ShipRush
ShipRush Dashboard
Submit an Idea
Contact Support
  • For Developers
  • Guide to Update Sectigo Certificates on Legacy Windows Versions

Guide to Update Sectigo Certificates on Legacy Windows Versions

This manual explains how to download and install the required Sectigo certificate on legacy Windows systems—Windows 7, Windows 8/8.1, and Windows Server 2012/2012 R2—so applications and browsers can trust the updated certificate chain.

Before you begin

Compatibility note (legacy Windows): These operating systems may not receive current root certificate updates anymore. If you still see trust errors after completing this guide, you may need additional root/intermediate updates from your organization, or you may need to enable/install the latest supported Windows updates for your environment.

  • Administrator rights: Installing to the Local Machine store typically requires admin permissions and may trigger a User Account Control (UAC) prompt.

  • Know what you are installing: Only install certificates from trusted sources. If you are unsure, contact your IT support.

  • Target certificate: Sectigo Public Server Authentication CA OV R36 (RSA).

  • File type: You will download a .crt certificate file.

Step 1: Download the Sectigo certificate

Open the Sectigo certificate-chain page:

https://www.sectigo.com/knowledge-base/detail/Access-New-Sectigo-Certificate-Chain

On that page, locate the RSA certificate named Sectigo Public Server Authentication CA OV R36. If you need a direct link, you can use:

https://crt.sh/?d=4267304698

Download the certificate and save it to your computer (for example, your Downloads folder). Make sure the file extension is .crt.

See below screenshots for selecting the Sectigo Public Server Authentication CA OV R36 (RSA) and saving the certificate as a .crt file.


Step 2: Install the certificate (Certificate Import Wizard)

  1. Double-click the downloaded .crt file.

  2. In the certificate window, select Install Certificate....

  3. When prompted for the store location, select Local Machine, then select Next. Note: You may be prompted by Windows to allow the installer to make changes. Select Yes to continue.

  4. Select Place all certificates in the following store, then select Browse….

  5. Select Trusted Root Certification Authorities, then select OK.

  6. Select Next, then select Finish to complete the import.


Step 3: Verify the certificate is installed

Option A (recommended): Use certlm.msc to view the Local Machine certificate store.

  1. (Option A) Open the Start menu, select Run (or press Windows + R), type certlm.msc, then press Enter.

  2. In the left pane, expand Trusted Root Certification Authorities > Certificates.

  3. Confirm you can find Sectigo Public Server Authentication CA OV R36 in the list.

  4. Close the console and restart the affected application (or reboot the PC if required).

Option B (if certlm.msc is unavailable): Use the Microsoft Management Console (MMC).

  1. Press Windows + R, type mmc, then press Enter.

  2. Go to File > Add/Remove Snap-in….

  3. Select Certificates, then select Add.

  4. Choose Computer account > Next > Local computer > Finish, then select OK.

  5. Browse to Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates and confirm Sectigo Public Server Authentication CA OV R36 is present.