Happy Business Starts Here

Re: [Informational] Maintenance to Update SSL Certificate for rest.zuora.com

Zuora Support Moderator

*Description (of the issue):*

 

In order to improve security, increase operational efficiency and align our Certificate Authorities for Zuora Production endpoints, rest.zuora.com will be migrated to the same Certificate Authority as api.zuora.com and www.zuora.com.

 

*When will these changes take affect?*

 

Tuesday June 20, 2017  starting at 7am PT -
Cancelled due to an unexpected issue with our SSL Certificate deployment - Rescheduled below

 

Wednesday June 21, 2017  starting at 7am PT 
Cancelled due to an SSL compatibility concern was discovered during our pre-deployment checks.

 

We will update this community thread with further details once we reschedule.  

 

*Which Zuora URLs or environments does this affect?*

 

  • rest.zuora.com

 

*Do I need to take action?*

 

If you use rest.zuora.com and you have never configured or used www.zuora.com for your API integration, you may need to take action. You can download our root and intermediate certificate chain from HERE for both Sandbox or Production. Once downloaded, ensure that complete chain is added to certificate trust store.

 

Note: This does not affect legacy REST API endpoint of api.zuora.com or SOAP www.zuora.comm

7 Comments
Zuora Support Moderator

Folks interested in testing their REST integration for readiness can hit our standard SOAP endpoint from their REST integration to see if they can connect withour a SSL handshake, certificate or trust-store complaint.  

 

Example: https://www.zuora.com/apps/services/a/80.0

 

Also if this same integration also makes SOAP API calls, you should be ok as well.   

 

Building proper SOAP query isn't necessary to confirm readiness as even an "error" from our application is enough to confirm you've made it past the SSL layer.  As long as you don't get an SSL related handshake or cert error, you should be good-to-go.

Zuora Support Moderator

Hi all

 

We are rescheduling this maintenance due to a unexpected issue with our SSL Certificate deployment - rescheduling for 7am Wednesday.  No change was deployed and there was no impact to our rest.zuora.com endpoint. 

I will make the appropriate changes to the original announcement above

New Student

Notifications for this maintenance went out after the downtime occurred. Best practice should be to notify users ahead of time. Also the Status Page didn't pick up on the maintenance event from yesterday 6/19.

Scholar

When does it take effect in Zuora API Sandbox?

Zuora Support Moderator

The  update maintenance for the rest.zuora.com certificate deployment has been canceled as an SSL compatibility concern was discovered during our pre-deployment checks. We will update this thread thread with additional details and rescheduling information which is TBD at this point.  Bottom line is no change was deployed

@Ryan-Murphy The maintenance was posted 24h in advance which should have produced a notification to those subscribed to our maintenance trust notifications specifically.  If this isn't working, I will pass this along to our team to review.

@Dchaudhary  API Sandbox change for this is TBD - the primary driver for this is alignment with our Akamaia IP Whiltelist in production to ensure the IPs listed are accurate. In order to keep our whitelist aligned with what we have in our KC we need to deploy this SSL Cert change.  

We will post more information as it becomes available.

Honor Student

Hi,

 

I just saw the scheduled change notification: https://trust.zuora.com/incidents/rvks8q6l0tx4 Where is the new certificate communication or announcement for Sandbox & Production?

Current announcement was about rest.zuora.com, now we are talking about api.zuora.com as well?

 

Can you please throw some light as the maintenance is scheduled for tonight!

 

Thanks,

Shalabh

Zuora Support Moderator

Hi @skatdare

The change in question is only removing an outdated SSL cipher.  This will have no impact to most integrations capable of negotiating the standard of multiple SSL ciphers so this doesn't require a new SSL cerificate