CardinalCommerce will be performing database system improvements starting at 12:00 UTC on June 8, 2026, through 23:59 UTC on June 11, 2026. During this time, we will apply the most recent network and database patches as well as targeted security enhancements to prevent new exploits from being used against our systems.
We perform monitoring and testing of the updates during Cardinal business hours, while we are fully staffed from a support and network operations standpoint.
This is being performed in a high availability mode and should have no impact to transaction processing. While no transaction impact is anticipated during this maintenance you may experience a few periods of network latency.
As part of this activity, CardinalCommerce will also update the leaf certificate used on Centinel merchant staging endpoints.
Key Details:
What’s changing: The leaf certificate will be replaced on staging endpoints only.
What’s not changing: The intermediate and root certificates will remain the same.
Effective March 15, 2026: TLS certificate renewals will be valid for up to 200 days, reduced from the current one-year term.
These changes, implemented by certificate authorities and browser vendors, are designed to enhance internet security by reducing risks from outdated or compromised certificates and encouraging stronger automation, resulting in more frequent certificate rotations. Validity periods will eventually decrease to a maximum of 47 days in 2029.
Where possible, we recommend:
* Avoiding pinning to a specific end-entity/server certificate. * Pinning to intermediate or root certificate authorities instead of leaf certificates. * Implementing automated certificate trust updates and regular testing procedures. * Ensuring your systems properly trust standard public certificate authority chains.
Please ensure your systems are configured to trust the following certificate chain:
Intermediate CA Common Name (CN): DigiCert Global G2 TLS RSA SHA256 2020 CA1 Serial Number: 0c:f5:bd:06:2b:56:02:f4:7a:b8:50:2c:23:cc:f0:66 Date of Expiry: 3/29/2031
Root CA Common Name (CN): DigiCert Global Root G2 Serial Number: 03:3a:f1:e6:a7:11:a9:a0:bb:28:64:b1:1d:09:fa:e5 Date of Expiry: 1/15/2038
Testing – How can I test these changes?
Customers are encouraged to work with their network teams to ensure they can support the updated certificates.
No new parameters or fields are required for these changes. If you do not trust the new certificate, you will be unable to connect to Cardinal staging endpoints receiving a connection timeout or certificate error response.
As always, the CardinalCommerce Customer Service team is ready and willing to answer any questions you may have. Please contact support or your Account manager if you require the full Cert Chain.