Presentation is loading. Please wait.

Presentation is loading. Please wait.

ERCOT External Web Services and Notifications Secure Sockets Layer (SSL) Certificate Upgrade Leo Angele ERCOT Web Services.

Published byShawn James Modified over 8 years ago

Similar presentations

Presentation on theme: "ERCOT External Web Services and Notifications Secure Sockets Layer (SSL) Certificate Upgrade Leo Angele ERCOT Web Services."— Presentation transcript:

1 ERCOT External Web Services and Notifications Secure Sockets Layer (SSL) Certificate Upgrade Leo Angele ERCOT Web Services

2 PUBLIC Introduction The following slides will provide an overview of the Client Digital Certificate Upgrade. This overview will answer the following questions: –Who is affected by this change? –Why is ERCOT upgrading Secure Socket Layer (SSL) Certificates? –What is the timeline for the Upgrade? –What do Market Participants need to do to prepare? –What steps do Market Participants need to take for API access? –What are the risks of not preparing prior to the upgrade? –Where do Market Participants find all of ERCOT’s SSL and Client Digital Certificate Root CA’s? 2

3 PUBLIC Target Audience Who is affected by this change? –All Application Programmatic Interfaces (API’s) connecting to ERCOT’s Production environment for ERCOT’s External Web Services (EWS), including submissions and Get List/Report functionality, and access to the MarkeTrak API. –Market Participants utilizing ERCOT’s Notification system for Notices and Alerts. –Users accessing ERCOT’s Secure Websites via the Internet Explorer browser will not be affected. ERCOT’s Market Information System was upgraded to a new SHA256 SSL server certificate on April 22, 2015. 3

4 PUBLIC Why Upgrade? Why is ERCOT upgrading Client Digital Certificates? –Due to National Institute of Standards and Technology (NIST) Special Publication 800-131Ar1, all SSL certificates must be issued using the SHA256 algorithm. –ERCOT migrated MIS.ERCOT.COM to a new SHA256 SSL server certificate on April 22, 2015. –ERCOT’s current SHA1 MISAPI.ERCOT.COM SSL certificate expires on August 18th, 2016. –ERCOT’s current SHA1 API.WAN.ERCOT.COM SSL certificate expires on August 6th, 2016. 4

5 PUBLIC Timeline What is the timeline for the Upgrade? –ERCOT’s Market Operations Testing Environment (MOTE) External Web Services (TESTINGAPI.ERCOT.COM) will be configured on July 6th to facilitate Market Participant testing. –ERCOT’s MOTE Notification system for Notices and Alerts will be configured on July 6th. –ERCOT is providing four weeks of testing in MOTE to ensure all Market Participants have adequate time to prepare for the production migration. –ERCOT’s Production External Web Services (MISAPI.ERCOT.COM/ API.WAN.ERCOT.COM) secure websites will be configured with SHA256 SSL server certificates on August 2nd. –All API’s connecting to ERCOT’s Production External Web Services will need to have the new SSL Root Chain installed in the API keystore before the SSL certificate upgrade on August 2nd. –All API’s listening for Notices and Alerts from ERCOT’s Production Notification system will need to have the new SSL Root Chain installed in the API keystore before the SSL certificate upgrade on August 2nd. 5

6 PUBLIC Preparation What do Market Participants need to do to prepare? –Market Participants must download the new SHA256 Root and Intermediate Certificates from ERCOT.com prior to the configuration changes. –Market Participants must install the new SHA256 Root and Intermediate Certificates into any API keystore that is used to connect to ERCOT’s External Web Services. –Market Participants must install the new SHA256 Root and Intermediate Certificates into any API keystore for a listener waiting for Notices and Alerts from ERCOT’s Notification system. ERCOT has provided sample instructions for Market Participants to use as a guide when installing the new SHA256 Root and Intermediate Certificates on ERCOT.COM 6

7 PUBLIC API’s What steps do Market Participants need to take for API access? –Market Participants should add these certificates to the existing keystore prior to the configuration change. –Market Participants should NOT remove the existing SHA1 Root and Intermediate Certificates at this time. –The new SHA256 Root and Intermediate Certificates will be required for both the Production and MOTE environments. 7

8 PUBLIC API’s The diagram below explains a typical keystore location and the minimum required certificates. 8

9 PUBLIC Risks What are the risks of not preparing prior to the upgrade? –Failure to install the new SSL Root Chain in the API keystores before the SSL certificate upgrade will affect the availability of: Programmatic communication –External Web Services (EWS) –Application Programmatic Interface (API) submissions –Get List/Report functionality Access to the MarkeTrak API Receipt of Notices and Alerts 9

10 PUBLIC Location Where do Market Participants find all of ERCOT’s SSL Root and Intermediate Certificates? –ERCOT has published a list of all required SSL and Client Digital Certificate Root CA’s on ERCOT.com. –http://www.ercot.com/services/mdt/webservices/index.htmlhttp://www.ercot.com/services/mdt/webservices/index.html –Market Participants can contact their Client Services Representative for example installation instructions. 10

11 PUBLIC Questions  Do I have to revoke/reissue all of my user’s Digital Certificates? Will we need to regenerate private certificates and install them along with the root certificates? –No, this is just the SSL certificate that secures the API website. No client certificates will be affected.  Does the USA have to install the SSL certs? –No, IT administrators of the MP’s API will need to manually install the SSL Intermediate and Root certificates into the API’s keystore.  Does this affect everyone? –No, only applications currently connecting to ERCOT’s EWS API system and applications receiving ERCOT issued API Notifications.  As an IMRE type MP, do we need to take any action on this? –IMRE’s typically don’t use an API to query/download data and they do not make submissions.  What needs to be changed on our side? Is it just uploading new cert to our key store and removing old or more than that? –The new Root and Intermediate certificates need to be imported into your existing keystore(you do not have to remove the old). If you choose to use a fresh keystore, you must wait until the SSL certificate is installed on ERCOT’s systems prior to switching your system to the new keystore.  To do testing, do I need test API cert? If so how do I get it? –Yes, you need an API certificate to test the API. Your USA can issue an API certificate for you.  I tried connecting to https://testing.ercot.com but I could not connect. Do I need any certificate to connect to the MOTE environment? If so how do I get it? https://testing.ercot.com –Yes, you need an MOTE certificate to test in the MOTE environment (testingapi.ercot.com). Your USA can issue an appropriate user or API certificate for you. 11

Download ppt "ERCOT External Web Services and Notifications Secure Sockets Layer (SSL) Certificate Upgrade Leo Angele ERCOT Web Services."

Similar presentations

MarkeTrak Orientation July 30, 2008.  Antitrust Admonition  Introductions  MarkeTrak Flight Test Orientation  Why Do We Test?  Overview  API vs.

MarkeTrak Orientation July 30,  Antitrust Admonition  Introductions  MarkeTrak Flight Test Orientation  Why Do We Test?  Overview  API vs.
SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.

SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.
Crew Management, Operations Control & Commercial Planning System

Crew Management, Operations Control & Commercial Planning System
(4.4) Internet Protocols Layered approach to Internet Software 1.

(4.4) Internet Protocols Layered approach to Internet Software 1.
OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program or 415.514-3333 UCSF Campus VPN.

OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program or UCSF Campus VPN.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Security and Digital Recording System Students: Gadi Marcu, Tomer Alon Number:D1123 Supervisor: Erez Zilber Semester:Spring 2004 Mid Semester Presentation.

Security and Digital Recording System Students: Gadi Marcu, Tomer Alon Number:D1123 Supervisor: Erez Zilber Semester:Spring 2004 Mid Semester Presentation.
Exchange server 2003. Mail system Four components Mail user agent (MUA) to read and compose mail Mail transport agent (MTA) route messages Delivery agent.

Exchange server Mail system Four components Mail user agent (MUA) to read and compose mail Mail transport agent (MTA) route messages Delivery agent.
Slide 1 of 10 Client Digital Certificate Upgrade.

Slide 1 of 10 Client Digital Certificate Upgrade.
TLS/SSL Review. Transport Layer Security A 30-second history Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent.

TLS/SSL Review. Transport Layer Security A 30-second history Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent.
JVM Tehnologic Company profile & core business Founded: February 1992; –Core business: design and implementation of large software applications mainly.

JVM Tehnologic Company profile & core business Founded: February 1992; –Core business: design and implementation of large software applications mainly.
Lead from the front Texas Nodal 1 EDS 3R5 Phase 1 Testing Detailed Approach and Demonstration August 16, 2007.

Lead from the front Texas Nodal 1 EDS 3R5 Phase 1 Testing Detailed Approach and Demonstration August 16, 2007.
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 SAN Certificate in Unity Connection Presenter Name: Bhawna Goel.

Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 SAN Certificate in Unity Connection Presenter Name: Bhawna Goel.
MarkeTrak Update Retail Market Subcommittee December 6, 2006 Adam Martinez & Karen Farley.

MarkeTrak Update Retail Market Subcommittee December 6, 2006 Adam Martinez & Karen Farley.
RARF QnA Session April 17, 2008. 2 Resource Registration Process and Schedule Final RARF forms sent during week of April 7 –New Resources should get blank.

RARF QnA Session April 17, Resource Registration Process and Schedule Final RARF forms sent during week of April 7 –New Resources should get blank.
Role of Account Management at ERCOT Market Participant Identity Management Overview (MPIM)

Role of Account Management at ERCOT Market Participant Identity Management Overview (MPIM)
Threat Management Gateway 2010 Questo sconosciuto? …ancora per poco! Manuela Polcaro Security Advisor.

Threat Management Gateway 2010 Questo sconosciuto? …ancora per poco! Manuela Polcaro Security Advisor.
Apache and SSL Presented by Paul Weinstein, Waubonsie Consulting, O’Reilly Open Source Convention July 24, 2002.

Apache and SSL Presented by Paul Weinstein, Waubonsie Consulting, O’Reilly Open Source Convention July 24, 2002.
ERCOT MARKET EDUCATION

ERCOT MARKET EDUCATION
IBM OmniFind Enterprise Edition V9.1 – July 2010 Data Source – FileNet P8 crawler overview  Key features: –Access to FileNet P8 Content Engine by using.

IBM OmniFind Enterprise Edition V9.1 – July 2010 Data Source – FileNet P8 crawler overview  Key features: –Access to FileNet P8 Content Engine by using.

Similar presentations

Ads by Google