On This Page
>SSL/TLS Certification Migration
To uphold the maximum levels of security and compliance in both your browser-based and
server-to-server interactions with the Visa Acceptance Solutions platform (including
Cybersource), we are transitioning all Cybersource endpoint SSL/TLS certificates from
Entrust to DigiCert. These SSL/TLS certificates, originally issued by Entrust, will now be
issued by DigiCert to fortify these communication channels.
Merchants using Cybersource endpoints should coordinate with their network team or
hosting/solution provider to implement all necessary measures to ensure their connections to
Cybersource properties follow industry standards. This includes updating their systems with
the new Root and Intermediate (CA) SSL/TLS certificates that correspond to the specific
Cybersource endpoint they use.
If your application requires trusting of certificates at the server level, you must install
(trust) the new certificates prior to expiration of existing certificates to avoid any
production impact. The link to the Server-Level (leaf) SSL certificate will be updated when
they become available.
IMPORTANT
We recommended that merchants trust only the Root and Intermediate CA
SSL/TLS certificates on all secure endpoints. This method avoids the annual necessity to
renew the server-level certificate.
Do not revoke or remove any of your existing Entrust certificates linked with Cybersource
endpoints before the scheduled dates. Until the cut-off dates, the only supported
certificates will be the Entrust SSL certificates. You may add the new certificates to your
system, in addition to the existing certificates, and verify their functionality in the
testing environment.
There will be two phases and each phase will update different endpoints.
First Phase
The first phase is complete and updated the following endpoints:
Test URLs | Production URLs |
|---|---|
apitest.cybersource.com | accountupdater.cybersource.com |
accountupdatertest.cybersource.com | api.cybersource.com |
batchtest.cybersource.com | batch.cybersource.com |
api.accountupdatertest.cybersource.com | api.accountupdater.cybersource.com |
ics2wstest.ic3.com | ics2ws.ic3.com |
ics2wstesta.ic3.com | ics2wsa.ic3.com |
apitest.cybersource.com | ics2ws.in.ic3.com |
api.in.cybersource.com | |
batch.in.cybersource.com |
IMPORTANT
We strongly urge you to test your implementation as soon as
possible.
Second Phase
The second phase will update the following endpoints:
Test URLs | Production URLs |
|---|---|
testflex.cybersource.com | flex.cybersource.com |
testsecureacceptance.cybersource.com | secureacceptance.cybersource.com |
flex.in.cybersource.com | |
secureacceptance.in.cybersource.com |
The Testing Environment was updated November 5, 2024, 4:00 GMT. The production environment was
updated December 10, 2024, 4:00 GMT. The old certifications will expire on December 31,
2024.