Security between your B2G servers and the PPSR is provided by the transport layer security (TLS) protocol. TLS is now the only supported protocol. Secure socket layer (SSL) is no longer used due to vulnerabilities identified with the SSL protocol.
Your security is also protected by your B2G password. It is important to keep this password safe.
Upgrade to TLS 1.2 and stronger cyphers
PPSR is disabling the ageing TLS 1.0 and TLS 1.1 encryption protocols starting immediately in the PPSR Discovery environment.
PPSR will continue to support TLS 1.2
Additionally, we will now only support the following stronger ciphers:
In order to maintain access to your services, you need to ensure your B2G client has TLS 1.2 enabled.
If your B2G client does not have TLS 1.2 or higher enabled after we make this change in Production, then you will NOT be able to access the PPSR.
When will the update take place?
- The changes have already been made in PPSR Discovery environment allowing you to immediately test your connection.
- Following successful connection to the Discovery environment we are encouraging B2Gs to implement this change in their production environment by the end of the year.
TLS server certificate
TLS is used to provide transport layer encryption for all transactions through the PPSR B2G interface.
This encryption is handled by TLS server certificates, which allow secure connections to be created between the PPSR B2G servers and your B2G servers.
Current version of TLS
Ensure all TLS certificate paths within your B2G software interface are kept up to date with the most recent certificate authorities available.
TLS authentication errors can occur if the TLS certificate stored within your B2G software application programming interface (API) is not up to date. You can avoid this by making sure you accept all critical updates.
Website Identification Certificate Supplier
What do you need to do?
Check that you have the following certificates in your trusted certificate authority list:
Root Certificate Authority: DigiCert High Assurance EV Root CA
Intermediate Certificate Authority: DigiCert SHA2 Extended Validation Server CA
Further information is available from: https://www.digicert.com/digicert-root-certificates.htm(opens new window)
Verify that you can access the Web User Interface, and can still transact through your B2G interface.
Will this impact me?
For most users of the PPSR, there will be no impact, as most devices will already trust DigiCert. If you are in a tightly controlled operating environment or using old software, then this may impact you.
Possible impacts are:
- A warning when you access the PPSR via the Web User Interface
- Complete inability to access the PPSR Web User Interface
- Complete failure of your system to access the B2G channel
B2G password security
You should always keep your B2G password secure. Your account administrator can:
- reset your password
- view your password history
- unlock your account for the PPSR Web UI.
If you have the permissions, you can also manage your B2G password.