Visa Acceptance Solutions (including Cybersource) Security Update - Entrust to DigiCert SSL Certificate migration
KA-05544
11721
09/06/2024 17:33 PM
1.1
What is happening:
To uphold the maximum levels of security and compliance in both your browser-based and server-to-server interactions with the Visa Acceptance Solutions (including Cybersource) platform, we are transitioning all CyberSource endpoint SSL/TLS certificates from Entrust to DigiCert. These SSL/TLS certificates, originally issued by Entrust, will now be issued by DigiCert to fortify these communication channels.
To uphold the maximum levels of security and compliance in both your browser-based and server-to-server interactions with the Visa Acceptance Solutions (including Cybersource) platform, we are transitioning all CyberSource endpoint SSL/TLS certificates from Entrust to DigiCert. These SSL/TLS certificates, originally issued by Entrust, will now be issued by DigiCert to fortify these communication channels.
This requires that all merchants who use CyberSource endpoint URLs to integrate the newly-issued Root and Intermediate (CA) SSL certificates from DigiCert into their systems. This must be done in both the TEST/CAS and Production environments prior to the scheduled revocation dates listed below.
When Visa Acceptance Solutions (including Cybersource) will revoke Entrust Certificates:
Visa Acceptance Solutions (including Cybersource) is planning to revoke Entrust SSL certificates on the following dates:
CAS/TEST environment: Completed on August 16th, 2024 Starting time 4:00GMT (August 15th, 2024 21:00PDT)
Visa Acceptance Solutions (including Cybersource) is planning to revoke Entrust SSL certificates on the following dates:
CAS/TEST environment: Completed on August 16th, 2024 Starting time 4:00GMT (August 15th, 2024 21:00PDT)
Production environment (Shock Test) *: September 24th, 2024 Start Time: 16:00GMT End Time: 18:00GMT
Shock test will be performed on the following Cybersource endpoints:
ics2ws.ic3.com
api.cybersource.com
Production environment: October 29th, 2024 Starting time 16:00GMT
*A "Shock" test will be done by migrating our Cybersource endpoints from Entrust to DigiCert SSL root and intermediate (CA) certificates for a short period during the day and then roll the change back. The purpose of the shock test is to provide the merchant the option to validate their connection and the chance to make adjustments to become compatible with our security update.
Action Required:
Merchants using Cybersource endpoints should coordinate with their network team or hosting/solution provider to implement all necessary measures to ensure their connections to Cybersource properties follow industry standards. This includes updating their systems with the new Root and Intermediate (CA) SSL certificates, which correspond to the specific Cybersource endpoint they use.
Merchants using Cybersource endpoints should coordinate with their network team or hosting/solution provider to implement all necessary measures to ensure their connections to Cybersource properties follow industry standards. This includes updating their systems with the new Root and Intermediate (CA) SSL certificates, which correspond to the specific Cybersource endpoint they use.
We strongly urge you to test your implementation in the CAS/TEST environment as soon as Cybersource releases DigiCert new SSL certificates on August 15th, 2024. Testing in the Production environment won't be possible before the Production release date. Therefore, it's imperative to ensure your system is prepared by conducting all necessary tests in the CAS/TEST environment.
Please take note: Do not revoke or remove any of your existing Entrust certificates linked with Cybersource endpoints before the scheduled dates mentioned above. Until the cut-off dates, the only supported certificates will be the Entrust SSL certificates. You may add the new certificates to your system and verify their functionality in the CAS/TEST environment.
Please take note: Do not revoke or remove any of your existing Entrust certificates linked with Cybersource endpoints before the scheduled dates mentioned above. Until the cut-off dates, the only supported certificates will be the Entrust SSL certificates. You may add the new certificates to your system and verify their functionality in the CAS/TEST environment.
Download the latest version of the Root and Intermediate (CA) certificates from the .zip file in the Attachments section (below).
If your application requires trusting of certificates at the server level, you must install (trust) the new certificates prior to expiration of existing certificates in order to avoid any production impact. The link to the Server-Level (leaf) SSL certificate can be found [here].
List of Cybersource URLs that require immediate attention:
CAS/TEST URLs:
accountupdatertest.cybersource.com
apitest.cybersource.com
batchtest.cybersource.com
api.accountupdatertest.cybersource.com
ics2wstest.ic3.com
ics2wstesta.ic3.com
Production URLs:
accountupdater.cybersource.com
api.cybersource.com
batch.cybersource.com
api.accountupdater.cybersource.com
ics2ws.ic3.com
ics2wsa.ic3.com
CAS/TEST URLs:
accountupdatertest.cybersource.com
apitest.cybersource.com
batchtest.cybersource.com
api.accountupdatertest.cybersource.com
ics2wstest.ic3.com
ics2wstesta.ic3.com
Production URLs:
accountupdater.cybersource.com
api.cybersource.com
batch.cybersource.com
api.accountupdater.cybersource.com
ics2ws.ic3.com
ics2wsa.ic3.com
ics2ws.in.ic3.com
api.in.cybersource.com
batch.in.cybersource.com
Root and CA DigiCert Certificate.zip
Was this article helpful?
Articles Recommended for You