06-06-2011 09:48 AM
We have recently updated our SSL certificates. If anyone has any issues with authenticating with our API, please check to see if you have the most recent cert files if you are trying to do a secure handshake.
If you are using Java and are running into this issue, here are steps you can take to resolve it:
- Upgrade your Java SDK. Depending on which version you have, the upgrade may pull in a new root certificate from Global Trust (our cert authority), which would then allow your application to correctly find a cert path to api.constantcontact.com. If this doesn’t work, try the next option.
- Directly install the cert for api.constantcontact.com into your TrustStore.
If you are not using Java, and are still running into this same issue, to correct the issue, you will still need to get the new SSL certificates; however, the steps might vary depending on your programming language and operating system.
If you are still running into any problems please feel free to contact us and we can try to help you through this. However, please note that this needs to be resolved by updating cert files on your end, and not something that can be fixed in your code.
09-09-2011 02:58 PM
Hi Benjamin! Sorry to bother you, but can you tell me how to get the new cert for api.constantcontact.com so that I can put in my TrustStore?
I'm a virtual assistant and use CC for several clients, so could you email me directly with your reply? email@example.com
Thank you so much
Terri (assistant to Freddy Clarke
09-09-2011 06:45 PM
That is a great question and I would definately make sure that you have the most recent SDK. I will need to look into this further for you and give you a more solid answer. In the mean time please let me know if you have any other questions.
04-10-2012 01:19 PM
When I log into Constant Contact to view Email/Social Campaigns my browser tells me that the SSL is verified by GlobalSign nv-sa, not Global Trust. Are different CA certs used for different parts of the site? Is there a different CA cert for https://ui.constantcontact.com vs https://API.constantcontact.com? When I access api.constantcontact.com and the browser displays the list of contacts the browser says the website is not encrypted even though HTTPS is present in the URL string.
04-10-2012 02:07 PM
All of our certificates for all of our properties are published through GlobalSign. They regularly publish the most updated certificates to be used by certificate validation services and caching services throughout the internet. It is possible that you have something locally cached on your machine that is not the most recently published certificate and the signing may not match because of that.
Senior Product Manager, Constant Contact