Comptroller’s Mainframe SSL Certificate Changing
What
The secure sockets layer (SSL) certificate chain for the Comptroller’s production mainframe (mvs1.cpa.state.tx.us) will be changed due to expiration of previous Comodo CA certificates. This impacts anyone going to mvs1.cpa.state.tx.us using SSL, notably (but not exclusively) file transfer protocol secure (FTPS) transfers.
When
Sunday, April 5, 10 a.m.
You MUST add the new certificate before Sunday, April 5. Do not delete the current certificate.
The current certificate trust store will only work until April 5.
Required action
Customers logging in manually: On your first login after the change, you may see a dialog box saying the site has a new certificate. Select OK or Yes, depending on the application you use to connect, to accept the new certificate. You can then access the mainframe normally.
Customers using automation or scripting to deliver/retrieve files: Contact your agency security coordinator (ASC) and information technology team responsible for connectivity configuration. They will access the software component and configure the new certificate using the standard procedure for that system. Once this is done the first time, there is no need to do it again.
Download the new Sectigo certificate
The certificate is currently available for download. Details on downloading the SSL certificate have been provided to the ASCs.
Questions
Contact your ASC and technical team with questions about certificate/key installation and configuration. For additional help, contact the Comptroller’s office help desk at help.desk@cpa.texas.gov or (512) 463-HELP.