LLMpediaThe first transparent, open encyclopedia generated by LLMs

Sectigo

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: GlobalSign Hop 4
Expansion Funnel Raw 80 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted80
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
Sectigo
NameSectigo
Former nameComodo CA
TypePrivate
IndustryComputer security
Founded1998
FounderMelih Abdulhayoglu
HeadquartersNew York City, United States
Key peopleEric Pike (CEO)
ProductsPublic key infrastructure, TLS/SSL certificates, code signing, IoT security
Revenue(private)
Employees(private)

Sectigo is a commercial certificate authority and digital identity provider offering public key infrastructure (PKI) products for web, software, and Internet of Things (IoT) ecosystems. The company provides Transport Layer Security (TLS) certificates, code signing credentials, managed PKI, and device identity solutions for enterprises, cloud platforms, and managed service providers. Its services are used to authenticate servers, sign applications, and secure device communications across diverse deployments in telecommunications, finance, healthcare, and e‑commerce.

History

The organization traces corporate lineage to initiatives in the late 1990s around secure sockets layer deployment pioneered by figures associated with Netscape Communications Corporation, Ericsson, Microsoft, Cisco Systems, and entrepreneurs involved in early PKI commercialization. Throughout the 2000s the entity competed with established certificate authorities such as VeriSign, Thawte, Entrust, Comodo (note: distinct legal entities), GoDaddy and DigiCert in the evolving market shaped by browser vendors like Mozilla Foundation, Google, Apple Inc., and Microsoft Corporation. Major industry milestones influencing the business included policy shifts after Heartbleed, initiatives by Internet Engineering Task Force, and the launch of Let's Encrypt by the Internet Security Research Group which dramatically affected certificate issuance models. Corporate events in the 2010s involved acquisitions, rebrandings, and private equity transactions paralleling activities by Vista Equity Partners, Thoma Bravo, and other investors in cybersecurity portfolios. Regulatory and standards bodies such as the Certificate Authority/Browser Forum, the Federal Trade Commission, and national telecommunications authorities factored into compliance and audit regimes.

Products and Services

Offerings target server authentication, code provenance, device identity, and managed PKI. Key products are comparable to inventories from DigiCert, GlobalSign, Entrust, Trustwave, and GoDaddy: TLS/SSL certificates for domains and multi‑domain deployments; wildcard and multi‑domain SAN certificates; EV (Extended Validation) and OV (Organization Validation) credentials aligning with CA/Browser Forum Baseline Requirements; code signing certificates for platforms like Microsoft Windows and Apple App Store workflows; S/MIME credentials used by organizations such as Bank of America, Walmart, and AT&T for secure email; and automated certificate lifecycle management solutions integrated with cloud platforms including Amazon Web Services, Microsoft Azure, Google Cloud Platform, Cloudflare, and orchestration tools from HashiCorp. Device identity offerings support IoT manufacturers and vendors like Bosch, Siemens, Honeywell, and GE through provisioning, firmware signing, and device onboarding. Enterprise services include managed PKI, certificate discovery and inventory, and APIs for DevOps pipelines employed by companies such as Netflix, Salesforce, and Oracle Corporation.

Technology and Security Practices

The firm implements PKI building blocks aligned to standards bodies including IETF, CA/Browser Forum, and ISO/IEC. Cryptographic offerings use algorithms and curves vetted in forums influenced by National Institute of Standards and Technology, RSA Security, Elliptic Curve Digital Signature Algorithm, and industry migration toward Elliptic Curve Cryptography and SHA‑2 families. Operational security features mirror practices used by Let's Encrypt and DigiCert: automated certificate issuance, ACME protocol compatibility, hardware security module integration consistent with FIPS and Common Criteria expectations, and certificate transparency logging promoted by Google Transparency Report initiatives. Third‑party audits and WebTrust assessments commonly performed by firms like Deloitte, KPMG, and Ernst & Young are part of assurance regimes in the CA ecosystem. Incident response and vulnerability disclosure processes reference coordination patterns from MITRE and the Open Web Application Security Project community standards.

Business and Corporate Structure

The company operates as a privately held entity with executive leadership and board composition reflecting operators experienced in enterprise software, cloud infrastructure, and cybersecurity. Sales and channel strategies include partnerships with managed security service providers, resellers, and platform vendors similar to approaches used by IBM, Accenture, Capgemini, and Wipro. Corporate activities have involved mergers and acquisitions akin to transactions in the sector by Symantec (for its CA business), Thawte acquisitions, and strategic investments from private equity firms. Legal, compliance, and audit functions coordinate with agencies such as the U.S. Securities and Exchange Commission when applicable to parent entities, and privacy/security programs map to regulatory frameworks like GDPR and sectoral rules in finance and healthcare enforced by agencies like FINRA and Department of Health and Human Services.

Market Position and Partnerships

Market positioning competes with leading certificate authorities and cloud platform security vendors. Strategic integrations mirror collaborations seen between DigiCert and Microsoft or Entrust and Amazon Web Services, including channel partnerships with web hosting providers like GoDaddy, content delivery networks like Akamai, and security orchestration vendors such as Palo Alto Networks and CrowdStrike. Alliances with certificate lifecycle management vendors and DevOps tooling providers resemble relationships formed by Venafi and HashiCorp. The company serves enterprises across verticals that include clients of JPMorgan Chase, HSBC, Pfizer, Johnson & Johnson, and major cloud service customers, leveraging reseller ecosystems and OEM integrations.

Controversies and Incidents

Like many certificate authorities, the organization has faced scrutiny over issuance practices, revocation events, and operational transparency in contexts discussed alongside incidents involving DigiNotar, Symantec/Google root distrust actions, and CA/Browser Forum enforcement decisions. Public debates involving browser vendors such as Google and Mozilla about baseline requirements, EV semantics, and certificate lifecycle policies have impacted market players. Security researchers and incident response teams at CERT Coordination Center and academic groups from institutions like MIT, Stanford University, and Carnegie Mellon University have examined PKI trust models and disclosed vulnerabilities influencing CA practices. Regulatory and industry audits, as performed by firms such as KPMG and oversight groups, continue to shape governance and remediation steps following any operational incidents.

Category:Certificate authorities