[Important] Stripe TLS certificate changes

[Alwin Mathew]

Hi everyone,

Stripe is renewing the TLS certificate for *.stripe.com during the last week of August 2022. As part of this change, the intermediate CA certificate will change. Stripe will be rolling out the new certificate in phases starting from August 24, 2022 to September 1, 2022. For more information about TLS certificates, please visit the docs page.

What does this mean for me?

If you are a business owner who uses Stripe’s official client libraries to interact with Stripe systems, or if you’re not using certificate pinning, this change will not impact you and there is no action required on your part.

If you are using certificate pinning, it will impact your ability to connect to and authenticate a number of stripe.com subdomains, including:

• connect.stripe.com

• uploads.stripe.com

• hooks.stripe.com

How can I tell if I’m using certificate pinning?

Most businesses do not use certificate pinning. Setting it up requires extra work on your end – most likely completed by your security, networking, or operations team – so if you’re in any doubt, we recommend checking with them.

What should I do if I’m using certificate pinning?

We recommend against certificate pinning going forward in order to avoid future complications. If you must use certificate pinning for some reason, we request you to update your certificates immediately to give yourself enough time to test thoroughly and perform a safe and non-disruptive change to your integration with Stripe.

If you need any help making this change, or if you have any questions about our security certificates in general, you can contact us at any time from our support site.

— The Stripe team