Adyen will replace the SSL authentication certificate for its endpoints under URL 'pal-live.adyen.com' on Wednesday March 31st 2021. Adyen will send out a system message once the certificate has been replaced successfully.
1) Will I be affected by this certificate change?
Likely this change does not affect your integration. Only merchants that do (custom) certificate pinning may need to check if the correct certificate is in their certificate trust store.
2) How can I verify if I am doing certificate pinning?
Certificate pinning is done on the merchant’s side of the integration. Therefore, merchants' certificate pinning strategies are not visible to Adyen. In case you are unsure, please check with your technical team, service administrator or system integrator.
Merchants who do not perform certificate pinning, do not require to take action.
3) What is Adyen's recommendation on certificate validations?
By default, Adyen does not recommend to perform certificate pinning on Adyen's certificates since this may impact connectivity to Adyen's systems at the moment the new certificate is rolled. In practice and for various reasons, Adyen may decide to roll a new certificate at different moments in time (with or without prior communication).
In case you use a custom certificate trust store, your system will have to trust the public Root Certificate Authority (CA): DigiCert Global Root CA. You can find the latest Root CA using the following links:
Similarly for the Root CA, Adyen may decide at any moment in time (with our without prior communication) to change the Root CA. In case the Root CA is not trusted, this may impact merchant connectivity to Adyen's systems.
4) How can I check which certificate(s) is/are relevant for my integration?
You can verify the domains used for your API requests to Adyen. Each certificate corresponds to the API calls performed under the domain with the same name, in this case: pal-live.adyen.com. This endpoint is used for sending API requests to Adyen's systems, for example for:
- Payment authorisations
- Modifications (such as refunds and captures)
- Third-party payouts
- Recurring / token management
Usually, the endpoints can be found from your configuration. Your technical team or system integrator will be able to determine which endpoint(s) is/are being used in your integration.
For more information about endpoints, please refer to this page: Live Endpoint Structure.
5) If I am performing (custom) certificate pinning, where can I find the new certificate so that I can add it to my certificate trust store?
If after verification, you identify that you are currently pinning on Adyen's certificates, you will need to contact Adyen's support (email@example.com) in order to get a copy of the new certificate and configure your system correctly before Wednesday March 31st; when the new certificate is rolled out.
For further questions regarding these certificates, please contact support (firstname.lastname@example.org).