CyberSource Security Update for India Merchants Only – SSL certificate replacement (Action Required)
Scheduled Maintenance
Report for Cybersource
Subscribe to Updates
Update
Scheduled maintenance is still in progress. We will provide updates as necessary.
In progress
Scheduled maintenance is currently in progress. We will provide updates as necessary.
Scheduled
Dear Valued Customer
What is happening:
To uphold the maximum levels of security and compliance in both your browser-based and server-to-server interactions with the CyberSource platform, we are transitioning all CyberSource endpoint SSL/TLS certificates from Entrust to DigiCert. These SSL/TLS certificates, originally issued by Entrust, will now be issued by DigiCert to fortify these communication channels.
This requires that all merchants who use CyberSource endpoint URLs to integrate the newly issued Root and Intermediate (CA) SSL certificates from DigiCert into their systems. This must be done in both the TEST/CAS and Production environments prior to the scheduled revocation dates listed below.
CyberSource will also generate server-level (leaf) SSL certificates. However, it is recommended that merchants trust only the Root and Intermediate CA SSL certificates on all secure endpoints. This method avoids the annual necessity to renew the server-level certificate.
Why is CyberSource taking action:
The utmost priority for CyberSource is to maintain secure and compliant communication channels across all of its endpoint URLs. Additionally, Google has planned to revoke Entrust certificates on its Chrome platform by October 30, 2024. This decision will also affect CyberSource clients who access our endpoints through the Chrome browser.
When Cybersource will revoke Entrust Certificates:
Cybersource is planning to revoke Entrust SSL certificates on the following dates:
CAS/TEST environment: Completed on August 16th, 2024 Starting time 4:00GMT (August 15th, 2024 21:00PDT)
Production environment (Shock Test)*: September 25th, 2024 Start Time: 4:00GMT End Time: 6:00GMT
Production environment: October 29th, 2024 Starting time 16:00GMT
*A "Shock" test will be done by migrating our Cybersource endpoints from Entrust to DigiCert SSL root and intermediate (CA) certificates for a short period during the day and then roll the change back. The purpose of the shock test is to provide the merchant the option to validate their connection and the chance to make adjustments to become compatible with our security update.
Action Required:
Merchants using Cybersource endpoints should coordinate with their network team or hosting/solution provider to implement all necessary measures to ensure their connections to Cybersource properties follow industry standards. This includes updating their systems with the new Root and Intermediate (CA) SSL certificates, which correspond to the specific Cybersource endpoint they use.
We strongly urge you to test your implementation in the CAS/TEST environment as soon as Cybersource releases DigiCert new SSL certificates on August 15th, 2024. Testing in the Production environment won't be possible before the Production release date. Therefore, it's imperative to ensure your system is prepared by conducting all necessary tests in the CAS/TEST environment.
Please take note: Do not revoke or remove any of your existing Entrust certificates linked with Cybersource endpoints before the scheduled dates mentioned above. Until the cut-off dates, the only supported certificates will be the Entrust SSL certificates. You may add the new certificates to your system and verify their functionality in the CAS/TEST environment.
Here is a list of Cybersource URLs that require immediate attention:
CAS/TEST URLs:
accountupdatertest.cybersource.com
apitest.cybersource.com
batchtest.cybersource.com
api.accountupdatertest.cybersource.com
ics2wstest.ic3.com
ics2wstesta.ic3.com
Production URLs:
ics2ws.in.ic3.com
api.in.cybersource.com
batch.in.cybersource.com
Root and Intermediate (CA) Certificates of the impacted Cybersource endpoints can be found in the below Knowledgebase article:
https://support.visaacceptance.com/knowledgebase/Knowledgearticle/?code=KA-05544
If your application requires trusting of certificates at the server (leaf) level, you must install (trust) the new certificates prior to expiration of existing certificates in order to avoid any production impact. The link to the Server-Level (leaf) SSL certificate can be found in the below Knowledgebase article:
https://support.visaacceptance.com/knowledgebase/knowledgearticle/?code=000003572
Please contact your Customer Support representatives for any questions you may have about this change.
Thank You,
CyberSource Customer Support
What is happening:
To uphold the maximum levels of security and compliance in both your browser-based and server-to-server interactions with the CyberSource platform, we are transitioning all CyberSource endpoint SSL/TLS certificates from Entrust to DigiCert. These SSL/TLS certificates, originally issued by Entrust, will now be issued by DigiCert to fortify these communication channels.
This requires that all merchants who use CyberSource endpoint URLs to integrate the newly issued Root and Intermediate (CA) SSL certificates from DigiCert into their systems. This must be done in both the TEST/CAS and Production environments prior to the scheduled revocation dates listed below.
CyberSource will also generate server-level (leaf) SSL certificates. However, it is recommended that merchants trust only the Root and Intermediate CA SSL certificates on all secure endpoints. This method avoids the annual necessity to renew the server-level certificate.
Why is CyberSource taking action:
The utmost priority for CyberSource is to maintain secure and compliant communication channels across all of its endpoint URLs. Additionally, Google has planned to revoke Entrust certificates on its Chrome platform by October 30, 2024. This decision will also affect CyberSource clients who access our endpoints through the Chrome browser.
When Cybersource will revoke Entrust Certificates:
Cybersource is planning to revoke Entrust SSL certificates on the following dates:
CAS/TEST environment: Completed on August 16th, 2024 Starting time 4:00GMT (August 15th, 2024 21:00PDT)
Production environment (Shock Test)*: September 25th, 2024 Start Time: 4:00GMT End Time: 6:00GMT
Production environment: October 29th, 2024 Starting time 16:00GMT
*A "Shock" test will be done by migrating our Cybersource endpoints from Entrust to DigiCert SSL root and intermediate (CA) certificates for a short period during the day and then roll the change back. The purpose of the shock test is to provide the merchant the option to validate their connection and the chance to make adjustments to become compatible with our security update.
Action Required:
Merchants using Cybersource endpoints should coordinate with their network team or hosting/solution provider to implement all necessary measures to ensure their connections to Cybersource properties follow industry standards. This includes updating their systems with the new Root and Intermediate (CA) SSL certificates, which correspond to the specific Cybersource endpoint they use.
We strongly urge you to test your implementation in the CAS/TEST environment as soon as Cybersource releases DigiCert new SSL certificates on August 15th, 2024. Testing in the Production environment won't be possible before the Production release date. Therefore, it's imperative to ensure your system is prepared by conducting all necessary tests in the CAS/TEST environment.
Please take note: Do not revoke or remove any of your existing Entrust certificates linked with Cybersource endpoints before the scheduled dates mentioned above. Until the cut-off dates, the only supported certificates will be the Entrust SSL certificates. You may add the new certificates to your system and verify their functionality in the CAS/TEST environment.
Here is a list of Cybersource URLs that require immediate attention:
CAS/TEST URLs:
accountupdatertest.cybersource.com
apitest.cybersource.com
batchtest.cybersource.com
api.accountupdatertest.cybersource.com
ics2wstest.ic3.com
ics2wstesta.ic3.com
Production URLs:
ics2ws.in.ic3.com
api.in.cybersource.com
batch.in.cybersource.com
Root and Intermediate (CA) Certificates of the impacted Cybersource endpoints can be found in the below Knowledgebase article:
https://support.visaacceptance.com/knowledgebase/Knowledgearticle/?code=KA-05544
If your application requires trusting of certificates at the server (leaf) level, you must install (trust) the new certificates prior to expiration of existing certificates in order to avoid any production impact. The link to the Server-Level (leaf) SSL certificate can be found in the below Knowledgebase article:
https://support.visaacceptance.com/knowledgebase/knowledgearticle/?code=000003572
Please contact your Customer Support representatives for any questions you may have about this change.
Thank You,
CyberSource Customer Support
This scheduled maintenance affects: API Connection/Endpoints (Rest API, Simple Order API, SOAP Toolkit).