper installation of my cert with what I was sent. The last reply from registerfly said “You have been issued CA root certificate along with flyssl
in that .zip file sent to you. Please proceed to install both flysll and ca root certificate.” Of course they sent no instructions how to do so. To Comodo’s credit their third support agent actually sent me the files I asked for which your installation instructions refer to (the first sent me wrong instructions for Apache, the second refused to help me and referred me to registerfly’s support). Still, regardless of what I have been sent, or have been able to download, the certificate is still not trusted.

Thanks anyway for your time. I’m going to try to get my money back.


Sorry to hear that you are going to get a refund. would be the first point of contact for support if you purchased through them.
It would then up to to contact us if they cannot resolve the issue.

On the bundle question…when Apache is selected we do send the correct bundle file attached to the email, so I am not sure why you would receive the site certificate and not the bundle file.


Thanks for the reply Garry. I do believe that at least one of my hosts has a deal with Comodo directly, so there’s a good chance I’ll still be using Comodo in the future. Hopefully with more success, and without a reseller in the middle. I’m sure most of my problems can be traced back to the reseller. (:AGY)

As far as the refund goes, it came down to it being the end of their 30-day guarantee, and no working certificate. Tack on another month before they were even able to send me the certificate because their automated system couldn’t verify me as the admin and you can see why I was a bit miffed.

I am having the same problem. I bought a certificate through Registerfly and I have no CA bundle to work with. Their support is horrible and they haven’t resolved the issue even after numerous support tickets. Can someone please help me get my certificate working? How do I go about getting a CA bundle?

If you need a postiveSSL bundle then it can be downloaded from:,1
I tried that and it didn't work either.


If you received the site certificate then all other certificates required can be downloaded from:

If you don’t have the site certificate please submit a ticket to support who will assist in getting the certificate to you.