On February 21, 2007 at 7:00 P.M. Pacific time, the Microsoft adCenter API production environment will receive updated Secure Sockets Layer (SSL) certificates. This maintenance will take approximately 1 hour. The maintenance is necessary because the existing production SSL certificates are set to expire on February 23, 2007.
We recommend that you do not run your adCenter API applications during the upgrade. After the upgrade, we believe that applications written in languages other than Java will not require any other action, but you should test your applications to make sure they work after the upgrade. There is no effect on the sandbox environment for this upgrade.
If you are using Java, you must take the following action AFTER the upgrade. First, download the updated production SSL certificate. The process for downloading the certificate depends on which type of Web browser you are using. These instructions are for Microsoft Internet Explorer 5.5 or later versions.
1) Open Internet Explorer and connect to
https://adcenterapi.microsoft.com/V3/administration/administration.asmx wsdl2) In Internet Explorer 6, double-click the lock icon in the status bar, or in Internet Explorer 7, click the lock icon and then click View Certificates.
3) Select the Certificate Path tab and make sure that the adcenterapi.microsoft.com certificate is selected.
4) Select the Details tab, and then click the Copy to File button.
5) In the Welcome to the Certificate Export Wizard, click Next.
6) Select either the DER or the Base-64 encoding scheme. Both choices are acceptable.
7) Type a name for the file, and then click Next. For example, use msft_adcenter_prod.cer for the file name.
8) Click Finish.
Notice that you do not have to import a certificate from every production Web Services Description Language (WSDL) file. The certificate from one production WSDL file will let you access any production WSDL file, as the production WSDL files use the same certificate.
As the adCenter SSL Certificate is not among the certificates included in the Java keystore, you have to manually register the adCenter SSL Certificate as a valid certificate using the keytool command. When you use the keytool command, you will be prompted for a password. The default cacerts keystore password is "changeit". However, check with your system administrator as the password may have been changed. For more information about the keytool tool, see
http://java.sun.com/j2se/1.5.0/docs/tooldocs/solaris/keytool.html.1) Open the directory where you saved your downloaded certificates.
2) Delete the existing Microsoft adCenter API production certificate from the Java key store. You can use the keytool command together with the -list verb to list the existing certificates. For example, after changing the path of the JRE cacerts file to match your system, run this command:
keytool -list -keystore %JavaHome%\jre\lib\security\cacerts
3) Within the list of certificates, locate the certificate you used for the adCenter production environment. After you identify the alias of that certificate, delete the certificate by using the keytool command and the -delete verb. The alias field should match the alias of the existing adCenter API production certificate in your Java key store.
keytool -delete -alias MSFT_old_cert -keystore %JavaHome%\jre\lib\security\cacerts
4) Import the new certificate by using the keytool command with the -import verb.
keytool -import -alias MSFT_adcenter -file msft_adcenter_prod.cer -keystore %JavaHome%\jre\lib\security\cacerts
Retest your Java application after taking these steps.
Thank you,
The Microsoft adCenter API Group