NOTICE DATE: March 28, 2019
NOTICE TYPE: M-B032819-01 Operations
SHORT DESCRIPTION: ERCOT Secure Sockets Layer (SSL) certificate upgrade and changes to programmatic access to ERCOTís External Web Services API
INTENDED AUDIENCE: Market Participant personnel that administer programmatic access to ERCOTís production and testing environments and User Security Administrators (USAs)
DAY AFFECTED: May 1, 2019 and May 29, 2019
LONG DESCRIPTION: On May 1, 2019 at 1:00 PM CPT, Market Participants will be required to use the new DigiCert SSL Intermediate and Root CA configuration for all programmatic access to ERCOTís Production External Web Services API (MISAPI.ERCOT.COM and API.WAN.ERCOT.COM).
On May 29, 2019 at 1:00 PM CPT, ERCOT will also implement a configuration change to ensure that API communication from Market Participants into ERCOTís production environment is sent with a handshake-level, valid ERCOT issued Client Digital Certificate, and each message signed with a valid ERCOT issued Client Digital Certificate.
These changes are currently configured in ERCOTís Market Operations Testing Environment (MOTE) and Retail Market Testing Environment (RMTE) to allow Market Participants to test their systems prior to them being implemented in ERCOTís production environment.
ERCOTís MOTE and RMTE can be accessed through the following URLs.
∑ (WAN API)
Note that there is no impact to Market Participants that access the Market Information System (MIS) or other ERCOT websites through a web browser.
May 1, 2019 @ 1:00 PM CST
The following certificates are the minimum required for the new DigiCert SSL Intermediate and Root CA configuration to communicate with the ERCOT External Web Services API for submissions, queries, and report downloads.
Market Participants should either add these certificates to the existing keystore or create a blank keystore with just these certificates installed after the new DigiCert SSL Intermediate and Root CA configuration changes to production on May 1, 2019. The entire SSL Chain will be required for the production environment for API communication. The Client Root Certificate is also required.
∑ Required SSL Chain Certificates:
ß DigiCertGlobalIntermediateG2.cer (DigiCert Global Intermediate G2 SSL Certificate)
ß DigiCertGlobalRootCAG2.cer (DigiCert Global Root CA G2 SSL Certificate)
∑ Required Client Root Certificate:
ß ERCOT_CA.cer (ERCOTís Production 2048 Client Root Certificate)
∑ Required API Public Key:
ß misapi.cer (ERCOT's New Production EWS and MarkeTrak API Public Key)
All Certificates are available for download on the Digital Certificate Security Information page of ERCOT.com.
May 29 @ 1:00 PM CST, 2019
Market Participants must also ensure that all API communication into ERCOTís production environment is sent with a handshake-level valid ERCOT issued Client Digital Certificate and each message signed with a valid ERCOT issued Client Digital Certificate on May 29, 2019.
ERCOTís MOTE/RMTE environment is currently configured to require this handshake-level validation using a Client Digital Certificate.
ADDITIONAL INFORMATION: Details of a WebEx meeting to answer questions about these production changes will be provided once it is scheduled.
CONTACT: If you have any questions, please contact your ERCOT Account Manager. You may also call the general ERCOT Client Services phone number at (512) 248-3900 or contact ERCOT Client Services via email at .
If you are receiving email from a public ERCOT distribution list that you no longer wish to receive, please follow this link in order to unsubscribe from this list: .