CyberSource Security Update - SSL Certificate Replacement (Possible Action Required)
Scheduled Maintenance
Report for Cybersource
Completed
The scheduled maintenance has been completed.
In progress
Scheduled maintenance is currently in progress. We will provide updates as necessary.
Scheduled
Dear Valued Customer
Summary
Entrust discovered that some Extended Validation (EV) SSL/TLS certificates issued between September 11, 2023, and March 18, 2024, were missing a specific component required by the EV guidelines. This component links the certificate to the Certificate Policy (CP) and the Certification Practice Statement (CPS) of the issuer. EV Code Signing certificates are not impacted by this issue. Entrust is required to revoke affected EV SSL/TLS certificates by April 19, 2024. Entrust has taken steps to address and prevent the issue from happening again.
POSSIBLE ACTION REQUIRED
Merchants that are explicitly trusting the Leaf Certificates in the Cybersource endpoints list below will need to take action by engaging their network team or their developer team and re-apply the new certificates to avoid connection outage before April 19, 2024.
Merchants who trust the SSL/TLS certificate chain through the Root and Intermediate CA (this is called hierarchical trust) and do not explicitly store a local copy of the leaf certificate in their trust store, do not need to take any action at this time.
How can I tell what SSL certificate I am using?
You will need to engage your server administrator or your network support team.
What is CyberSource’s recommendation?
Cybersource recommends trusting the Root and Intermediate CA SSL certificates on all of its secure endpoints. This avoids the need to renew the server-level certificate every year. If you are following our best practice, no additional steps are needed at this time. If your application or environment requires trusting of server-level certificates, then you will need to update these certificates immediately to avoid any production impact.
Where can I find the latest SSL server-level certificates?
Leaf Certificates of the impacted Cybersource endpoints can be found in the below Knowledgebase article:
https://support.cybersource.com/s/article/Where-can-I-find-the-latest-version-of-Cybersource-server-level-SSL-certificates
List of Cybersource Impacted endpoints:
apitest.cybersource.com
accountupdater.cybersource.com
api.cybersource.com
batch.cybersource.com
ics2wstest.ic3.com
ics2wstesta.ic3.com
api.accountupdatertest.cybersource.com
api.accountupdater.cybersource.com
ics2ws.ic3.com
ics2wsa.ic3.com
api.in.cybersource.com
ics2ws.in.ic3.com
batch.in.cybersource.com
Please contact your Customer Support representatives for any questions you may have about this change.
Thank You,
CyberSource Customer Support
Summary
Entrust discovered that some Extended Validation (EV) SSL/TLS certificates issued between September 11, 2023, and March 18, 2024, were missing a specific component required by the EV guidelines. This component links the certificate to the Certificate Policy (CP) and the Certification Practice Statement (CPS) of the issuer. EV Code Signing certificates are not impacted by this issue. Entrust is required to revoke affected EV SSL/TLS certificates by April 19, 2024. Entrust has taken steps to address and prevent the issue from happening again.
POSSIBLE ACTION REQUIRED
Merchants that are explicitly trusting the Leaf Certificates in the Cybersource endpoints list below will need to take action by engaging their network team or their developer team and re-apply the new certificates to avoid connection outage before April 19, 2024.
Merchants who trust the SSL/TLS certificate chain through the Root and Intermediate CA (this is called hierarchical trust) and do not explicitly store a local copy of the leaf certificate in their trust store, do not need to take any action at this time.
How can I tell what SSL certificate I am using?
You will need to engage your server administrator or your network support team.
What is CyberSource’s recommendation?
Cybersource recommends trusting the Root and Intermediate CA SSL certificates on all of its secure endpoints. This avoids the need to renew the server-level certificate every year. If you are following our best practice, no additional steps are needed at this time. If your application or environment requires trusting of server-level certificates, then you will need to update these certificates immediately to avoid any production impact.
Where can I find the latest SSL server-level certificates?
Leaf Certificates of the impacted Cybersource endpoints can be found in the below Knowledgebase article:
https://support.cybersource.com/s/article/Where-can-I-find-the-latest-version-of-Cybersource-server-level-SSL-certificates
List of Cybersource Impacted endpoints:
apitest.cybersource.com
accountupdater.cybersource.com
api.cybersource.com
batch.cybersource.com
ics2wstest.ic3.com
ics2wstesta.ic3.com
api.accountupdatertest.cybersource.com
api.accountupdater.cybersource.com
ics2ws.ic3.com
ics2wsa.ic3.com
api.in.cybersource.com
ics2ws.in.ic3.com
batch.in.cybersource.com
Please contact your Customer Support representatives for any questions you may have about this change.
Thank You,
CyberSource Customer Support
This scheduled maintenance affected: API Connection/Endpoints (Rest API, Simple Order API, SOAP Toolkit).