Certificate management and certificate pinning policy for Genesys Cloud

Genesys Cloud uses AWS Certificate Manager (ACM) to manage SSL/TLS certificates for our domains, including apps.mypurecloud.com. This article explains our certificate management policy and important considerations for integrations.

For more information, see AWS ACM best practices:

Important points

• Genesys Cloud does NOT support certificate pinning.
• Our certificates are automatically managed and rotated by AWS ACM.
• Certificate changes can occur at any time as part of normal security operations.
• Certificate pinning causes integrations to fail when certificates are rotated.

Why Genesys doesn’t support certificate pinning

• AWS ACM automatically manages and rotates certificates for security purposes.
• Certificate pinning contradicts AWS best practices.
• Industry trends are moving toward shorter certificate lifetimes (as short as 90 or even 34 days).

Recommendations for customers

• Do not implement certificate pinning in your integrations with Genesys Cloud.
• Rely on standard SSL/TLS trust chain validation instead.
• Remove any existing certificate pinning implementations.
• Update any integrations that currently use certificate pinning.