Back to overview
Maintenance

SSL Certificate Renewal and Endpoint Migration Plan for *.firmacerta.it

May 5, 2026 at 8:00pm UTC  –  May 5, 2026 at 10:00pm UTC
Affected services
CA services
SWS Saas
SWS Legacy

Maintenance
May 5, 2026 at 8:00pm UTC

Dear Customer,

As part of our ongoing commitment to infrastructure security and maintenance, we are informing you that an SSL certificate update for the *.firmacerta.it endpoints will take place on May 5, between 10:00 PM and 12:00 AM (CEST).

Why this update is significant

This update is required due to the upcoming expiration of the current certificate. Please note that this will be the final certificate renewal for this domain.

The *.firmacerta.it domain is scheduled for permanent decommissioning on October 31, 2026. We strongly recommend using this maintenance window to plan your migration to our new endpoints, which offer identical functionality and are already fully operational:

  • Production: *.namirialtsp.com
  • Testing: *.test.namirialtsp.com

Technical Details and Impact (Certificate Pinning)

The new certificate will be issued by a different Certification Authority (CA). The new reference Root CA is:

Amazon Root CA 1: Download PEM

Please Note: Since server-side monitoring cannot detect whether a client implementation uses "certificate pinning," it is essential that your technical teams review your current integrations.

What does your technical team need to do?

  • Standard Integrations: If your applications rely on the standard operating system or TLS library trust store, no action is required.
  • Certificate Pinning: If your system uses pinning mechanisms, you must update your configurations to align with the new Root CA.
  • Best Practice: Following official Amazon guidelines, pinning should be configured exclusively on the Root CA rather than Intermediate CAs to avoid disruptions caused by dynamic intermediate rotation (further details here).

How to check if you are using Pinning

Check your application code or client-side configurations for:
1. Specific fingerprints or public keys associated with *.firmacerta.it.
2. Custom trust stores that explicitly restrict accepted Certification Authorities.
3. Application-level TLS validation or pinning logic.

Service Continuity

This activity is planned to ensure maximum infrastructure security. No service interruptions or downtime are expected during the maintenance window.

Be advised that the new *.namirialtsp.com endpoints already utilize the same Root CA mentioned above, making the final transition seamless once your systems are updated.

Our support team remains available through our standard assistance channels for any further information or technical needs.