Important - TLS Leaf Certificate Renewal 2026

INFORMATION

Entrust Digital Card Solutions (DCS) regularly renews TLS certificates used to secure communications with the production environment (Both US & EU).

This article explains the permanent certificate renewal process, what customers should expect, and the recommended configuration to avoid any service impact during future renewals.

TLS leaf certificates are automatically renewed, with a new certificate generated at least one month before expiration. Certificate renewals are performed without service interruption.

The current leaf certificate is scheduled to expire on:
Friday, 24 July 2026

IMPACT

• Customers using the certification chain (recommended):
  ✅ No impact. No action is required when renewing a leaf certificate, but it is recommended that you verify it before the change.
  
  
• Customers pinning or explicitly trusting the leaf, or issuing certificate:
  ⚠️ Action is required. The intermediate or root certificate certificate must be trusted before the original leaf certificate expires to avoid TLS connection failures.
  
  

Entrust DCS strongly recommends using the certification chain rather than pinning the leaf certificate, as this prevents the need for updates during renewals.

ACTION REQUIRED

If your systems rely on the leaf or issuing certificate:

1. Ensure the new intermediate or root certificate (NOT Issuing or Leaf certificate) is trusted before the expiration date - 24 July 2026
2. Download the updated certificate once available from the documentation page:
   https://doc.antelop-solutions.com/latest/common/api/certificates.html#_tls_server_certificates

If you are unsure which validation method your integration uses, or if you require assistance:

• Please open a support ticket
• Our support team can confirm your configuration, provide the leaf certificate if needed, and assist with migrating to certification chain validation

Our team is available to assist with any questions or concerns.