Happy Business Starts Here

[NOTICE] Emergency Scheduled Maintenance to some endpoints @11:55PM PT 10/4/2019

Community Manager

Please be advised that we are taking a scheduled maintenance window for the following endpoints between 11:55 pm PT Friday, Oct 4th, 2019 - 10 am PT Saturday, Oct 5th, 2019.








We will be performing a routine rotation of an internal certificate which handles traffic for www.zuora.com, api.zuora.com, static.zuora.com, and zforsf.zuora.com. 


The certificate for www.zuora.com, api.zuora.com, and static.zuora.com is strictly internal and will require no action on behalf of the customer. This maintenance is very similar to the one referenced here, which was performed on Thursday Oct 3rd, 2019 with no impact. While we anticipate no impact, there is a very low risk of a 5 minute outage.


The certificates for zforsf.zuora.com, apisandbox-zforsf.zuora.com, and pt1-zforsf.zuora.com are external facing. If you use these endpoints in an integration outside of CPQ/Salesforce, you may need to perform action as detailed below:


How will this change impact me?


If you use any of the cited endpoints above, your integration will stop functioning if your systems do not trust the correct root and intermediate certificates. * Important Note: Some applications require a restart even if the trusted root store is in place in order to use the new certificate for SSL connections.


What actions must I take?


If the Root and Intermediate Certificates are not trusted by your applications or libraries, you must complete the following actions before the scheduled maintenance to avoid any potential service disruption. Please work with your technology teams to determine what actions you must take to trust this CA. 


Download and install the Appropriate Root Certificate Bundle

Zuora CA Root



Zuora CA Intermediate



If your integration does not trust the Root and Intermediate Certificates specified below, then the certificate must be imported into your application’s trusted CA store. 


What happens if I take no action?


If the Root Certificate is not trusted by your integration, and you take no action, your systems will not be able to connect to the Zuora Production endpoint  after this change is implemented. Please discuss this change with your technology teams to ensure you take the appropriate actions.


Why can’t Zuora support tell me if I’m impacted by this change?


We do not have access or knowledge of our customer’s systems, it is important that the customer assess whether their systems are impacted by this change.


Customer integration and truststore policy along with API integration common practice is the exclusive responsibility of the customer and their security & technology teams to maintain.


You are encouraged to register to the Zuora Community in order to receive the latest update on this topic.


Thank you for your support as it allows us to maintain the highest security standards at Zuora ensuring the safety of your data.


Best Regards,


Zuora Support Services & Community

1 Comment
Zuora Support Moderator

The planned, scheduled maintenance for the following endpoints completed successfully