***** EXTERNAL email. Please be cautious and evaluate before you click on links, open attachments, or provide credentials. *****

NOTICE DATE:  March 28, 2019

NOTICE TYPE:  M-B032819-01 Operations

SHORT DESCRIPTION:  ERCOT Secure Sockets Layer (SSL) certificate upgrade and changes to programmatic access to ERCOT’s External Web Services API

INTENDED AUDIENCE:  Market Participant personnel that administer programmatic access to ERCOT’s production and testing environments and User Security Administrators (USAs)

DAY AFFECTED:  May 1, 2019 and May 29, 2019

LONG DESCRIPTION:  On May 1, 2019 at 1:00 PM CPT, Market Participants will be required to use the new DigiCert SSL Intermediate and Root CA configuration for all programmatic access to ERCOT’s Production External Web Services API (MISAPI.ERCOT.COM and API.WAN.ERCOT.COM).

On May 29, 2019 at 1:00 PM CPT, ERCOT will also implement a configuration change to ensure that API communication from Market Participants into ERCOT’s production environment is sent with a handshake-level, valid ERCOT issued Client Digital Certificate, and each message signed with a valid ERCOT issued Client Digital Certificate.

These changes are currently configured in ERCOT’s Market Operations Testing Environment (MOTE) and Retail Market Testing Environment (RMTE) to allow Market Participants to test their systems prior to them being implemented in ERCOT’s production environment.

ERCOT’s MOTE and RMTE can be accessed through the following URLs.

••••••••• (API) https://testmisapi.ercot.com

••••••••• (WAN API) https://testmisapi.wan.ercot.com

Note that there is no impact to Market Participants that access the Market Information System (MIS) or other ERCOT websites through a web browser.


May 1, 2019 @ 1:00 PM CST

The following certificates are the minimum required for the new DigiCert SSL Intermediate and Root CA configuration to communicate with the ERCOT External Web Services API for submissions, queries, and report downloads.

Market Participants should either add these certificates to the existing keystore or create a blank keystore with just these certificates installed after the new DigiCert SSL Intermediate and Root CA configuration changes to production on May 1, 2019. The entire SSL Chain will be required for the production environment for API communication. The Client Root Certificate is also required.

••••••••• Required SSL Chain Certificates:

o   Production

•• DigiCertGlobalIntermediateG2.cer (DigiCert Global Intermediate G2 SSL Certificate)

•• DigiCertGlobalRootCAG2.cer (DigiCert Global Root CA G2 SSL Certificate)

••••••••• Required Client Root Certificate:

o   Production

•• ERCOT_CA.cer (ERCOT’s Production 2048 Client Root Certificate)

••••••••• Required API Public Key:

o   Production

•• misapi.cer (ERCOT's New Production EWS and MarkeTrak API Public Key)

All Certificates are available for download on the Digital Certificate Security Information page<http://www.ercot.com/services/mdt/webservices/> of ERCOT.com.

May 29 @ 1:00 PM CST, 2019

Market Participants must also ensure that all API communication into ERCOT’s production environment is sent with a handshake-level valid ERCOT issued Client Digital Certificate and each message signed with a valid ERCOT issued Client Digital Certificate on May 29, 2019.

ERCOT’s MOTE/RMTE environment is currently configured to require this handshake-level validation using a Client Digital Certificate.

ADDITIONAL INFORMATION:  Details of a WebEx meeting to answer questions about these production changes will be provided once it is scheduled.

CONTACT:  If you have any questions, please contact your ERCOT Account Manager. You may also call the general ERCOT Client Services phone number at (512) 248-3900 or contact ERCOT Client Services via email at [log in to unmask]<mailto:[log in to unmask]>.

If you are receiving email from a public ERCOT distribution list that you no longer wish to receive, please follow this link in order to unsubscribe from this list: http://lists.ercot.com.