In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary.
Feb 24, 2026 - 16:00 EST
Feb 24, 2026 - 16:00 EST
Scheduled - This notice is to inform you of an upcoming security certificate update for certain CardinalTrusted API endpoints.
This update includes a change to the certificate trust chain (root and intermediate certificates), not just a routine certificate renewal. As a result, some customers may need to take action to ensure uninterrupted connectivity.
What is changing:
• The TLS certificate chain used by select CardinalTrusted endpoints is being updated.
• The root and intermediate certificate authorities will change as part of this update.
What you may need to do:
• If your systems validate certificates using a custom trust store (for example, pinning or explicitly trusting certificate authorities), you may need to:
• Add the new root and intermediate certificates to your trust store before the change takes effect.
If you rely on standard operating system or JVM trust stores, no action is typically required.
What is not changing:
• There are no API behavior changes.
• There are no endpoint URL changes.
• This notice is separate from other certificate expiration or renewal messages you may have received.
Timing:/
The certificate update will be deployed in stages:
• Staging: Tuesday, March 31, 2026
• Production: Thursday, April 3, 2026 at 10:00 AM ET
Need help or unsure if you are impacted?
If you are uncertain whether this change affects your integration, or if you require clarification for your specific configuration, please open a Support ticket. Our team will work directly with you to ensure a smooth transition.
EXPIRING CERTIFICATES:
STAG:
Common Name (CN): cas.mtls.api.cardinaltrusted.com
Serial Number: 06:97:e8:7f:18:d5:12:c2:cf:e3:9b:99:3f:3e:75:43
Date of Replacement: 03/31/2026
Date of Expiry: 04/14/2026
Common Name (CN): cas.api.cardinaltrusted.com
Serial Name: 0c:1f:9b:be:08:ea:3e:4e:0c:d2:bf:98:58:f2:bd:a2
Date of Replacement: 03/31/2026
Date of Expiry: 04/14/2026
PROD:
Common Name (CN): mtls.api.cardinaltrusted.com
Serial Number: 05:62:c2:17:d1:c8:cf:cd:a0:ec:6c:e5:1b:ea:c8:d5
Date of Replacement: 04/03/2026
Date of Expiry: 04/14/2026
Common Name (CN): api.cardinaltrusted.com
Serial Number: 0b:22:a2:7f:2b:78:22:7f:a4:e0:9a:9d:29:99:6b:6d
Date of Replacement: 04/03/2026
Date of Expiry: 04/14/2026
Intermediate CA:
Common Name (CN): DigiCert SHA2 Secure Server CA
Serial Number: 02:74:2e:aa:17:ca:8e:21:c7:17:bb:1f:fc:fd:0c:a0
ROOT CA:
Common Name (CN): DigiCert Global Root CA
Serial Number: 08:3b:e0:56:90:42:46:b1:a1:75:6a:c9:59:91:c7:4a
NEW CERTIFICATES:
STAG:
Common Name (CN): cas.mtls.api.cardinaltrusted.com
Serial Number: 0e:b9:f0:c0:86:41:5d:c5:8e:0d:62:3f:27:ff:3d:27
Date of Replacement: 03/31/2026
Date of Expiry: 01/27/2027
Common Name (CN): cas.api.cardinaltrusted.com
Serial Number: 0e:f5:f4:6e:29:d4:06:92:38:02:c6:60:fd:86:69:8d
Date of Replacement: 03/31/2026
Date of Expiry: 01/26/2027
PROD:
Common Name (CN): mtls.api.cardinaltrusted.com
Serial Number: 0e:27:57:03:5c:8a:ae:96:c6:99:c9:6c:f2:80:a1:0e
Date of Replacement: 04/03/2026
Date of Expiry: 02/08/2027
Common Name (CN): api.cardinaltrusted.com
Serial Number: 0b:be:7b:52:df:89:52:c2:03:2e:56:d6:fd:79:9a:97
Date of Replacement: 04/03/2026
Date of Expiry: 02/08/2027
Intermediate CA:
Common Name (CN): DigiCert Global G2 TLS RSA SHA256 2020 CA1
Serial Number: 0c:f5:bd:06:2b:56:02:f4:7a:b8:50:2c:23:cc:f0:66
Root CA:
Common Name: DigiCert Global Root G2
Serial Number: 03:3a:f1:e6:a7:11:a9:a0:bb:28:64:b1:1d:09:fa:e5
Should you have any questions or concerns regarding this notice, please reach out to our support team at Support@cardinalcommerce.com.
Feb 24, 2026 16:00 - Apr 14, 2026 10:00 EDT
This update includes a change to the certificate trust chain (root and intermediate certificates), not just a routine certificate renewal. As a result, some customers may need to take action to ensure uninterrupted connectivity.
What is changing:
• The TLS certificate chain used by select CardinalTrusted endpoints is being updated.
• The root and intermediate certificate authorities will change as part of this update.
What you may need to do:
• If your systems validate certificates using a custom trust store (for example, pinning or explicitly trusting certificate authorities), you may need to:
• Add the new root and intermediate certificates to your trust store before the change takes effect.
If you rely on standard operating system or JVM trust stores, no action is typically required.
What is not changing:
• There are no API behavior changes.
• There are no endpoint URL changes.
• This notice is separate from other certificate expiration or renewal messages you may have received.
Timing:/
The certificate update will be deployed in stages:
• Staging: Tuesday, March 31, 2026
• Production: Thursday, April 3, 2026 at 10:00 AM ET
Need help or unsure if you are impacted?
If you are uncertain whether this change affects your integration, or if you require clarification for your specific configuration, please open a Support ticket. Our team will work directly with you to ensure a smooth transition.
EXPIRING CERTIFICATES:
STAG:
Common Name (CN): cas.mtls.api.cardinaltrusted.com
Serial Number: 06:97:e8:7f:18:d5:12:c2:cf:e3:9b:99:3f:3e:75:43
Date of Replacement: 03/31/2026
Date of Expiry: 04/14/2026
Common Name (CN): cas.api.cardinaltrusted.com
Serial Name: 0c:1f:9b:be:08:ea:3e:4e:0c:d2:bf:98:58:f2:bd:a2
Date of Replacement: 03/31/2026
Date of Expiry: 04/14/2026
PROD:
Common Name (CN): mtls.api.cardinaltrusted.com
Serial Number: 05:62:c2:17:d1:c8:cf:cd:a0:ec:6c:e5:1b:ea:c8:d5
Date of Replacement: 04/03/2026
Date of Expiry: 04/14/2026
Common Name (CN): api.cardinaltrusted.com
Serial Number: 0b:22:a2:7f:2b:78:22:7f:a4:e0:9a:9d:29:99:6b:6d
Date of Replacement: 04/03/2026
Date of Expiry: 04/14/2026
Intermediate CA:
Common Name (CN): DigiCert SHA2 Secure Server CA
Serial Number: 02:74:2e:aa:17:ca:8e:21:c7:17:bb:1f:fc:fd:0c:a0
ROOT CA:
Common Name (CN): DigiCert Global Root CA
Serial Number: 08:3b:e0:56:90:42:46:b1:a1:75:6a:c9:59:91:c7:4a
NEW CERTIFICATES:
STAG:
Common Name (CN): cas.mtls.api.cardinaltrusted.com
Serial Number: 0e:b9:f0:c0:86:41:5d:c5:8e:0d:62:3f:27:ff:3d:27
Date of Replacement: 03/31/2026
Date of Expiry: 01/27/2027
Common Name (CN): cas.api.cardinaltrusted.com
Serial Number: 0e:f5:f4:6e:29:d4:06:92:38:02:c6:60:fd:86:69:8d
Date of Replacement: 03/31/2026
Date of Expiry: 01/26/2027
PROD:
Common Name (CN): mtls.api.cardinaltrusted.com
Serial Number: 0e:27:57:03:5c:8a:ae:96:c6:99:c9:6c:f2:80:a1:0e
Date of Replacement: 04/03/2026
Date of Expiry: 02/08/2027
Common Name (CN): api.cardinaltrusted.com
Serial Number: 0b:be:7b:52:df:89:52:c2:03:2e:56:d6:fd:79:9a:97
Date of Replacement: 04/03/2026
Date of Expiry: 02/08/2027
Intermediate CA:
Common Name (CN): DigiCert Global G2 TLS RSA SHA256 2020 CA1
Serial Number: 0c:f5:bd:06:2b:56:02:f4:7a:b8:50:2c:23:cc:f0:66
Root CA:
Common Name: DigiCert Global Root G2
Serial Number: 03:3a:f1:e6:a7:11:a9:a0:bb:28:64:b1:1d:09:fa:e5
Should you have any questions or concerns regarding this notice, please reach out to our support team at Support@cardinalcommerce.com.
Feb 24, 2026 16:00 - Apr 14, 2026 10:00 EDT
In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary.
Jan 28, 2026 - 12:00 EST
Jan 28, 2026 - 12:00 EST
Update - We will be undergoing scheduled maintenance during this time.
Jan 28, 2026 12:00 - Apr 3, 2026 20:00 EDT
Jan 28, 2026 12:00 - Apr 3, 2026 20:00 EDT
Scheduled - Visa will be updating a set of staging and production Leaf certificates that are set to expire on March 28, 2026 and April 3, 2026. To prevent disruption to services, we ask that you review your configuration immediately.
The Leaf certificates that are expiring are the client certificates sent by VISA to your endpoint as part of the mutual TLS (MTLS) handshake for RDX, ADX, or Oauth connections.
Please review the certs below to see if they are in use with your VCAS connection.
The expiring STAGING leaf certificate details:
Common Name (CN): rdxstag.cardinalcommerce.com
Serial Number: 0d:d1:c3:f3:51:d6:14:49:b0:70:2f:5e:c0:d1:4a:47
Date of Replacement: February 26, 2026 10:00 EDT
Date of Expiry: March 28, 2026 18:59:50 EDT
The new STAGING leaf certificate details:
Common Name (CN): rdxstag.cardinalcommerce.com
Date of Replacement: February 26, 2026 10:00 EDT
Date of Expiry: February 20, 2027 6:59:59 EDT
The expiring PRODUCTION leaf certificate details:
Common Name (CN): rdx.cardinalcommerce.com
Serial Number: 0e:ad:8d:09:10:2f:51:d8:0f:b6:14:ee:c1:75:f0:a1
Date of Replacement: March 5, 2026 10:00 EDT
Date of Expiry: April 3, 2026 18:59:59 EDT
The new PRODUCTION leaf certificate details:
Common Name (CN): rdx.cardinalcommerce.com
Serial Number: 02:95:85:5b:19:01:d1:1c:db:f3:15:60:6d:d9:f4:99
Date of Replacement: March 5, 2026 10:00 EDT
Date of Expiry: February 22, 2027 6:59:59 EDT
The Intermediate CA and Root CA will remain the same:
Intermediate Certificate Details:
Common Name (CN): DigiCert Global G2 TLS RSA SHA256 2020 CA1
Serial Number: 0c:f5:bd:06:2b:56:02:f4:7a:b8:50:2c:23:cc:f0:66
Root Certificate Details:
Common Name (CN): DigiCert Global Root G2
Serial Number: 03:3a:f1:e6:a7:11:a9:a0:bb:28:64:b1:1d:09:fa:e5
Customer Responsibilities:
If you trust on the leaf certificate, we will have to coordinate the switchover with your connection. Please contact your local VCAS support and/or account manager to coordinate this change.
If you require coordination, we will schedule a time to switch over the leaf certificate. It is imperative that the migration occur before certificate expiration, otherwise RDX services will be impacted.
If you do not require coordination, we will be performing the switchover to the new client certificates on the dates specified above.
If you trust on the Intermediate and Root CA certificate, you do not need to make any modifications. If you do not require coordination, we will be performing the switchover to the new client certificates on the above dates.
Testing – How can I test these changes?
Customers are encouraged to work with their network teams to ensure they can support the updated certificates.
No new parameters or fields are required for these changes. If you do not trust the new certificate, you will be unable to connect to Cardinal endpoints receiving a connection timeout or certificate error response.
Please do not hesitate to contact your Local VISA support if you have any questions or concerns. Please refer to the knowledge article titled "DigiCert MTLS RDX Certificate Update 2026" for the full certificate chain on the Visa Support Hub. A login is required to access the article: https://visasupporthub.visaonline.com/en-US/knowledgearticle/?code=KA-09914#t=All. You may also contact support or your account manager if you require the full Cert Chain.
VISA Local Support Channels by Region
Global and LAC - VISA Support Hub Portal (https://visasupporthub.visaonline.com)
AP - Isupport@visa.com
CEMEA - csupport@visa.com
EU - customersupport@visa.com
NA - esupport@visa.com
Jan 28, 2026 12:00 - Apr 3, 2026 20:00 EDT
The Leaf certificates that are expiring are the client certificates sent by VISA to your endpoint as part of the mutual TLS (MTLS) handshake for RDX, ADX, or Oauth connections.
Please review the certs below to see if they are in use with your VCAS connection.
The expiring STAGING leaf certificate details:
Common Name (CN): rdxstag.cardinalcommerce.com
Serial Number: 0d:d1:c3:f3:51:d6:14:49:b0:70:2f:5e:c0:d1:4a:47
Date of Replacement: February 26, 2026 10:00 EDT
Date of Expiry: March 28, 2026 18:59:50 EDT
The new STAGING leaf certificate details:
Common Name (CN): rdxstag.cardinalcommerce.com
Date of Replacement: February 26, 2026 10:00 EDT
Date of Expiry: February 20, 2027 6:59:59 EDT
The expiring PRODUCTION leaf certificate details:
Common Name (CN): rdx.cardinalcommerce.com
Serial Number: 0e:ad:8d:09:10:2f:51:d8:0f:b6:14:ee:c1:75:f0:a1
Date of Replacement: March 5, 2026 10:00 EDT
Date of Expiry: April 3, 2026 18:59:59 EDT
The new PRODUCTION leaf certificate details:
Common Name (CN): rdx.cardinalcommerce.com
Serial Number: 02:95:85:5b:19:01:d1:1c:db:f3:15:60:6d:d9:f4:99
Date of Replacement: March 5, 2026 10:00 EDT
Date of Expiry: February 22, 2027 6:59:59 EDT
The Intermediate CA and Root CA will remain the same:
Intermediate Certificate Details:
Common Name (CN): DigiCert Global G2 TLS RSA SHA256 2020 CA1
Serial Number: 0c:f5:bd:06:2b:56:02:f4:7a:b8:50:2c:23:cc:f0:66
Root Certificate Details:
Common Name (CN): DigiCert Global Root G2
Serial Number: 03:3a:f1:e6:a7:11:a9:a0:bb:28:64:b1:1d:09:fa:e5
Customer Responsibilities:
If you trust on the leaf certificate, we will have to coordinate the switchover with your connection. Please contact your local VCAS support and/or account manager to coordinate this change.
If you require coordination, we will schedule a time to switch over the leaf certificate. It is imperative that the migration occur before certificate expiration, otherwise RDX services will be impacted.
If you do not require coordination, we will be performing the switchover to the new client certificates on the dates specified above.
If you trust on the Intermediate and Root CA certificate, you do not need to make any modifications. If you do not require coordination, we will be performing the switchover to the new client certificates on the above dates.
Testing – How can I test these changes?
Customers are encouraged to work with their network teams to ensure they can support the updated certificates.
No new parameters or fields are required for these changes. If you do not trust the new certificate, you will be unable to connect to Cardinal endpoints receiving a connection timeout or certificate error response.
Please do not hesitate to contact your Local VISA support if you have any questions or concerns. Please refer to the knowledge article titled "DigiCert MTLS RDX Certificate Update 2026" for the full certificate chain on the Visa Support Hub. A login is required to access the article: https://visasupporthub.visaonline.com/en-US/knowledgearticle/?code=KA-09914#t=All. You may also contact support or your account manager if you require the full Cert Chain.
VISA Local Support Channels by Region
Global and LAC - VISA Support Hub Portal (https://visasupporthub.visaonline.com)
AP - Isupport@visa.com
CEMEA - csupport@visa.com
EU - customersupport@visa.com
NA - esupport@visa.com
Jan 28, 2026 12:00 - Apr 3, 2026 20:00 EDT
About This Site
Welcome to the CardinalCommerce status page. We use this page to communicate any issues with our products including planned and unplanned outages.
Securing your transactions is our top priority.
Cardinal Consumer Authentication (3DS)
Operational
Cardinal API
Operational
Cardinal Hybrid API
Operational
Merchant Portal
Operational
VCAS Issuer Services
Operational
The Real-time Data Exchange (RDX)
Operational
File Processor
Operational
Authentication Data Exchange (ADX)
Operational
Reporting Extract
Operational
VCAS Portal
Operational
PayPal
Operational
Status Page
Operational
Operational
Degraded Performance
Partial Outage
Major Outage
Maintenance
Scheduled Maintenance
Upcoming Production DNS Cutover Activities – March–April 2026 Mar 11, 2026 08:00 - Mar 25, 2026 11:00 EDT
Dear Valued Client,
As part of our ongoing Centinel Data Center Migration, we are preparing to complete the Production DNS cutover that will transition remaining traffic to the Visa Data Center proxy flow. To support a smooth transition and minimize disruption, we will conduct a controlled Production DNS “shock treatment" in March, followed by the final Production DNS cutover in early April.
Below is an overview of what to expect, key dates, and any actions required on your side.
What Will Occur and When
March 2026 – Production DNS Shock Treatment
These short duration activities are designed to validate client readiness and identify any remaining configuration issues prior to final cutover.
Date: March 11, 2026
Activity: Production DNS Shock Treatment #1
Expected Duration ~5 minutes
During this window, DNS responses will temporarily return updated IP addresses associated with the Visa Data Center proxy flow. Clients who have not yet updated their configurations may experience brief processing interruptions during the shock treatment windows.
The Final Production DNS cutover that was previously scheduled for April 1, 2026 has been postponed.
At this time, there is no new date confirmed for the Final Production DNS cutover. A revised timeline will be communicated in the future once it has been finalized.
Client Actions Required
Please ensure the following actions are completed before March 11, 2026:
1. Update all backend endpoints to use the Visa proxy domain (.cardinaltrusted.com).
2. Update IP allowlists / firewall rules to trust the new Production IP ranges.
3. Confirm your integration properly consumes response URLs returned dynamically (for DDC, Lookup, and Authenticate flows), rather than hardcoding legacy URLs.
4. Complete Production testing ahead of the March shock treatment windows.
Taking these steps early will help avoid disruption as we progress toward the final cutover.
Support and Contacts
If you have questions, need assistance validating your readiness, or experience any issues during these activities:
- Primary Support Channel: Please open a ticket through the Cardinal Support portal.
- Account or Migration Questions: Contact your Cardinal/Visa Client Success or Implementation Manager.
We appreciate your partnership as we complete this important milestone in the Centinel migration. Thank you for taking the necessary steps to ensure a smooth transition.
Please do not hesitate to contact support@cardinalcommerce.com or our support site (https://support.cardinalcommerce.com) if you have any questions or concerns.
Posted on Mar 09, 2026 - 17:33 EDT
As part of our ongoing Centinel Data Center Migration, we are preparing to complete the Production DNS cutover that will transition remaining traffic to the Visa Data Center proxy flow. To support a smooth transition and minimize disruption, we will conduct a controlled Production DNS “shock treatment" in March, followed by the final Production DNS cutover in early April.
Below is an overview of what to expect, key dates, and any actions required on your side.
What Will Occur and When
March 2026 – Production DNS Shock Treatment
These short duration activities are designed to validate client readiness and identify any remaining configuration issues prior to final cutover.
Date: March 11, 2026
Activity: Production DNS Shock Treatment #1
Expected Duration ~5 minutes
During this window, DNS responses will temporarily return updated IP addresses associated with the Visa Data Center proxy flow. Clients who have not yet updated their configurations may experience brief processing interruptions during the shock treatment windows.
The Final Production DNS cutover that was previously scheduled for April 1, 2026 has been postponed.
At this time, there is no new date confirmed for the Final Production DNS cutover. A revised timeline will be communicated in the future once it has been finalized.
Client Actions Required
Please ensure the following actions are completed before March 11, 2026:
1. Update all backend endpoints to use the Visa proxy domain (.cardinaltrusted.com).
2. Update IP allowlists / firewall rules to trust the new Production IP ranges.
3. Confirm your integration properly consumes response URLs returned dynamically (for DDC, Lookup, and Authenticate flows), rather than hardcoding legacy URLs.
4. Complete Production testing ahead of the March shock treatment windows.
Taking these steps early will help avoid disruption as we progress toward the final cutover.
Support and Contacts
If you have questions, need assistance validating your readiness, or experience any issues during these activities:
- Primary Support Channel: Please open a ticket through the Cardinal Support portal.
- Account or Migration Questions: Contact your Cardinal/Visa Client Success or Implementation Manager.
We appreciate your partnership as we complete this important milestone in the Centinel migration. Thank you for taking the necessary steps to ensure a smooth transition.
Please do not hesitate to contact support@cardinalcommerce.com or our support site (https://support.cardinalcommerce.com) if you have any questions or concerns.
Posted on Mar 09, 2026 - 17:33 EDT