Understanding Yext's Certificate Authority Transition: What You Need to Know

1

Earlier today, an email was sent out announcing that Yext is transitioning from DigiCert to Google Trust as our primary certificate authority, after December 4th, 2023. The vast majority of clients will not need to take any action. However, clients with specific security setups should review their systems. In this case, this could impact Yext API endpoints, including the Content API, Management API, and Knowledge Tags and the Yext Platform.

Below are a few FAQ’s on the subject:

Q: Am I Likely to Be Impacted?

Almost no one will be impacted by this change. Customers in industries with tightened security requirements such as Financial Services that explicitly do certificate pinning are more likely to be impacted.

Q. How do I determine if I am impacted?

If you’re unsure whether your systems use certificate pinning or rely on specific certificates, check with your technical team. Ask them if Yext’s current certificates within your application are being pinned.

They are able to test this by visiting the following domains:

Q. What if I am a user of the platform but do not use Yext APIs or the Yext Pages product?

You will also need to check with your IT team to see how your login to yext.com is configured. Again, most customers will not be impacted by this change.

In order to test this, you can attempt to access these two endpoints in your browser:

If these two links work, then you should be good to go!

Q. What do I do if I am impacted by this change?

If you are pinning our current certificates within your application, we recommend that you remove the pin to prevent any disruption in service. If this is not an option for you, ensure that your application is able to support the updated root certificates as provided in Google’s instructions here prior to the December 4th cutover.

Feel free to respond to this post if you have additional questions.