NOTICE DATE:  September 29, 2011
NOTICE TYPE:  M-A051011-07 General
SHORT DESCRIPTION:  REMINDER - Upgrading all SSL Certificates for API users to 2048-bit RSA keys
INTENDED AUDIENCE:  ERCOT Market Participants
DAY AFFECTED:  September 30, 2011
LONG DESCRIPTION:  On June 22, 2011, ERCOT migrated MISAPI.ERCOT.com and MIS.ERCOT.com to new 2048-bit Secured Socket Layer (SSL) server certificates (Notice M-A051011-03). Now, to meet the 2048-bit server to root RSA key requirement, ERCOT is in the process of upgrading all SSL Certificates used to secure the ERCOT websites to 2048-bit RSA keys utilizing the 2048-bit RSA public Root Certification Authorities.
Beginning September 30, 2011, at 10:30 AM, all Production Application Programmatic Interface (API) traffic will be required to communicate using the new 2048-bit RSA SSL Root configuration. The Market Operations Testing Environment (MOTE) is currently configured to utilize this configuration to facilitate Market Participant testing.
Note that there is no impact to users who access MIS.ERCOT.com or other ERCOT websites through a web browser.
ACTION REQUIRED:  The following certificates are the minimum required for the new 2048-RSA key communication to the ERCOT Web Service API for submissions and queries (MISAPI.ERCOT.COM) as well as report downloads (MIS.ERCOT.COM). Market Participants should either add these certificates to the existing keystore or create a blank keystore with just these certificates installed after the configuration. The entire SSL Chain will be required for both the Production and MOTE environments for API activity. The Client Root Certificate is required for the respective environment.

         Required SSL Chain Certificates:

         Production and MOTE

  VeriSign_Class_3_International_Server_CA_G3.cer (VeriSign 2048 Intermediate Certificate)

  VeriSign_Class_3_Public_Primary_Certification_Authority_G5.cer (VeriSign 2048 Root Certificate)

         Required Client Root Certificates:

         Production only

  OnSite2-314.cer (ERCOT's Production Client Root Certificate)

         MOTE only

  Pilot_OnSite.cer (ERCOT's For Test Purposes Only Client Root Certificate)
All Certificates are available for download on ERCOT.com at http://www.ercot.com/services/mdt/webservices/.
ADDITIONAL INFORMATION:  As a reminder, the ERCOT Market Operations Test Environment (MOTE) is available for market testing of the 2048-bit certificates prior to the production cutover. The MOTE environment can be accessed with the following URLs:
https://testing.ercot.com
https://testingapi.ercot.com/2007-08/Nodal/eEDS/EWS/.
CONTACT:  If you have any questions, please contact your ERCOT Account Manager. You may also call the general ERCOT Client Services phone number at (512) 248-3900 or contact ERCOT Client Services via email at [log in to unmask]<mailto:[log in to unmask]>.
If you are receiving email from an ERCOT distribution list that you no longer wish to receive, please follow this link in order to unsubscribe from this list: http://lists.ercot.com.










dh


############################

To unsubscribe from the NOTICE_EXTRACTS_RETAIL list:
write to: mailto:[log in to unmask]
or click the following link:
http://lists.ercot.com/SCRIPTS/WA-ERCOT.EXE?SUBED1=NOTICE_EXTRACTS_RETAIL&A=1