TLS Certificate Rotation FAQs

Owned by Suzanne Joyce
Last updated: May 28, 2024

Question

Response

Question

Response

What exactly is it we need to update?

Whatever tool you use to send data to PKB (ie. your integration engine) needs to be updated to the latest version.

How do you know our software isn’t up to date?

When you initially connect to PKB to send data, we log the cipher suite you are using to send data to us so we can see if this is out of date.

Our software logs the algorithms selected to be used during data transmission (called cipher suite).
Tools should pick the most secure/effective algorithms available from the set of algorithms supported by both sides.
The fact that our connection to your system used a certain algorithm is a strong indicator that your tools are out of date.

Why do we need to update our software?

Security holes are found frequently. Software updates contain - beside new features - patches for known vulnerabilities and performance improvements.
Keeping your software up-to-date makes your digital presence safer and faster.
The latest version will enable you to send data to PKB in the most secure way.

As a customer, are we required to provide our own TLS certificate?

No. You just need to keep your software up-to-date.

How often does PKB rotate their TLS certificate?

Approximately every 3 months.

What if we don’t upgrade our software by the time next PKB certificate rotation happens?

We don’t anticipate you experiencing any issues as we will only use certificates that shouldn’t cause problems for a limited period of time. However, these certificates are less secure and there will come a time when we will move to the move secure certificates, necessitating your software is sufficiently up to date.