BuyerQuest will be transitioning the TLS certificate chain on its Punchout Gateway product from the GoDaddy Class 2 root Certificate Authority (CA) to the Amazon Trust root CA. If you initiate punchout transactions through any of the following URLs, you may need to take action:
- https://uat.punchoutcatalogs.net/gate/
- https://uadmin.punchoutcatalogs.net/gate/
- https://www.punchoutcatalogs.net/gate/
- https://wadmin.punchoutcatalogs.net/gate/
We plan to implement these changes on the following dates and times (Eastern Standard Time):
- BuyerQuest UAT Environment – Thursday, February 6, 2025, at 12:00 PM EST (Noon)
- BuyerQuest Production Environment – Friday, February 21, 2025, at 12:00 AM EST (Midnight)
This advisory is only for the Punchout Gateway product. The storefront at uat.buyerquest.net and www.buyerquest.net has been using certificates from the Amazon Trust root CA for over five years.
The GoDaddy and Amazon CAs are widely trusted by default in most certificate stores. However, some customers—particularly those using tightly managed Java-based ERP applications—may not have the Amazon Trust root certificates in their stores. If you do not already trust the Amazon root CAs, please ensure all five Amazon Trust CA certificates are added to your store by February 21, 2025.
You can download the Amazon root CA certificates here:
https://www.amazontrust.com/repository/#rootcas
Important Note on Certificate Pinning
Going forward, the leaf certificates for these URLs will be renewed automatically before their listed expiration dates. Notice of renewal cannot not be provided in advance, and we also cannot provide the new leaf certificate before the old one is removed, and we therefore discourage pinning leaf certificates for these endpoints. If you have certificate pinning requirements, please refer to the pinning recommendations on the Amazon Trust website.
If you have any questions or concerns, please contact Customer Support.
Comments
0 comments
Article is closed for comments.