Description of Change
At Zuora, the security and trust of our customers are of utmost importance to us. We are dedicated to safeguarding your data and continually enhancing our security measures. In line with this commitment, we are implementing important infrastructure changes to the SSL certificates of our public facing endpoints. These changes are aimed at maintaining alignment with industry best practices for enhanced security. Please refer to the schedule below for the upcoming changes we will be making.
What is changing ?
|
CA Type
|
Current CA
|
New CA
|
|
Root
|
Sectigo Public Server Authentication Root R46
|
Amazon Root CA 1
|
|
Intermediate
|
Sectigo Public Server Authentication CA OV R36
|
Amazon RSA 2048 M04
|
Impacted endpoints:
Schedule:
Sandbox: As part of Q1 maintenance - January 17, 2026 7PM PT to 9PM PT
Production: As part of Q1 maintenance - February 13, 2026 7PM PT to 9PM PT
Sandbox: As part of Q2 maintenance - April 18, 2026 7PM PT to 9PM PT
Production: As part of Q2 maintenance - May 16, 2026 7PM PT to 9PM PT
Action Required:
You may be required to download below mentioned Root & Intermediate CA certificates and install them in your application truststore for a seamless integration experience, which will depend on how your API integration manages its truststore.
|
Distinguished Name
|
SHA-256 Hash of Subject Public Key Information
|
Certificate Download URL
|
|
CN=Amazon Root CA 1
O=Amazon
C=US
|
fbe3018031f9586bcbf41727e417b7d1c45c2f47f93be372a17b96b50757d5a2
|
DER
PEM
|
|
CN = Amazon RSA 2048 M04
O = Amazon
C = US
|
1bd2cd340aa5f3dede818b1a6dab219335024c4264581ce0a04b64f17ffaefc7
|
DER
PEM
|
Note: We do not recommend certificate pinning & trusting the leaf certificate directly.
Please share and coordinate with your security and/or API integration owners as Zuora cannot determine how individual customers apply SSL Certificate or Truststore management do determine if change is requested in this scenario.