SSL Certificate on XML Web Service


We are in the process of renewing a Comodo SSL certificate that is used by our XML Gateway application. We have many outside client who send XML Soap messages to this service and this services provides an XML or HTML response in return. All of this is done over HTTPS. These are server to server transactions.

The question I have is when we update our SSL certificate on this XML Gateway, will our clients need to import this certificate into their web server? I know that Comodo updated its root certificate in the past year and we are wondering if this could cause us any issues?

Thank you.

Mark Didrikson

Mark: So long as your clients have our root certificate (AddTrust External CA Root) and your ‘XML Gateway’ has the certificate fully installed, there should be no issue.

Thanks Sal. Is there a way for our clients to verify they have the root certificate installed on their server?

Mark Didrikson

It all depends on the client they’re using. There’s no easy way to see this. Have you used our certificates before on this Gateway?

Hi Sal,

Yes, we currently have a Comodo certificate installed on our XML Gateway. The current certificate is expiring soon and we are replacing it. Our concern is the Comodo root certificate has been update in the past year and we don’t know if this will cause us any issues.


Mark Didrikson

Sal, would it be OK for me to include you on our email thread?


Mark, our roots haven’t changed in years. What we have changed over the past few years have been the Intermediates. So long as you have the certificate fully installed on the server (this includes the intermediates), where the SSL certificate resides, then there should be no issue.

Thanks Sal. Our client shows that they have the following certificate installed on their end:

USERTrust issued by UTNDataCorp SGC

Is this a Comodo root certificate?



Yes, but it may be used as an Intermediate too, which it most likely it is.

Based on our discussion here and in working with our client, I do not believe they currently have the Comodo root certificate installed on their server.

I am going to ask them to install the Comodo root that you mentioned above. I think that will work for our certificate swap out this weekend.

We updated the SSL certificate on our production XML Gateway application today. It went well. We did experience an issue with one process not being able to call the Gateway until we had fully installed the root and intermediate certificates.

Thank you for your help!

Mark D.