We are in the process of renewing a Comodo SSL certificate that is used by our XML Gateway application. We have many outside client who send XML Soap messages to this service and this services provides an XML or HTML response in return. All of this is done over HTTPS. These are server to server transactions.
The question I have is when we update our SSL certificate on this XML Gateway, will our clients need to import this certificate into their web server? I know that Comodo updated its root certificate in the past year and we are wondering if this could cause us any issues?
Mark: So long as your clients have our root certificate (AddTrust External CA Root) and your ‘XML Gateway’ has the certificate fully installed, there should be no issue.
Yes, we currently have a Comodo certificate installed on our XML Gateway. The current certificate is expiring soon and we are replacing it. Our concern is the Comodo root certificate has been update in the past year and we don’t know if this will cause us any issues.
Mark, our roots haven’t changed in years. What we have changed over the past few years have been the Intermediates. So long as you have the certificate fully installed on the server (this includes the intermediates), where the SSL certificate resides, then there should be no issue.
Based on our discussion here and in working with our client, I do not believe they currently have the Comodo root certificate installed on their server.
I am going to ask them to install the Comodo root that you mentioned above. I think that will work for our certificate swap out this weekend.
We updated the SSL certificate on our production XML Gateway application today. It went well. We did experience an issue with one process not being able to call the Gateway until we had fully installed the root and intermediate certificates.