***** EXTERNAL email. Please be cautious and evaluate before you click on links, open attachments, or provide credentials. *****
NOTICE DATE: March 28, 2019
NOTICE TYPE: M-B032819-01 Operations
SHORT DESCRIPTION: ERCOT Secure Sockets Layer (SSL) certificate upgrade and changes to programmatic access to ERCOTs External Web Services API
INTENDED AUDIENCE: Market Participant personnel that administer programmatic access to ERCOTs production and testing environments and User Security Administrators (USAs)
DAY AFFECTED: May 1, 2019 and May 29, 2019
LONG DESCRIPTION: On May 1, 2019 at 1:00 PM CPT, Market Participants will be required to use the new DigiCert SSL Intermediate and Root CA configuration for all programmatic access to ERCOTs Production External Web Services API (MISAPI.ERCOT.COM and API.WAN.ERCOT.COM).
On May 29, 2019 at 1:00 PM CPT, ERCOT will also implement a configuration change to ensure that API communication from Market Participants into ERCOTs production environment is sent with a handshake-level, valid ERCOT issued Client Digital Certificate, and each message signed with a valid ERCOT issued Client Digital Certificate.
These changes are currently configured in ERCOTs Market Operations Testing Environment (MOTE) and Retail Market Testing Environment (RMTE) to allow Market Participants to test their systems prior to them being implemented in ERCOTs production environment.
ERCOTs MOTE and RMTE can be accessed through the following URLs.
(WAN API) https://testmisapi.wan.ercot.com
Note that there is no impact to Market Participants that access the Market Information System (MIS) or other ERCOT websites through a web browser.
May 1, 2019 @ 1:00 PM CST
The following certificates are the minimum required for the new DigiCert SSL Intermediate and Root CA configuration to communicate with the ERCOT External Web Services API for submissions, queries, and report downloads.
Market Participants should either add these certificates to the existing keystore or create a blank keystore with just these certificates installed after the new DigiCert SSL Intermediate and Root CA configuration changes to production on May 1, 2019. The entire SSL Chain will be required for the production environment for API communication. The Client Root Certificate is also required.
Required SSL Chain Certificates:
DigiCertGlobalIntermediateG2.cer (DigiCert Global Intermediate G2 SSL Certificate)
DigiCertGlobalRootCAG2.cer (DigiCert Global Root CA G2 SSL Certificate)
Required Client Root Certificate:
ERCOT_CA.cer (ERCOTs Production 2048 Client Root Certificate)
Required API Public Key:
misapi.cer (ERCOT's New Production EWS and MarkeTrak API Public Key)
All Certificates are available for download on the Digital Certificate Security Information page<http://www.ercot.com/services/mdt/webservices/> of ERCOT.com.
May 29 @ 1:00 PM CST, 2019
Market Participants must also ensure that all API communication into ERCOTs production environment is sent with a handshake-level valid ERCOT issued Client Digital Certificate and each message signed with a valid ERCOT issued Client Digital Certificate on May 29, 2019.
ERCOTs MOTE/RMTE environment is currently configured to require this handshake-level validation using a Client Digital Certificate.
ADDITIONAL INFORMATION: Details of a WebEx meeting to answer questions about these production changes will be provided once it is scheduled.
CONTACT: If you have any questions, please contact your ERCOT Account Manager. You may also call the general ERCOT Client Services phone number at (512) 248-3900 or contact ERCOT Client Services via email at [log in to unmask]<mailto:[log in to unmask]>.
If you are receiving email from a public ERCOT distribution list that you no longer wish to receive, please follow this link in order to unsubscribe from this list: http://lists.ercot.com.