Server to Server Entrust Certificate Change
- Qvalent Quickstream
- Stephen Macmillan (Unlicensed)
- Sean James
- Grant Donnelly
In line with the security industry best practice, Symantec-issued SSL/TLS certificates will be deprecated. To mitigate this, the following URLs will have the SSL/TLS certificates replaced with Entrust certificates:
QuickSuper API (https://ws.qvalent.com) [COMPLETED 02/05/2022]
QuickWeb/Connect Secure Token Request (https://ws.qvalent.com) [COMPLETED 02/05/2022]
iLink SOAP file transfer (https://ws.qvalent.com) [COMPLETED 02/05/2022]
iLink HTTP file transfer (https://ssiw.qvalent.com) [COMPLETED 06/06/2022]
QuickGateway (https://ccapi.client.qvalent.com) [COMPLETED 04/07/2022]
PayWay Classic API (https://ccapi.client.qvalent.com) [COMPLETED 04/07/2022]
On this page:
Important Change Information for Qvalent/Westpac/St. George Customers
This page contains advice that must be actioned to ensure no loss of banking service with the QuickStream, iLink and QuickSuper Qvalent/Westpac/St. George products
Who might this change affect?
Any customer application which:
Connects to any of the following URLs hosted by Qvalent used by our QuickStream, PayWay, QuickSuper API and/or iLink products, and
Does not already have the relevant Entrust certificate authority added to the application's SSL/TLS trust store.
URL | Product(s) |
|---|---|
https://ws.qvalent.com (Production Environment) [COMPLETED 02/05/2022] | QuickSuper API SOAP Services QuickStream QuickWeb Secure Token Request QuickStream QuickConnect Secure Token Request iLink SOAP and HTTPS file transfer |
https://ssiw.qvalent.com (Production Environment) [COMPLETED 06/06/2022] | iLink (Legacy HTTPS file transfer) Note: on port 443 only, this does not include SFTP (port 22). |
https://ccapi.client.qvalent.com (Production Environment) [SCHEDULED FOR 04/07/2022] | QuickStream - QuickGateway PayWay Classic API |
Why is Qvalent/Westpac/St. George making this change?
Trust for all SSL/TLS certificates issued by Verisign/Symantec Roots is being deprecated in September 2018 in new releases of their Internet browser applications. Additionally, DigiCert who purchased Verisign/Symantec will stop issuing cross chains to the old Versign roots in early 2022. This means that we will no longer be able to request certificates with this cross-chain.
Qvalent has made the decision to move to Entrust as our new provider of SSL/TLS certificates for these hosts. This means changing the structure of the certificates on these hosts which may result in distrust by applications.
When will this change be made?
Qvalent plans to make the certificate changes at the following dates/times:
URL | Date and Time |
|---|---|
(Production Environment) | Monday 2nd May 2022 @ 10:00am AEST [COMPLETED] |
(Production Environment) | Monday 6th June 2022 @ 10:00am AEST [COMPLETED] |
https://ccapi.client.qvalent.com (Production Environment) | Monday 4th July @ 10:00am AEST |
Customers however can take action now to prepare for these changes.
What certificates are being changed?
Qvalent will begin to issue server certificates for the above hosts from the following Root and Intermediate Certificates
Root Certificate
Common Name (CN) | Entrust Root Certification Authority - G2 |
Valid Until | 8/12/2030 |
Thumbprint | 8c f4 27 fd 79 0c 3a d1 66 06 8d e8 1e 57 ef bb 93 22 72 d4 |
Available from Entrust at |
Intermediate Certificate
Common Name (CN) | Entrust Certification Authority - L1K |
Issued By | Entrust Root Certification Authority - G2 |
Valid Until | 6/12/2030 |
Thumbprint | f2 1c 12 f4 6c db 6b 2e 16 f0 9f 94 19 cd ff 32 84 37 b2 d7 |
Available from Entrust at |
How does this change affect my application?
When your application connects to one of the above hosts, it requests it validates the certificate issued to these hosts comes from a trusted certificate authority.
If you do not have the new Entrust root certificate authority hosts in your repository, then your application will not trust the Qvalent host.
If this happens, your application will not connect to our web service, which will result in a loss of banking service.
What must I do?
To Do | |
|---|---|
| 1 | Read this detailed change advice and ensure it reaches all application owners which connect to Qvalent services to investigate the impact of this change. |
| 2 | Identify all applications which interact with these hosts and take action to prepare for this change immediately. |
| 3 | Validate preparedness of applications and systems for this change by ensuring all systems have the Entrust Root CA in their application’s trust store.
|
| 4 | Take immediate action to add the Entrust Root CA to your application's trust store if it is not present.
|
| 5 | Understand and be prepared to instigate business BCP processes in the event of any issues post change to ensure banking services continue with this loss of service |
| 6 | Understand and be prepared to gather application developer and systems administrator resources in the event of any issues post change. |
Test Environment
Below is a list of the corresponding Test URLs. These URLs have Entrust certificates which you can use to confirm your integration.
Product | Production URL | Test URL |
|---|---|---|
QuickSuper API | ||
iLink | ||
QuickGateway | ||
QuickWeb/ | ||
PayWay Classic API |
Getting Help
Further information regarding this change can be found at:
Further Information Regarding Qvalent/Westpac Entrust SSL/TLS Certificate Change.
For QuickStream Customers using QuickGateway
Email quickstream@qvalent.com or phone the QuickStream helpdesk team on 1300 726 370 between 8.30 am to 5.30 pm (AEST), Monday to Friday.
For iLink Customers
Email ilink_support@qvalent.com or phone the iLink Helpdesk team on 1300 726 370 between 8.30 am to 5.30 pm (AEST), Monday to Friday.
For Westpac PayWay Customers
Email payway@qvalent.com or phone the PayWay Helpdesk team on 1300 727 111 between 8.30 am to 5.30 pm (AEST), Monday to Friday.
For St. George PayWay Customers
Email payway@qvalent.com or phone the PayWay Helpdesk team on 1300 395 501 between 8.30 am to 5.30 pm (AEST), Monday to Friday.
Disclaimer
These guidelines are general in nature and have been prepared without knowledge of the specific environment in which your systems operate. These guidelines are current at the time of writing but may require updates over time. Except where contrary to law, Westpac intends by this notice, to exclude liability for these guidelines and the information contained in them. While Westpac has made every effort to ensure these guidelines are free from error, Westpac does not warrant their accuracy, adequacy or completeness.
Things you should know: If you are located in Australia, this material is provided to you solely for your own use and in your capacity as a client of Westpac Banking Corporation ABN 33 007 457 141 AFSL 233714 (‘Westpac’). If you are located outside of Australia, this material is provided to you as outlined below.
This material contains general commentary only and does not constitute investment advice. Certain types of transactions, including those involving futures, options and high yield securities give rise to substantial risk and are not suitable for all investors. We recommend that you seek your own independent legal or financial advice before proceeding with any investment decision. Always refer to the disclosure documents for your selected product or service, including the Terms and Conditions or Product Disclosure Statement before deciding. This information has been prepared without taking account of your objectives, financial situation or needs. This material may contain material provided by third parties. While such material is published with the necessary permission none of Westpac or its related entities accepts any responsibility for the accuracy or completeness of any such material. Although we have made every effort to ensure the information is free from error, none of Westpac or its related entities warrants the accuracy, adequacy or completeness of the information, or otherwise endorse it in any way. Except where contrary to law, none of Westpac or its related entities intends by this notice to exclude liability for the information. The information is subject to change without notice and none of Westpac or its related entities is under any obligation to update the information or correct any inaccuracy which may become apparent at a later date. The information contained in this material does not constitute an offer, a solicitation of an offer, or an inducement to subscribe for, purchase or sell any financial instrument or to enter a legally binding contract. Past performance is not a reliable indicator of future performance. The forecasts given in this material are predictive in character. Whilst every effort has been taken to ensure that the assumptions on which the forecasts are based are reasonable, the forecasts may be affected by incorrect assumptions or by known or unknown risks and uncertainties. The ultimate outcomes may differ substantially from these forecasts.
Transactions involving carbon give rise to substantial risk (including regulatory risk) and are not suitable for all investors. We recommend that you seek your own independent legal or financial advice before proceeding with any investment decision. This information has been prepared without taking account of your objectives, financial situation or needs. Statements setting out a concise description of the characteristics of carbon units, Australian carbon credit units and eligible international emissions units (respectively) are available at http://www.cleanenergyregulator.gov.au , as mentioned in section 202 of the Clean Energy Act 2011, section 162 of the Carbon Credits (Carbon Farming Initiative) Act 2011 and section 61 of the Australian National Registry of Emissions Units Act 2011. You should consider each such statement in deciding whether to acquire, or to continue to hold, any carbon unit, Australian carbon credit unit or eligible international emissions unit.
The products and services described in this document are provided subject to local capabilities and are not available in all locations. Products and services are provided in accordance with appropriate local legislation and regulation.
New Zealand: In New Zealand Westpac Institutional Bank refers to the brand under which products and services are provided by either Westpac or Westpac New Zealand Limited (NZBN 942 903 432 4622) (WNZL). Any product or service made available by WNZL does not represent an offer from Westpac or any of its subsidiaries (other than WNZL). Neither Westpac nor its other subsidiaries guarantee or otherwise support the performance of WNZL in respect of any such product or service. WNZL is not an authorised deposit-taking institution for the purposes of Australian prudential standards. The current disclosure statements for the New Zealand branch of Westpac and WNZL can be obtained at the internet address http://www.westpac.co.nz . Both entities are registered banks in New Zealand under the Reserve Bank of New Zealand Act 1989.
U.K.: Westpac Banking Corporation is registered in the United Kingdom as a branch (branch number BR000106) and is authorised and regulated by the Australian Prudential Regulation Authority in Australia. WBC is authorised in the United Kingdom by the Prudential Regulation Authority (PRA). WBC is subject to regulation by the Financial Conduct Authority and limited regulation by the PRA in the United Kingdom. Details about the extent of our regulation by the PRA are available from us on request. Westpac Europe Limited is a company registered in England (number 05660032) and is authorised by the PRA and regulated by the Financial Conduct Authority and the PRA.
China, Hong Kong and Singapore: Westpac Singapore Branch holds a wholesale banking licence and is subject to supervision by the Monetary Authority of Singapore. Westpac Hong Kong Branch holds a banking licence and is subject to supervision by the Hong Kong Monetary Authority. Westpac Hong Kong branch also holds a licence issued by the Hong Kong Securities and Futures Commission (SFC) for Type 1 and Type 4 regulated activity. Westpac Shanghai and Beijing Branches hold banking licences and are subject to supervision by the China Banking and Insurance Regulatory Commission (CBIRC).
U.S.: Westpac operates in the United States of America as a federally licenced branch, regulated by the Office of Comptroller of the Currency. Westpac is also registered with the US Commodity Futures Trading Commission (CFTC) as a Swap Dealer, but is neither registered as, or affiliated with, a Futures Commission Merchant registered with the US CFTC. The services and products referenced in this material is not insured by the Federal deposit Insurance Corporation (FDIC). Westpac Capital Markets, LLC (WCM), a wholly-owned subsidiary of Westpac, is a broker-dealer registered under the U.S. Securities Exchange Act of 1934 (the Exchange Act) and member of the Financial Industry Regulatory Authority (FINRA).