Adyen will roll a new version of the SSL client certificate signed.adyen.com on the live platform on Tuesday October 26th 2021. Adyen will send out a system message at the start of the certificate replacement and a second one once the certificate has been replaced successfully.
1) Will I be affected by this certificate change?
Likely this change does not affect your integration. Only merchants that do (custom) certificate pinning may need to check if the correct certificates are in their certificate trust store.
2) How can I verify if I am doing certificate pinning?
Certificate pinning is done on the merchant’s side of the integration. Therefore, merchants' certificate pinning strategies are not visible to Adyen. In case you are unsure, please check with your technical team, service administrator, or system integrator.
Merchants who do not perform certificate pinning, do not require to take action.
3) What is Adyen's recommendation on certificate validation?
By default, Adyen does not recommend to perform certificate pinning on Adyen's certificate since this may impact connectivity to Adyen's systems and/or services at the moment a new certificate is rolled. In practice, for various reasons Adyen may decide to replace a certificate at different moments in time (with or without prior communication).
In case you use a custom Certificate TrustStore, merchants will have to trust the public Root Certificate Authority (CA): DigiCert Global Root G2. You can find the latest Root CA using the following links:
Similarly for the Root CA, Adyen may decide at any moment in time (with our without prior communication) to change the Root CA. In case the new Root CA is not trusted, this may impact merchant connectivity to Adyen's systems and/or services.
4) How can I check if this certificate change is relevant for my integration?
Our notifications are webhooks informing you for example about payment status updates and newly available reports.
The use of Adyen's notification services depends on your own internal processes. Example use cases for our notification service are:
- Notifications on authorised payments
- Notifications on shopper initiated chargebacks
- Notifications when a report becomes available
In case you are unsure of your own use for our webhook notifications service, please check with your technical team, service administrator, or system integrator.
5) Can I verify my connection in the test environment with Adyen?
The certificate is already available in the test environment as of October 13th 2021. Your technical team or integrator can already start verifying your integration to our notification service by checking if there are no connection errors.
For further questions regarding this certificate change, please contact support (firstname.lastname@example.org).