NOTICE DATE:  July 15, 2016
NOTICE TYPE:  M-A060716-04 General
SHORT DESCRIPTION:  Second WebEx workshop to discuss upgrading the ERCOT External Web Services Secure Sockets Layer certificates
INTENDED AUDIENCE:  ERCOT Market Participants
DAY AFFECTED:  July 20, 2016, 10:30 - 12:30 CDT
LONG DESCRIPTION:  On Wednesday, July 20, 2016, ERCOT will host a WebEx workshop to discuss upgrading the ERCOT External Web Services Secure Sockets Layer certificates to SHA256 (see Notice M-A060716-01 below for further information on the upgrade).
The WebEx details are as follows:
Topic:  SSL certificate upgrade
Date:  Wednesday, July 20, 2016
Time:  10:30 - 12:30 CDT
WebEx URL:    https://ercot.webex.com/ercot/j.php?MTID=m3d2213c1647893a18a2bca6dd300c7cb
Meeting Number:  622 252 650
Meeting Password:  8CRdB9f7
Dial in Number:  1-877-668-4493
Audio Passcode:  622 252 650 (press # after entering audio passcode)

Press # if prompted for pin number.

CONTACT:  If you have any questions, please contact your ERCOT Account Manager. You may also call the general ERCOT Client Services phone number at (512) 248-3900 or contact ERCOT Client Services via email at [log in to unmask]<mailto:[log in to unmask]>.
If you are receiving email from an ERCOT distribution list that you no longer wish to receive, please follow this link in order to unsubscribe from this list: http://lists.ercot.com.

NOTICE DATE:  June 7, 2016
NOTICE TYPE:  M-A060716-01 General
SHORT DESCRIPTION:  Action Required: ERCOT External Web Services Secure Sockets Layer certificate upgrade
INTENDED AUDIENCE:  ERCOT Market Participants
DAY AFFECTED:  July 6, 2016 and August 2, 2016
LONG DESCRIPTION:  On April 22, 2015, ERCOT migrated its Market Information System (MIS.ERCOT.com) to new Secure Hash Algorithm 256 (SHA256) Secured Socket Layer (SSL) server certificates.  ERCOT is currently in the process of upgrading all Secure Socket Layer (SSL) Certificates used to secure its websites to SHA256 algorithm certificates utilizing the SHA256 algorithm public Root Certification Authorities.  Upgrading of the SSL certificates is required to meet SHA256 server to root requirements.
Beginning on July 6, 2016, Market Participants will be required to use the new SHA256 algorithm SSL Root configuration for all programmatic access to ERCOT's Market Operations Testing Environment (MOTE) Application Programmatic Interface (API).
Beginning on August 2, 2016, Market Participants will be required to use the new SHA256 algorithm SSL Root configuration for all programmatic access to ERCOT's External Web Services API (MISAPI.ERCOT.COM and API.WAN.ERCOT.COM).
In addition, ERCOT is separating the certificates used for inbound GetInfo and Submission requests from the SSL certificate signing outbound Notifications.  Beginning on August 2, 2016, ERCOT will no longer publish the API public key.  Market participants will be required to trust the SHA256 Intermediate and SHA256 Root CA certificates only.  Making this change will allow a seamless transition each year the SSL certificate is replaced upon expiration.
Note that there is no impact to Market Participants who access the Market Information System (MIS.ERCOT.com) or other ERCOT websites through a web browser.
Details of a WebEx meeting to answer questions will be provided once scheduled.
ACTION REQUIRED:  The following certificates are the minimum required for the new SHA256 algorithm SSL Root configuration to communicate to the ERCOT Web Service API for submissions and queries (MISAPI.ERCOT.COM and API.WAN.ERCOT.COM) as well as report downloads (MIS.ERCOT.COM). Market Participants should either add these certificates to the existing keystore or create a blank keystore with just these certificates installed after the configuration. The entire SSL Chain will be required for both the Production and MOTE environments for API activity. The Client Root Certificate is required for the respective environment.

*         Required SSL Chain Certificates:

*         Production and MOTE

?  SymantecSHA256Intermediate.cer (Symantec SHA256 Intermediate Certificate)

?  SymantecSHA256CA.cer (Symantec SHA256 Root Certificate)

*         Required Client Root Certificates:

*         Production only

?  ERCOT_CA.cer (ERCOT's Production 2048 Client Root Certificate)

*         MOTE only

?  ERCOT_TEST_CA.cer (ERCOT's MOTE 2048 Client Root Certificate )
All Certificates are available for download on ERCOT.com at http://www.ercot.com/services/mdt/webservices/.
ADDITIONAL INFORMATION:  The ERCOT Market Operations Test Environment (MOTE) will be available for market testing of the SHA256 algorithm SSL Root configuration certificates prior to the production cutover. The MOTE environment can be accessed with the following URLs:
https://testing.ercot.com
https://testingapi.ercot.com/2007-08/Nodal/eEDS/EWS/.
For additional information on the transition to using cryptographic algorithms, please review the following document from the National Institute of Standard and Technology (NIST):
Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths<http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf>.
CONTACT:  If you have any questions, please contact your ERCOT Account Manager. You may also call the general ERCOT Client Services phone number at (512) 248-3900 or contact ERCOT Client Services via email at [log in to unmask]<mailto:[log in to unmask]>.
If you are receiving email from an ERCOT distribution list that you no longer wish to receive, please follow this link in order to unsubscribe from this list: http://lists.ercot.com.



mm