Maintenance Notifications

[ACTION REQUIRED]: Maintenance to Update SSL Certificate selected Zuora endpoints

  • 1.  [ACTION REQUIRED]: Maintenance to Update SSL Certificate selected Zuora endpoints

    Posted 09-22-2019 13:13

    We are updating the SSL certificate used for the endpoints listed above from Comodo to Sectigo issued certificates.

    Which endpoints does this impact?


    1. * - (<anything>* not already covered by existing certificates

      This means only the following endpoints will be impacted:
    • services* (Service Environments)
    • restservices* (Rest for Service Environments)
    • and (Zuora Reporting APIs)

    NOTE: Primary Zuora Production REST and Legacy SOAP API endpoints will
    NOT be impacted (exception zconnect and zconectsandbox endpoints cited above)

    Action will be required on your part prior to September 30th, 2019 if your integration certificate store does not trust the appropriate new root and intermediate certificate chain (mentioned below). Please work with your technology teams to determine what actions you must take to ensure you do not experience any disruption in Zuora services.


    When will these changes take effect on the Zuora side?


    • These changes will occur on September 30th, starting at 1AM PDT and continuing until 3AM PDT .


    How will this change impact me?


    If you use any of the cited endpoints above, your integration will stop functioning if your systems do not trust the correct root and intermediate certificate. * Important Note: Some applications require a restart even if the trusted root store is in place in order to use the new certificate for SSL connections.


    What actions must I take?


    If the Root and Intermediate Certificates are not trusted by your applications or libraries, you must complete the following actions before the scheduled maintenance to avoid any potential service disruption. Please work with your technology teams to determine what actions you must take to trust this CA. 


    Download and install the Appropriate Root Certificate Bundle
    If your integration does not trust the Root and Intermediate Certificates specified below, then the certificate must be imported into your applications trusted CA store.


    What happens if I take no action?

    If the Root Certificate is not trusted by your integration, and you take no action, your systems will not be able to connect to the Zuora Production endpoint  after this change is implemented. Please discuss this change with your technology teams to ensure you take the appropriate actions.

    Why cant Zuora support tell me if Im impacted by this change?

    We do not have access or knowledge of our customers systems, it is important that the customer assess whether their systems are impacted by this change.

    Customer integration and truststore policy along with API integration common practice is the exclusive responsibility of the customer and their security & technology teams to maintain.

    You are encouraged to register to the Zuora Community in order to receive the latest update on this topic.

    Thank you for your support as it allows us to maintain the highest security standards at Zuora ensuring the safety of your data.


    Best Regards,

    Zuora Support Services & Community