Caterpillar API Hosts Certificates Update - Spring 2024
Caterpillar has adopted a new security policy for rotating TLS certificate. Instead of rotating certificates once a year, we will rotate certs every 6 months. This has a few benefits:
- A new certificate can be shared months in advance without affecting the current certificate.
- The old certificate will have 6 months before it expires, allowing ample time to back out and re-implement if needed.
TIMELINE
- Non-production hosts will change on March 1, 2024
- Production hosts will change on April 1, 2024
The new certificate's hierarchy is the same as the current certificate. Typically, applications only save the root certificate into their app's trust store. If this is the case for your app, then no further action is required. The root certificate is available to download from DigiCert.
If your application has implemented certificate pinning then you must download and install the new leaf certificates and save them in your app's trust store. Make sure to load the new certificate in addition to the already installed certificates. Do not replace the already installed certificates until after they have expired. After downloading these files, rename them and remove the ".txt" extension.
Note: Certificate pinning is not recommended due to reasons mentioned here.
Non-Production Hosts
SUBJECT NAME: API-DEV.CAT.COM
- api-dev.cat.com
- api-qa.cat.com
- api-int.cat.com
- api-stage.cat.com
- api-performance.cat.com
- apidev.catdevservices.com
- apiqa.catdevservices.com
- apistage.catdevservices.com
- apiperformance.catdevservices.com
- services-dev.cat.com
- services-int.cat.com
- services-qa.cat.com
- services-perf.cat.com
- services-stg.cat.com
- services-performance.cat.com
SUBJECT NAME: API.CAT.COM
- api-sandbox.cat.com
- apisandbox.catdevservices.com
- services-sandbox.cat.com
Production Hosts
SUBJECT NAME: API.CAT.COM
- api.cat.com
- api.catdevservices.com
- services.cat.com