eBay Changing Certificate Authority From Digicert to Sectigo

eBay has apparently just notified users enrolled in the eBay Developer program today that they have extended the date of the planned Certificate Authority switch from Digicert to Sectigo to April 30, 2022.

This change will impact all HTTPS connections and developers are required to test the Sectigo CA authority in Sandbox prior to the change.

According to this email, the original notice of these changes had put the effective date at January 31, 2022. It's not clear why there was a change and oddly, according to the Internet Archive, there was no notice posted on the main developer's page before February 9th - at that time it only showed the April 30th date, no mention of a previous notice.

Here's what is currently showing on the dev page, with notices about the CA as well as presumably now outdated notices about updating TLS version for API calls and enforcement of marketplace account deletion requirements.

eBay is switching the certificate authority (CA) used for public certificates from DigiCert to Sectigo. The switch over will happen on April 30, after which all connections to eBay APIs using the older certificates will be rejected. Please refer to this KB article for more information about the steps you can take based on your use case.

Starting January 25th all API calls with TLS version <1.2 will fail. Please make sure your application is migrated to use TLS 1.2 or higher.

Starting September 15, 2021 eBay Developers Program will begin to enforce our requirements related to: Marketplace account deletion/closure. Please make sure to take necessary action to comply by following the guidelines outlined here. Non compliance may result in the deactivation of your keyset(s).