Server to Server Certificate Change in Non-production Jan 2025
- Daniel Brandon
- Grant Donnelly
IMPORTANT: The security of your data and the data of your customers is critically important to us. We are continually reviewing and implementing greater technology security measures to ensure your data is protected.
From the 14th of January 2025, we will implement new security infrastructure to further protect your data and ensure the availability of the Westpac/Qvalent services.
On this page
What are the changes?
As part of continuous security improvements, the following non-production URLs will have the SSL/TLS certificates replaced:
URL | Product(s) |
|---|---|
https://ws.support.qvalent.com | QuickSuper API SOAP Services QuickStream QuickWeb Secure Token Request QuickStream QuickConnect Secure Token Request iLink SOAP and HTTPS file transfer |
https://ccapi.client.support.qvalent.com | QuickStream - QuickGateway PayWay Classic API |
When will this change take place?
The change will be implemented on Wednesday, 23rd January 2025 and will involve replacing the existing certificates for these URLs that were issued by Entrust with new certificates issued by Digicert. If you experience any issues connecting to the support environments post these changes, please contact the Qvalent Help Desk directly.
Why is Westpac making this change?
In 2024, Google advised that Chrome would not trust certificates issued by Entrust after 11 November, 2024 - see Sustaining Digital Certificate Security - Entrust Certificate Distrust . This announcement was subsequently mirrored by Mozilla and other service providers. As part of our continuous security improvements, we issued a new certificate in non-production only after this date and therefore it was issued under a new provider (Digicert).
How does this change affect my application?
When your application connects to one of the above URLs, it validates the certificate issued to these hosts comes from a trusted certificate authority.
If you do not have the new Digicert root certificate authority hosts in your repository, then your application will not trust the Qvalent host. If this happens, your application will not connect to our web service.
What certificates are being changed?
Qvalent will begin to issue server certificates for the above hosts from the following Root and Intermediate Certificates:
Root certificate
Common Name (CN) | DigiCert Global Root G2 |
Valid Until | 15 JAN 2038 |
Thumbprint | df 3c 24 f9 bf d6 66 76 1b 26 80 73 fe 06 d1 cc 8d 4f 82 a4 |
Available from Digicert at |
Intermediate Certificate
Common Name (CN) | DigiCert EV RSA CA G2 |
Issued By | DigiCert Global Root G2 |
Valid Until | 02 JULY 2030 |
Thumbprint | 09 0a 16 f9 ba 16 00 1b 2e c1 30 f8 05 23 e5 b5 eb 25 91 58 |
Available from Entrust at |
What must I do?
Read this detailed change advice and ensure it reaches all application owners which connect to Qvalent services to investigate the impact of this change.
Identify all applications which interact with these URLs and take action to prepare for this change.
Validate preparedness of applications and systems for this change by ensuring all systems have the Digicert Root CA in their application’s trust store.
This procedure varies depending on your application technology.
Perform testing with your application and the non-production URLs to ensure any changes are successful.
Getting Help
Further information regarding this change can be found at:
For QuickStream Customers using QuickGateway
Email quickstream@qvalent.com or phone the QuickStream Helpdesk team on 1300 726 370 between 8.30 am to 5.30 pm (AEST), Monday to Friday.
For iLink Customers
Email ilink_support@qvalent.com or phone the iLink Helpdesk team on 1300 726 370 between 8.30 am to 5.30 pm (AEST), Monday to Friday.
For Westpac PayWay Customers
Email payway@qvalent.com or phone the PayWay Helpdesk team on 1300 727 111 between 8.30 am to 5.30 pm (AEST), Monday to Friday.
For St. George PayWay Customers
Email payway@qvalent.com or phone the PayWay Helpdesk team on 1300 395 501 between 8.30 am to 5.30 pm (AEST), Monday to Friday.