ERCOT External Web Services and Notifications Secure Sockets Layer (SSL) Certificate Upgrade Leo Angele ERCOT Web Services.

Slides:

Advertisements

Similar presentations

MarkeTrak Orientation July 30,  Antitrust Admonition  Introductions  MarkeTrak Flight Test Orientation  Why Do We Test?  Overview  API vs.

Advertisements

SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.

Crew Management, Operations Control & Commercial Planning System

(4.4) Internet Protocols Layered approach to Internet Software 1.

OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program or UCSF Campus VPN.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

Security and Digital Recording System Students: Gadi Marcu, Tomer Alon Number:D1123 Supervisor: Erez Zilber Semester:Spring 2004 Mid Semester Presentation.

Exchange server Mail system Four components Mail user agent (MUA) to read and compose mail Mail transport agent (MTA) route messages Delivery agent.

Slide 1 of 10 Client Digital Certificate Upgrade.

TLS/SSL Review. Transport Layer Security A 30-second history Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent.

JVM Tehnologic Company profile & core business Founded: February 1992; –Core business: design and implementation of large software applications mainly.

Lead from the front Texas Nodal 1 EDS 3R5 Phase 1 Testing Detailed Approach and Demonstration August 16, 2007.

Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 SAN Certificate in Unity Connection Presenter Name: Bhawna Goel.

MarkeTrak Update Retail Market Subcommittee December 6, 2006 Adam Martinez & Karen Farley.

RARF QnA Session April 17, Resource Registration Process and Schedule Final RARF forms sent during week of April 7 –New Resources should get blank.

Role of Account Management at ERCOT Market Participant Identity Management Overview (MPIM)

Threat Management Gateway 2010 Questo sconosciuto? …ancora per poco! Manuela Polcaro Security Advisor.

Apache and SSL Presented by Paul Weinstein, Waubonsie Consulting, O’Reilly Open Source Convention July 24, 2002.

ERCOT MARKET EDUCATION

IBM OmniFind Enterprise Edition V9.1 – July 2010 Data Source – FileNet P8 crawler overview  Key features: –Access to FileNet P8 Content Engine by using.

Objectives: Develop a solution to either enhance or replace the FasTrak tool Scope/Why is this important?: Increase the transparency for issues that are.

Types of Electronic Infection

Lead from the front Texas Nodal 1 EDS 3 Release 5: SCED Phase 1 Kickoff Meeting August 1, 2007.

Enhancements to FasTrak PR Project Update Retail Market Subcommittee November 8, 2006 Adam Martinez Mgr, Market Operations DPO.

Lead from the front Texas Nodal 1 EDS 4 Release 9.1 DAM/RUC/SASM Market Call January 11, 2008.

1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.

Section 12.1 Discuss the functions of a Web site Create a feedback form Compare and contrast option buttons and check boxes Section 12.2 Explain the use.

Course 3: ARIES Login and Getting Started in ARIES ARIES ON DEMAND Training 3.00.

Building Security into Your System Bill Major Gregory Ponto.

SSL(Secure Socket Layer) Guided By:- Presented By:- Richard Sinn Jimmy Mehta

Module 9: Designing Public Key Infrastructure in Windows Server 2008.

WSM Administrator Training. WSM Administrator Discussion of WSM Administrator responsibilities Discussion of WSM administrative interfaces Detailed discussion.

1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.

SARVAJANIK COLLEGE OF ENGINEERING & TECHNOLOGY. Secure Sockets Layer (SSL) Protocol Presented By Shivangi Modi Presented By Shivangi ModiCo-M(Shift-1)En.No

Lead from the front Texas Nodal 1 Texas Nodal Congestion Revenue Rights (CRR) EDS 3 Release 7 - Overview EDS 3 Phase 2 MP Planning.

Information Technology Report Trey Felton Manager, IT Service Delivery September 2011 ERCOT Public.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Creating and Managing Digital Certificates Chapter Eleven.

Lead from the front Texas Nodal 1 EDS 4 Outage Scheduler EDS Market Call May 30, 2008.

Measures to prevent MITM attack and their effectiveness CSCI 5931 Web Security Submitted By Pradeep Rath Date : 23 rd March 2004.

Secure Sockets Layer (SSL) Protocol by Steven Giovenco.

Lead from the front Texas Nodal 1 EDS 4 Outage Scheduler EDS Market Call June 20, 2008.

Proposed Scope for Market Data Working Group (MDWG) MISUG December 7, 2015.

MISUG Meeting Materials Jackie Ashbaugh/Jamie Lavas ERCOT 1/13/2011.

1 Browser Compatibility Assessment June 2 nd, 2015.

February 10, 2010 RMS ERCOT 1/24/10 Production Issue Overview and Lessons Learned Karen Farley Manager, Retail Customer Choice.

1 ERCOT Retail Release Overview. 2 How Are Changes Managed? Retail Testing Business Teams Development Teams Release Management Management of: Migration.

 authenticated transmission  secure tunnel over insecure public channel  host to host transmission is typical  service independent WHAT IS NEEDED?

Information Technology Report Dave Pagliai Manager, IT Support Services September 2015 ERCOT Public.

Lead from the front Texas Nodal 1 EDS 4 Outage Scheduler EDS Market Call April 25, 2008.

Congestion Revenue Rights Market Trials Kickoff. Agenda Topics: I.Overview of CRR Market Trials Phase 3.0 II.Entry Criteria (including System Requirements)

July 2010 Web Browser Compatibility Trey Felton Manager, IT Administration.

Internet Explorer 7 Updated Advice for the NHS 04 February 2008 Version 1.3.

Information Technology Service Availability Metrics RMS August 2008 Trey Felton.

X509 Web Authentication From the perspective of security or An Introduction to Certificates.

Secure Socket Layer Protocol Dr. John P. Abraham Professor, UTRGV.

EUDAT receives funding from the European Union's Horizon 2020 programme - DG CONNECT e-Infrastructures. Contract No B 2 DROP User.

CACI Proprietary Information | Date 1 Sybase Open Client 15.5 ESD#6 Name: Semarria Rosemond Title: Systems Analyst, Lead Date: December 8, 2011.

Mesa Wi-Fi 802.1x PEAP and EAP-TLS Authentication for Wi-Fi.

August 9, 2006 Retail Market Subcommittee Meeting MarkeTrak Update.

Communication protocols 2. HTTP Hypertext Transfer Protocol, is the protocol of World Wide Web (www) Client web browser Web server Request files Respond.

September 2011 TDTWG TDTWG Update Trey Felton Manager, IT Service Delivery.

6/14/16 Installing and Maintaining Certificates with IBM® Security AppScan™ Enterprise and IBM® Security AppScan™ Source Author notes:

Setting and Upload Products

Civil Rights Data Collection (CRDC)

Building Security into Your System

Tyler Technologies presents: What you need to know about upcoming changes to your New World ERP technical environment in Mike Adnson | Launch Manager,

Tyler Technologies presents: What you need to know about upcoming changes to your New World ERP technical environment in Scott Alan Miller MCP,

Scott Miller TSM Team Lead Ray Mah Architect, Foundation

Scott Miller TSM Team Lead Ray Mah Architect, Foundation

Presentation transcript:

ERCOT External Web Services and Notifications Secure Sockets Layer (SSL) Certificate Upgrade Leo Angele ERCOT Web Services

PUBLIC Introduction The following slides will provide an overview of the Client Digital Certificate Upgrade. This overview will answer the following questions: –Who is affected by this change? –Why is ERCOT upgrading Secure Socket Layer (SSL) Certificates? –What is the timeline for the Upgrade? –What do Market Participants need to do to prepare? –What steps do Market Participants need to take for API access? –What are the risks of not preparing prior to the upgrade? –Where do Market Participants find all of ERCOT’s SSL and Client Digital Certificate Root CA’s? 2

PUBLIC Target Audience Who is affected by this change? –All Application Programmatic Interfaces (API’s) connecting to ERCOT’s Production environment for ERCOT’s External Web Services (EWS), including submissions and Get List/Report functionality, and access to the MarkeTrak API. –Market Participants utilizing ERCOT’s Notification system for Notices and Alerts. –Users accessing ERCOT’s Secure Websites via the Internet Explorer browser will not be affected. ERCOT’s Market Information System was upgraded to a new SHA256 SSL server certificate on April 22,

PUBLIC Why Upgrade? Why is ERCOT upgrading Client Digital Certificates? –Due to National Institute of Standards and Technology (NIST) Special Publication Ar1, all SSL certificates must be issued using the SHA256 algorithm. –ERCOT migrated MIS.ERCOT.COM to a new SHA256 SSL server certificate on April 22, –ERCOT’s current SHA1 MISAPI.ERCOT.COM SSL certificate expires on August 18th, –ERCOT’s current SHA1 API.WAN.ERCOT.COM SSL certificate expires on August 6th,

PUBLIC Timeline What is the timeline for the Upgrade? –ERCOT’s Market Operations Testing Environment (MOTE) External Web Services (TESTINGAPI.ERCOT.COM) will be configured on July 6th to facilitate Market Participant testing. –ERCOT’s MOTE Notification system for Notices and Alerts will be configured on July 6th. –ERCOT is providing four weeks of testing in MOTE to ensure all Market Participants have adequate time to prepare for the production migration. –ERCOT’s Production External Web Services (MISAPI.ERCOT.COM/ API.WAN.ERCOT.COM) secure websites will be configured with SHA256 SSL server certificates on August 2nd. –All API’s connecting to ERCOT’s Production External Web Services will need to have the new SSL Root Chain installed in the API keystore before the SSL certificate upgrade on August 2nd. –All API’s listening for Notices and Alerts from ERCOT’s Production Notification system will need to have the new SSL Root Chain installed in the API keystore before the SSL certificate upgrade on August 2nd. 5

PUBLIC Preparation What do Market Participants need to do to prepare? –Market Participants must download the new SHA256 Root and Intermediate Certificates from ERCOT.com prior to the configuration changes. –Market Participants must install the new SHA256 Root and Intermediate Certificates into any API keystore that is used to connect to ERCOT’s External Web Services. –Market Participants must install the new SHA256 Root and Intermediate Certificates into any API keystore for a listener waiting for Notices and Alerts from ERCOT’s Notification system. ERCOT has provided sample instructions for Market Participants to use as a guide when installing the new SHA256 Root and Intermediate Certificates on ERCOT.COM 6

PUBLIC API’s What steps do Market Participants need to take for API access? –Market Participants should add these certificates to the existing keystore prior to the configuration change. –Market Participants should NOT remove the existing SHA1 Root and Intermediate Certificates at this time. –The new SHA256 Root and Intermediate Certificates will be required for both the Production and MOTE environments. 7

PUBLIC API’s The diagram below explains a typical keystore location and the minimum required certificates. 8

PUBLIC Risks What are the risks of not preparing prior to the upgrade? –Failure to install the new SSL Root Chain in the API keystores before the SSL certificate upgrade will affect the availability of: Programmatic communication –External Web Services (EWS) –Application Programmatic Interface (API) submissions –Get List/Report functionality Access to the MarkeTrak API Receipt of Notices and Alerts 9

PUBLIC Location Where do Market Participants find all of ERCOT’s SSL Root and Intermediate Certificates? –ERCOT has published a list of all required SSL and Client Digital Certificate Root CA’s on ERCOT.com. – –Market Participants can contact their Client Services Representative for example installation instructions. 10

PUBLIC Questions  Do I have to revoke/reissue all of my user’s Digital Certificates? Will we need to regenerate private certificates and install them along with the root certificates? –No, this is just the SSL certificate that secures the API website. No client certificates will be affected.  Does the USA have to install the SSL certs? –No, IT administrators of the MP’s API will need to manually install the SSL Intermediate and Root certificates into the API’s keystore.  Does this affect everyone? –No, only applications currently connecting to ERCOT’s EWS API system and applications receiving ERCOT issued API Notifications.  As an IMRE type MP, do we need to take any action on this? –IMRE’s typically don’t use an API to query/download data and they do not make submissions.  What needs to be changed on our side? Is it just uploading new cert to our key store and removing old or more than that? –The new Root and Intermediate certificates need to be imported into your existing keystore(you do not have to remove the old). If you choose to use a fresh keystore, you must wait until the SSL certificate is installed on ERCOT’s systems prior to switching your system to the new keystore.  To do testing, do I need test API cert? If so how do I get it? –Yes, you need an API certificate to test the API. Your USA can issue an API certificate for you.  I tried connecting to but I could not connect. Do I need any certificate to connect to the MOTE environment? If so how do I get it? –Yes, you need an MOTE certificate to test in the MOTE environment (testingapi.ercot.com). Your USA can issue an appropriate user or API certificate for you. 11