Certificate change for 'pal-live.adyen.com' and wildcard certificates '*.adyen.com' and '*.adyenpayments.com' | March 2022

Adyen will perform the replacement for the TLS authentication certificates for services under domains 'pal-live.adyen.com', '*.adyen.com' and '*.adyenpayments.com' as of March 2nd, 2022

Am I affected by this certificate change?

Likely this change does not affect your integration. Only merchants that do (custom) certificate pinning may need to check if the correct certificates are in their certificate trust store.

How can I verify if I am doing certificate pinning?

Certificate pinning is done on the merchant’s side of the integration. Therefore, merchants' certificate pinning strategies are not visible to Adyen. In case you are unsure, please check with your technical team, service administrator, or system integrator.

Merchants who do not perform certificate pinning, do not require to take action.

What is Adyen's recommendation on certificate validation?

By default, Adyen does not recommend to perform certificate pinning on Adyen's API certificates since this may impact connectivity to Adyen's systems at the moment the certificate is rolled. In practice and for various reasons Adyen may decide to roll the certificate at different moments in time (with or without prior communication).

In case you use a custom Certificate TrustStore, merchants will have to trust the public Root Certificate Authority (CA): DigiCert Global Root G2. You can find the latest Root CA using the following links:

Similarly for the Root CA, Adyen may decide at any moment in time (with our without prior communication) to change the Root CA. In case the Root CA is not trusted, this may impact merchant connectivity to Adyen's systems. 

How can I check which certificate(s) is/are relevant for my integration?

You can verify the domains used for API requests to Adyen. Each certificate corresponds to the API calls performed under the domains with the same name: 'pal-live.adyen.com', '*.adyen.com' and '*.adyenpayments.com' respectively. These endpoints are used for sending API requests to Adyen's systems, for example for:

  • Payment authorisations
  • Checkout
  • Modifications (such as refunds and captures)
  • Recurring / token management
  • Adyen for Platforms requests
  • Automatic report downloads

Usually, the endpoints can be found from your configuration. Your technical team or system integrator will be able to determine which endpoint(s) are being used in your integration.

Can I verify my connection in the TEST environment with Adyen?

The certificate for '*.adyen.com' will be available in the TEST environment as of Monday February 17th, 2022. Your technical team or system integrator can already start verifying your payments integration that fall under this domain and certificate by checking if there are no connection errors.

Certificates for 'pal-live.adyen.com' and '*.adyenpayments.com' are only used in our production environment as the services that they cover are only available on Adyen's live system. Therefore,  certificates for these two domains has not been made available within our TEST environment.

For more information about endpoints, please refer to this page: Live Endpoint Structure.

Was this article helpful?
1 out of 4 found this helpful