Maintenance Notifications

Expand all | Collapse all

[ACTION REQUIRED]: Maintenance to Update SSL Certificate for zuora.com api.zuora.com rest.zuora.com

Scott Blashek11-14-2018 14:51

  • 1.  [ACTION REQUIRED]: Maintenance to Update SSL Certificate for zuora.com api.zuora.com rest.zuora.com

    Posted 11-11-2018 15:33

    We are updating the SSL certificate used for the following endpoints on December 12, 2018:

    Production Endpoints:

    zuora.com

    api.zuora.com

    rest.zuora.com

    static.zuora.com

     

    Action may be required on your part prior to December 12, 2018

     

    When will these changes take effect on the Zuora side?

    December 12, 2018 starting at 1am through 11am

     

    How will this change impact me?

     Your integration may stop functioning if your systems do not trust the correct root and intermediate certificate.

    * Important Note: Some applications require a restart even if the trusted root store is in place in order to use the new certificate for SSL connections.



    What action must I take?

    If the Root and Intermediate Certificates are not trusted by your applications or libraries, you must complete the following actions before the scheduled maintenance to avoid any potential service disruption. Zuora cannot determine if you are impacted, so you will need to work with your technology teams to determine what actions for this certificate update.  

     

    Download and install the Appropriate Root Certificate Bundle

    If your integration does not trust the Comodo Root Certificates, then the certificate must be imported into your applications trusted CA store.

     

    Follow these steps to download the Comodo Root Certificates:

    1. The CA Certificates can be downloaded from the links below:

    https://knowledgecenter.zuora.com/BB_Introducing_Z_Business/Policies/Full_Certification_Chain

    You will need the zuora-com-root.cer and zuora-com-intermediate.cer for the following sites:

    zuora.com

    api.zuora.com

    rest.zuora.com

    static.zuora.com

     

    What happens if I take no action?

    If the Root Certificate is not trusted by your integration, and you take no action, your systems will not be able to connect to the Zuora Production endpoint  after this change is implemented. Please discuss this change with your technology teams to ensure you take the appropriate actions.

     

    You are encouraged to register to the Zuora Community in order to receive the latest update on this topic.

     

    Thank you for your support as it allows us to maintain the highest security standards at Zuora ensuring the safety of your data.

    Best Regards,

     

    Zuora Support Services & Community




    #Announcement


  • 2.  [ACTION REQUIRED]: Maintenance to Update SSL Certificate for zuora.com api.zuora.com rest.zuora.com

    Posted 11-11-2018 23:42

    @scottb

     

    Did not the following SSL certificate update be carried out in previous maintenance?:

    *.zuora.com

    https://community.zuora.com/t5/Release-Notifications/ACTION-REQUIRED-Maintenance-to-Update-SSL-Certificate-for-zuora/ba-p/24856

     



  • 3.  [ACTION REQUIRED]: Maintenance to Update SSL Certificate for zuora.com api.zuora.com rest.zuora.com

    Posted 11-12-2018 04:30

    @scott

     

    Does this maintenance include the following endpoints? :

    www.zuora.com



  • 4.  [ACTION REQUIRED]: Maintenance to Update SSL Certificate for zuora.com api.zuora.com rest.zuora.com

    Posted 11-12-2018 18:13


    Q: Did not the following SSL certificate update be carried out in previous maintenance?: *.zuora.com

    A: This is a separate maintenance, related to endpoint fronted by *.zuora.com (eg, www.zuora.com, api.zuora.com, static.zuora.com, etc)

     

    Q: Does this maintenance include the following endpoints? : www.zuora.com

    A: Yes



  • 5.  [ACTION REQUIRED]: Maintenance to Update SSL Certificate for zuora.com api.zuora.com rest.zuora.com

    Posted 11-12-2018 18:19

    Is there any way to test this prior to the deployment in production? Maybe similar to the last procedure mentioned earlier?



  • 6.  [ACTION REQUIRED]: Maintenance to Update SSL Certificate for zuora.com api.zuora.com rest.zuora.com

    Posted 11-13-2018 17:07

    I believe that a keystore which now works for connecting to the sandbox environment should also work for the production environment, if I understand anything about what has happened with these upgrades.

     

    Someone from Zuora please correct me if that's wrong, however!



  • 7.  [ACTION REQUIRED]: Maintenance to Update SSL Certificate for zuora.com api.zuora.com rest.zuora.com

    Posted 11-13-2018 21:45

    @scottb


    >December 12, 2018 starting at 1am through 11am

    Is the time zone PST?

     



  • 8.  [ACTION REQUIRED]: Maintenance to Update SSL Certificate for zuora.com api.zuora.com rest.zuora.com

    Posted 11-14-2018 14:51

    Yes, all times are Pacific Time



  • 9.  [ACTION REQUIRED]: Maintenance to Update SSL Certificate for zuora.com api.zuora.com rest.zuora.com

    Posted 11-22-2018 03:49

    Hi,

    Our integration with Zuora is around Zuora SOAP API & Hosted Payment Method.

    I am not aware of any certificates we currently use.

    How can I be sure if we are exempt from updating the certificate as part of this update?

     



  • 10.  [ACTION REQUIRED]: Maintenance to Update SSL Certificate for zuora.com api.zuora.com rest.zuora.com

    Posted 11-28-2018 07:28

    Hi Team,

     

    Does this SSL update include the following project? Please let us know as soon as possible.

    Project: MicroFocus

    Tenant:  6444

     

    Regards,

    Bala.



  • 11.  [ACTION REQUIRED]: Maintenance to Update SSL Certificate for zuora.com api.zuora.com rest.zuora.com

    Posted 11-29-2018 21:26

    As stated above, Zuora cannot determine impact to your integrations.  You will need to work with your technology teams to asses if you need to update integration certificates.  This impacts all production tenants using the cited endpoints as per the original article.

     

     



  • 12.  [ACTION REQUIRED]: Maintenance to Update SSL Certificate for zuora.com api.zuora.com rest.zuora.com

    Posted 12-03-2018 15:20

    Hi Zuora team,

     

    Can you please provide a POC for this certificate update? Who can we reach out to in case of an emergency?

     

    Thanks!

     



  • 13.  [ACTION REQUIRED]: Maintenance to Update SSL Certificate for zuora.com api.zuora.com rest.zuora.com

    Posted 12-03-2018 15:36

    Hi @czarco

    Please reach out to Zuora support for any issues resulting in this deployment that cannot be addressed locally through your own technology and security teams.   As for POC, I'm not familair with that aconym in this context.  Can you explain further?



  • 14.  [ACTION REQUIRED]: Maintenance to Update SSL Certificate for zuora.com api.zuora.com rest.zuora.com

    Posted 12-03-2018 20:37

    Hi scott,

     

    POC stands for point of contact, so I am assuming that we should reach to Zuora support for any issues?

     



  • 15.  [ACTION REQUIRED]: Maintenance to Update SSL Certificate for zuora.com api.zuora.com rest.zuora.com

    Posted 12-03-2018 21:38

    Correct - Support will be your primary point of contact if there is any issues on your end as outlined above.



  • 16.  [ACTION REQUIRED]: Maintenance to Update SSL Certificate for zuora.com api.zuora.com rest.zuora.com

    Posted 12-04-2018 04:59

    Is the SSL certificate already updated for your sandbox endpoints so that we can run tests before the upgrade in production?



  • 17.  [ACTION REQUIRED]: Maintenance to Update SSL Certificate for zuora.com api.zuora.com rest.zuora.com

    Posted 12-05-2018 20:15

    Hi @gbarak

    The apisandbox certificate is different so testing here doesn't apply.  I'll post an "unofficial" method you could test SSL connections to the same certificate in our staging environments below.



  • 18.  [ACTION REQUIRED]: Maintenance to Update SSL Certificate for zuora.com api.zuora.com rest.zuora.com

    Posted 12-05-2018 20:26

    Hi everyone

    Attached you will find aa sample test method you could use to test the new certs which are setup in our Akamai STAGING environment. This method requires you to redirect the traffic using an/etc/hosts file to direct the traffic with the correct header for SPI.


    If you choose to do this testing, please keep the following under advisement:

    1. DO NOT run this test process in your actual production environment, and please do not proceed unless you understand the method being suggested - we encourage you to work with your integration and IT teams to validate
    2. Please be aware that this test process is supplied as-is as a sample process. We will not provide support for this process.
    3. This test will allow you to test SSL connections only. A successful connection confirms your integration is capable of passing the certificate check during the initial SSL negotiation. The core Zuora APIs, while available, may not function as per our Production standards and will not have your data or authentication setup.

    https://drive.google.com/file/d/1BojkDdBGalti_NIky5VVghF8RA4C7ePh/view?usp=sharing



  • 19.  [ACTION REQUIRED]: Maintenance to Update SSL Certificate for zuora.com api.zuora.com rest.zuora.com

    Posted 12-06-2018 17:47

    Hi,

     

    Will the intermediate certificate be included in the certificate chain from the production servers or not? Zuora best-practices (stated on the other thread) explicitly say that a server will send the entire cert chain, but as I already pointed out on that post, the PT1 servers do not do this.

     

    Will the production servers do it or not? This matters, because it changes what we need to put in our keystores. I have had this question open and unanswered on the other thread since October 12. It's now nearly 2 months later, will it be possible to get an answer now that we're about to change production?

     

    Thanks,

     

    Ben



  • 20.  [ACTION REQUIRED]: Maintenance to Update SSL Certificate for zuora.com api.zuora.com rest.zuora.com

    Posted 12-12-2018 11:23

    HI Team,

    Could you please let us know the status of the maintenance?

     

    Regards,

    Bala.



  • 21.  [ACTION REQUIRED]: Maintenance to Update SSL Certificate for zuora.com api.zuora.com rest.zuora.com

    Posted 12-12-2018 15:11

    Hi folks

     

    We received confirmation from our CDN (Akamai) that the SSL Certificate deployment has been completed.  



  • 22.  [ACTION REQUIRED]: Maintenance to Update SSL Certificate for zuora.com api.zuora.com rest.zuora.com

    Posted 12-12-2018 17:17

    Hello,

     

    We never needed to upload a certificate when we adopted Zuora and all of our API calls from Salesforce to Zuora seem to be working just fine. However, as of about an hour ago we cannot access anything on the Connect platform. Receiving error message: {"message":"no route and no API found with those values"}

     

    Could this be related?



  • 23.  [ACTION REQUIRED]: Maintenance to Update SSL Certificate for zuora.com api.zuora.com rest.zuora.com

    Posted 12-12-2018 17:22

    There is a Connect App incident: https://trust.zuora.com/incidents/q2pvpf4tvh0t

     



  • 24.  [ACTION REQUIRED]: Maintenance to Update SSL Certificate for zuora.com api.zuora.com rest.zuora.com

    Posted 12-12-2018 17:37

    Hi folks

     

    We have an ongoing incident running for the connect incident on the Zuora side since it was reporeted which is being handled with our highest priority.  I can confirm this is NOT connected to the SSL Certificate Deployment outlined on this thread.  We will continue to keep customers updated per the trust incident posted and invidual support tickets accordingly.  



  • 25.  [ACTION REQUIRED]: Maintenance to Update SSL Certificate for zuora.com api.zuora.com rest.zuora.com

    Posted 12-18-2018 05:01

    Hello,

    Could you confirm me that Services3xx environment (Production copy) are not impacted with this SSL certificat update ?



  • 26.  [ACTION REQUIRED]: Maintenance to Update SSL Certificate for zuora.com api.zuora.com rest.zuora.com

    Posted 12-19-2018 14:17

    Hi @LE04935_TCS

    According to the original article above, services endpoints are not included in the SSL certificate update, so are not in scope for the change.