Guidelines for SSL Certificate Rotation
Technical guide for updating Razorpay SSL certificates. Steps for SSL pinning, certificate whitelisting and trust store updates to ensure uninterrupted payment processing.
Razorpay is rotating its SSL certificates as part of regular security maintenance to ensure continued secure communication between your applications and Razorpay's services. SSL certificate rotation is a standard security practice that involves replacing expiring certificates with new ones to maintain uninterrupted encrypted connections.
Given below are the technical steps required to update SSL certificates for Razorpay integrations.
Before proceeding, determine if your application uses:
- SSL certificate pinning
- Certificate whitelisting
- Custom certificate trust stores
If you have never manually updated Razorpay certificates in your applications or servers, no action is required as your systems will automatically update certificates.
No Action Needed for Third-Party Platform Users
If you use a third-party platform (WooCommerce, Magento, CS Cart, OpenCart, Shopify, WHMCS, Arastta, Prestashop, WordPress, Easy Digital Downloads, WIX, BigCommerce or Drupal Commerce), you are not required to take any action. The platform handles SSL management. Read
and for more details.If your application has pinned the Razorpay certificate, you must pin the
in addition to the current one.If you have a certificate trust store in the server environment that is not configured to auto-update certificates, you must ensure that the certificate trust store contains the
.Refer to this
to learn how to update trust stores in different environments.If you encounter any difficulties during the process, our support team is here to help:
- Log in to the Dashboard.
- Navigate to the Help & Support section at the bottom right.
- Raise a ticket under the Technical Assistance category to contact our tech support team.
You are not required to take action if you have never manually updated our certificate in your applications or servers. Your systems will automatically update the certificate without any intervention.
You can test connectivity using the endpoint below, which has been updated with our latest certificate: https://api-ssl-test.razorpay.com
Watch Out!
This is only a test domain and should not be used in production environments.
If you are a new user and have ever updated our certificate on any of your applications or systems manually, you will be required to update it before November 24, 2025, 10:00 PM IST, to avoid impact on your payment system. Visit the
to download the new certificate. Use the X10.pem & Chain Valid From Oct 9th, 2025, Expiry Nov 10th, 2026.4. How do I check whether I am using a third-party platform such as WooCommerce, Magento, CS Cart, OpenCart, Shopify, WHMCS, Arastta, Prestashop, WordPress, Easy Digital Downloads, WIX, BigCommerce or Drupal Commerce?
If you are unsure about your integration setup, check if you use a custom admin panel provided by these third-party platforms to add stocks, offers or perform other tasks. If yes, you are using a third-party platform.
If you use a third-party platform (WooCommerce, Magento, CS Cart, OpenCart, Shopify, WHMCS, Arastta, Prestashop, WordPress, Easy Digital Downloads, WIX, BigCommerce or Drupal Commerce), you are not required to take any action. The platform handles SSL management.
Was this page helpful?