Comodo (Sectigo)

Comodo (Sectigo)
Name	Comodo (Sectigo)
Type	Private
Industry	Cybersecurity
Founded	1998
Founder	Melih Abdulhayoglu
Headquarters	Clifton, New Jersey, United States
Area served	Global
Products	SSL/TLS certificates, PKI, endpoint security, managed PKI

Comodo (Sectigo)

Comodo (Sectigo) is a commercial certificate authority and cybersecurity company providing digital certificate services, public key infrastructure (PKI) products, and related security technologies. The company operates in the same markets as DigiCert, Entrust, GlobalSign, Let's Encrypt, and GoDaddy, and competes for customers among enterprises, small businesses, hosting providers, and software vendors. Its product suite spans SSL/TLS certificates, automated certificate lifecycle management, and endpoint security offerings used across web hosting, e-commerce, content delivery, and software signing ecosystems.

History

Comodo originated in 1998 with founders linked to technology entrepreneurship in United Kingdom and later moved key operations to United States. Throughout the 2000s the company expanded alongside the widespread adoption of SSL/TLS driven by initiatives from Mozilla, Microsoft, Apple, Google and standards bodies such as the Internet Engineering Task Force and the World Wide Web Consortium. Comodo grew by securing partnerships with web hosts and registrars including GoDaddy, Network Solutions, 1&1 Ionos and Namecheap, and by introducing certificate products tuned for small and medium enterprises. In the 2010s the organization rebranded portions of its business to focus on enterprise PKI under the Sectigo name, reflecting shifts similar to consolidation seen with DigiCert's acquisition of Symantec's certificate business and other industry M&A trends involving Thoma Bravo and Vista Equity Partners.

Products and Services

The company offers SSL/TLS certificates, wildcard certificates, multi-domain (SAN) certificates, and extended validation (EV) certificates used in e-commerce platforms such as Shopify, Magento, and WooCommerce. It provides managed PKI and certificate lifecycle management solutions deployed by financial institutions like JP Morgan Chase, cloud providers similar to Amazon Web Services, and content delivery networks akin to Akamai. Additional services include code signing certificates used by software vendors such as Microsoft Corporation partners and independent developers on platforms like GitHub and SourceForge; email signing via S/MIME popular among enterprises following practices advocated by IETF working groups; and vulnerability scanning and endpoint protection aligned with standards promoted by Center for Internet Security. The company also offers automation tools integrating with orchestration systems such as Kubernetes, Docker, and Ansible.

Technology and Standards

Comodo (Sectigo) implements X.509 PKI frameworks and adheres to baseline requirements established by the CA/Browser Forum and audit regimes used by WebTrust and ETS-style auditors. Its certificate issuance processes interface with certificate management protocols like ACME popularized by Let's Encrypt and third-party automation ecosystems maintained by Certbot and HashiCorp Vault. The company's cryptographic implementations rely on standards such as RSA, Elliptic Curve Cryptography, and SHA-2 families, aligning with deprecation timelines from Internet Engineering Task Force specifications and vendor requirements from Mozilla Security Policy and Microsoft Certificate Trust Lists. Interoperability with browsers and operating systems from Google Chrome, Mozilla Firefox, Apple Safari, and Microsoft Windows is central to its trust model and root store management.

Security Incidents and Controversies

Over its history, the company has been involved in industry controversies similar to those experienced by other certificate authorities, touching on certificate mis-issuance, dispute over revocation practices, and the challenges of maintaining root store trust recognized by Mozilla and Microsoft. High-profile incidents in the certificate ecosystem have prompted scrutiny by security researchers associated with institutions like University of Michigan, Stanford University, and independent groups connected to Project Zero. The firm has responded by updating validation procedures, enhancing audit transparency, and engaging with community standards bodies such as the CA/Browser Forum to refine incident response and revocation mechanisms used across the internet.

Business Structure and Acquisitions

The organization has undergone corporate restructuring and branding changes reflecting private equity activity and strategic divestitures similar to transactions in the cybersecurity sector involving firms like Thoma Bravo and TPG Capital. It has engaged in partnerships and reseller arrangements with web hosting companies, domain registrars, and managed service providers including GoDaddy, 1&1 Ionos, and regional players across Europe, Asia, and the Americas. Corporate governance involves executive leadership with backgrounds in technology and finance, interacting with regulatory and standards bodies including NIST on cryptographic guidance and compliance frameworks.

Market Position and Customers

Comodo (Sectigo) occupies a prominent position among CAs by market share in certain segments such as small business and reseller channels, competing with DigiCert, GlobalSign, Let's Encrypt, GoDaddy, and enterprise-focused vendors like Entrust. Its customer base spans hosting providers, online retailers, financial services firms, software developers, and government agencies that require trusted certificates and PKI solutions. The company targets verticals including e-commerce platforms comparable to eBay and Amazon, content delivery networks like Cloudflare and Akamai, and managed service providers that integrate certificate lifecycle management into broader infrastructure offerings.

Category:Certificate authorities Category:Cybersecurity companies