Standard PunchOut integrations through TradeCentric exchange data using Hypertext Transfer Protocol Secure (HTTPS). When an eCommerce platform or eProcurement system exchanges data with the TradeCentric platform, it verifies our TLS certificate to confirm that the HTTPS connection is secure. If your platform or your buyer's system doesn't trust our certificate, the punchout connection can fail.
TradeCentric maintains and updates TLS certificates for these domains:
- *.tradecentric.com
- *.punchout2go.com
This article provides details about updates to our TLS certificates.
Jump to:
Who is affected by updates?
Most trading partners aren't affected by TLS certificate updates because their eCommerce platforms or eProcurement systems automatically trust certificates issued by a public certificate authority. Generally, integrations are only affected if either side of the integration uses certificate validation settings that require manual updates.
Typically, cloud platforms such as Coupa, SAP Ariba, or Jaggaer don't require manual certificate updates. Some systems that more commonly require manual certificate updates are Oracle and Oracle-based systems, excluding Oracle Supplier Network. If your organization typically needs to install TLS certificates for HTTPS transactions, you most likely need to update our certificate too.
Contact the team that manages your certificates, such as system administrators or another technology team, for guidance.
Note: TradeCentric is unable to identify specific integrations that are affected by TLS certificate updates.
How often are updates?
Starting September 24, 2026, our TLS certificates will be updated automatically and more often to meet the Certification Authority Browser Forum's requirements. At this time, we'll no longer have a set schedule for TLS certificate updates.
Note: To receive notifications about TLS certificate updates, subscribe to the TLS Certificate Notifications component in our Status Page. To learn how to subscribe, reference our Using the TradeCentric Status Page to check for maintenance and incidents article.
Certificate downloads
You can download our current TLS certificates using the links below. Some systems require both the certificate file and intermediate certificates, so intermediate certificates are also provided.
-
*.tradecentric.com certificate: CRT file
- Certificate and intermediate certificates: ZIP file
- *.punchout2go.com certificate: CRT file
- Intermediate certificates for both domains: CRT file
- Certificate and intermediate certificates for both domains: ZIP file
How to update and test
If your organization is affected by TLS certificate updates and you need to update and test the new certificate, follow the steps below. These steps can also help you determine whether your organization is affected.
- From a pre-production environment, connect to our stage-connect.punchout2go.com endpoint using HTTPS. If the connection is successful, you don't need to update your certificate. If the request fails with a certificate or trust-related error, continue to the next step.
- Download the certificate using the links in the previous section.
- Update the certificate on your side. The steps vary by system and security settings.
- Repeat the HTTPS request to stage-connect.punchout2go.com. If the request fails again with a certificate or trust-related error, you or your trading partner may need to contact the administrator of your eCommerce platform or eProcurement system.