Server to Server Entrust Certificate Change

In line with the security industry best practice, Symantec-issued SSL/TLS certificates will be deprecated. To mitigate this, the following URLs will have the SSL/TLS certificates replaced with Entrust certificates:


On this page:


Important Change Information for Qvalent/Westpac/St. George Customers

This page contains advice that must be actioned to ensure no loss of banking service with the QuickStream, iLink and QuickSuper Qvalent/Westpac/St. George products

Who might this change affect?

Any customer application which:

  • Connects to any of the following URLs hosted by Qvalent used by our QuickStream, PayWay, QuickSuper API and/or iLink products, and

  • Does not already have the relevant Entrust certificate authority added to the application's SSL/TLS trust store.

URL

Product(s)

URL

Product(s)

https://ws.qvalent.com (Production Environment)

[COMPLETED 02/05/2022]

QuickSuper API

SOAP Services

QuickStream QuickWeb Secure Token Request

QuickStream QuickConnect Secure Token Request

iLink SOAP and HTTPS file transfer

https://ssiw.qvalent.com (Production Environment)

[COMPLETED 06/06/2022]

iLink (Legacy HTTPS file transfer)

Note: on port 443 only, this does not include SFTP (port 22).

https://ccapi.client.qvalent.com (Production Environment)

[SCHEDULED FOR 04/07/2022]

QuickStream - QuickGateway

PayWay Classic API

Why is Qvalent/Westpac/St. George making this change?

Trust for all SSL/TLS certificates issued by Verisign/Symantec Roots is being deprecated in September 2018 in new releases of their Internet browser applications. Additionally, DigiCert who purchased Verisign/Symantec will stop issuing cross chains to the old Versign roots in early 2022. This means that we will no longer be able to request certificates with this cross-chain.

Qvalent has made the decision to move to Entrust as our new provider of SSL/TLS certificates for these hosts. This means changing the structure of the certificates on these hosts which may result in distrust by applications.

When will this change be made?

Qvalent plans to make the certificate changes at the following dates/times:

URL

Date and Time

URL

Date and Time

http://ws.qvalent.com

(Production Environment)

Monday 2nd May 2022 @ 10:00am AEST

[COMPLETED]

https://ssiw.qvalent.com 

(Production Environment)

Monday 6th June 2022 @ 10:00am AEST

[COMPLETED]

https://ccapi.client.qvalent.com

(Production Environment)

Monday 4th July @ 10:00am AEST

Customers however can take action now to prepare for these changes.

What certificates are being changed?

Qvalent will begin to issue server certificates for the above hosts from the following Root and Intermediate Certificates

Root Certificate

Common Name (CN)

Entrust Root Certification Authority - G2

Valid Until

8/12/2030

Thumbprint

8c f4 27 fd 79 0c 3a d1 66 06 8d e8 1e 57 ef bb 93 22 72 d4

Available from Entrust at

https://entrust.com/root-certificates/entrust_g2_ca.cer

Intermediate Certificate

Common Name (CN)

Entrust Certification Authority - L1K

Issued By

Entrust Root Certification Authority - G2

Valid Until

6/12/2030

Thumbprint

f2 1c 12 f4 6c db 6b 2e 16 f0 9f 94 19 cd ff 32 84 37 b2 d7

Available from Entrust at

https://entrust.com/root-certificates/entrust_l1k.cer

How does this change affect my application?

When your application connects to one of the above hosts, it requests it validates the certificate issued to these hosts comes from a trusted certificate authority.

If you do not have the new Entrust root certificate authority hosts in your repository, then your application will not trust the Qvalent host.

If this happens, your application will not connect to our web service, which will result in a loss of banking service.

What must I do?

To Do

To Do

1

Read this detailed change advice and ensure it reaches all application owners which connect to Qvalent services to investigate the impact of this change.

2

Identify all applications which interact with these hosts and take action to prepare for this change immediately.

3

Validate preparedness of applications and systems for this change by ensuring all systems have the Entrust Root CA in their application’s trust store.

4

Take immediate action to add the Entrust Root CA to your application's trust store if it is not present.

  • This procedure varies depending on your application technology.

  • For QuickStream / PayWay / QuickSuper / iLink customers using https://ccapi.client.qvalent.com, https://ws.qvalent.com or https://ssiw.qvalent.com perform UAT testing against our test environment to ensure these changes are appropriate for your application and ensure changes are promoted to Production environments. Our test environment already has the new Entrust certificates installed.

5

Understand and be prepared to instigate business BCP processes in the event of any issues post change to ensure banking services continue with this loss of service

6

Understand and be prepared to gather application developer and systems administrator resources in the event of any issues post change.

Test Environment

Below is a list of the corresponding Test URLs. These URLs have Entrust certificates which you can use to confirm your integration.

Getting Help

Further information regarding this change can be found at:

Further Information Regarding Qvalent/Westpac Entrust SSL/TLS Certificate Change.

For QuickStream Customers using QuickGateway

Email quickstream@qvalent.com or phone the QuickStream helpdesk team on 1300 726 370 between 8.30 am to 5.30 pm (AEST), Monday to Friday.

For iLink Customers

Email ilink_support@qvalent.com or phone the iLink Helpdesk team on 1300 726 370 between 8.30 am to 5.30 pm (AEST), Monday to Friday.

For Westpac PayWay Customers

Email payway@qvalent.com or phone the PayWay Helpdesk team on 1300 727 111 between 8.30 am to 5.30 pm (AEST), Monday to Friday.

For St. George PayWay Customers

Email payway@qvalent.com or phone the PayWay Helpdesk team on 1300 395 501 between 8.30 am to 5.30 pm (AEST), Monday to Friday.

 

Disclaimer

These guidelines are general in nature and have been prepared without knowledge of the specific environment in which your systems operate. These guidelines are current at the time of writing but may require updates over time. Except where contrary to law, Westpac intends by this notice, to exclude liability for these guidelines and the information contained in them. While Westpac has made every effort to ensure these guidelines are free from error, Westpac does not warrant their accuracy, adequacy or completeness.

Things you should know: If you are located in Australia, this material is provided to you solely for your own use and in your capacity as a client of Westpac Banking Corporation ABN 33 007 457 141 AFSL 233714 (‘Westpac’). If you are located outside of Australia, this material is provided to you as outlined below.

This material contains general commentary only and does not constitute investment advice. Certain types of transactions, including those involving futures, options and high yield securities give rise to substantial risk and are not suitable for all investors. We recommend that you seek your own independent legal or financial advice before proceeding with any investment decision. Always refer to the disclosure documents for your selected product or service, including the Terms and Conditions or Product Disclosure Statement before deciding. This information has been prepared without taking account of your objectives, financial situation or needs. This material may contain material provided by third parties. While such material is published with the necessary permission none of Westpac or its related entities accepts any responsibility for the accuracy or completeness of any such material. Although we have made every effort to ensure the information is free from error, none of Westpac or its related entities warrants the accuracy, adequacy or completeness of the information, or otherwise endorse it in any way. Except where contrary to law, none of Westpac or its related entities intends by this notice to exclude liability for the information. The information is subject to change without notice and none of Westpac or its related entities is under any obligation to update the information or correct any inaccuracy which may become apparent at a later date. The information contained in this material does not constitute an offer, a solicitation of an offer, or an inducement to subscribe for, purchase or sell any financial instrument or to enter a legally binding contract. Past performance is not a reliable indicator of future performance. The forecasts given in this material are predictive in character. Whilst every effort has been taken to ensure that the assumptions on which the forecasts are based are reasonable, the forecasts may be affected by incorrect assumptions or by known or unknown risks and uncertainties. The ultimate outcomes may differ substantially from these forecasts.

Transactions involving carbon give rise to substantial risk (including regulatory risk) and are not suitable for all investors. We recommend that you seek your own independent legal or financial advice before proceeding with any investment decision. This information has been prepared without taking account of your objectives, financial situation or needs. Statements setting out a concise description of the characteristics of carbon units, Australian carbon credit units and eligible international emissions units (respectively) are available at http://www.cleanenergyregulator.gov.au , as mentioned in section 202 of the Clean Energy Act 2011, section 162 of the Carbon Credits (Carbon Farming Initiative) Act 2011 and section 61 of the Australian National Registry of Emissions Units Act 2011. You should consider each such statement in deciding whether to acquire, or to continue to hold, any carbon unit, Australian carbon credit unit or eligible international emissions unit.

 

The products and services described in this document are provided subject to local capabilities and are not available in all locations. Products and services are provided in accordance with appropriate local legislation and regulation.

New Zealand: In New Zealand Westpac Institutional Bank refers to the brand under which products and services are provided by either Westpac or Westpac New Zealand Limited (NZBN 942 903 432 4622) (WNZL). Any product or service made available by WNZL does not represent an offer from Westpac or any of its subsidiaries (other than WNZL). Neither Westpac nor its other subsidiaries guarantee or otherwise support the performance of WNZL in respect of any such product or service. WNZL is not an authorised deposit-taking institution for the purposes of Australian prudential standards. The current disclosure statements for the New Zealand branch of Westpac and WNZL can be obtained at the internet address http://www.westpac.co.nz . Both entities are registered banks in New Zealand under the Reserve Bank of New Zealand Act 1989.

U.K.: Westpac Banking Corporation is registered in the United Kingdom as a branch (branch number BR000106) and is authorised and regulated by the Australian Prudential Regulation Authority in Australia. WBC is authorised in the United Kingdom by the Prudential Regulation Authority (PRA). WBC is subject to regulation by the Financial Conduct Authority and limited regulation by the PRA in the United Kingdom. Details about the extent of our regulation by the PRA are available from us on request. Westpac Europe Limited is a company registered in England (number 05660032) and is authorised by the PRA and regulated by the Financial Conduct Authority and the PRA.

China, Hong Kong and Singapore: Westpac Singapore Branch holds a wholesale banking licence and is subject to supervision by the Monetary Authority of Singapore. Westpac Hong Kong Branch holds a banking licence and is subject to supervision by the Hong Kong Monetary Authority. Westpac Hong Kong branch also holds a licence issued by the Hong Kong Securities and Futures Commission (SFC) for Type 1 and Type 4 regulated activity. Westpac Shanghai and Beijing Branches hold banking licences and are subject to supervision by the China Banking and Insurance Regulatory Commission (CBIRC).

U.S.: Westpac operates in the United States of America as a federally licenced branch, regulated by the Office of Comptroller of the Currency. Westpac is also registered with the US Commodity Futures Trading Commission (CFTC) as a Swap Dealer, but is neither registered as, or affiliated with, a Futures Commission Merchant registered with the US CFTC. The services and products referenced in this material is not insured by the Federal deposit Insurance Corporation (FDIC). Westpac Capital Markets, LLC (WCM), a wholly-owned subsidiary of Westpac, is a broker-dealer registered under the U.S. Securities Exchange Act of 1934 (the Exchange Act) and member of the Financial Industry Regulatory Authority (FINRA).