Since around 11:20 AM PST, I am unable to connect to the FIX API endpoint, getting: Failed handshake: x509: certificate signed by unknown authority. Seems to align with when you deploy changes. Please look into the issue.
It looks like the server certs changed to
-----BEGIN CERTIFICATE-----
MIIEbzCCA1egAwIBAgIQCwGFBb1JUCgjvcVW7UipJjANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAxMB4XDTIzMDIyMjAwMDAwMFoXDTIzMDQyOTIzNTk1OVowIjEg
MB4GA1UEAwwXKi5leGNoYW5nZS5jb2luYmFzZS5jb20wggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQC0NmyHi7dSQAE2LsjglfckyVycXULV0+94XVHg2Nqj
0z10t2aOCA7SsyOj9CyC8Up7wiQlZnxkZMJcz0hmem/pIJMLlYJKZoe69Zpc0Z2F
imfHu8e9xqYD19ifcvOIVUzU2ef35SrQWfWqLdYzCsIcSJ1G56MbbFi0KytG3q3g
wbXYH/Ai9a+ehAkQwu2mvdK193g0MWgo4mlw4KCCLfPCSCQ5LPr/zK4lL8jjO0me
JGm+KYaqogv/fZgoMtBlfOjjOxTIhhCY0JLV/7ifdET7+rbuKTNzB3gDo38HSFfw
8RDoh2S+Afu4CmaN9rsPcz8Oh5qn7rR6zI4MWnjOPz2BAgMBAAGjggGFMIIBgTAf
BgNVHSMEGDAWgBSBuA5jiokSGOX6OztQlZ/m5ZAThTAdBgNVHQ4EFgQU2aPLF2h4
x+OssJHcaX6yYZrkNDcwOQYDVR0RBDIwMIIXKi5leGNoYW5nZS5jb2luYmFzZS5j
b22CFWV4Y2hhbmdlLmNvaW5iYXNlLmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0l
BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6
Ly9jcmwucjJtMDEuYW1hem9udHJ1c3QuY29tL3IybTAxLmNybDATBgNVHSAEDDAK
MAgGBmeBDAECATB1BggrBgEFBQcBAQRpMGcwLQYIKwYBBQUHMAGGIWh0dHA6Ly9v
Y3NwLnIybTAxLmFtYXpvbnRydXN0LmNvbTA2BggrBgEFBQcwAoYqaHR0cDovL2Ny
dC5yMm0wMS5hbWF6b250cnVzdC5jb20vcjJtMDEuY2VyMAwGA1UdEwEB/wQCMAAw
DQYJKoZIhvcNAQELBQADggEBAEI6o14hozZd4TcRrSA23BWsZS8vxwH2z4KZwbNX
dAhlGdThPaPPdF290eMaR4VDkB7LyQmxILp+dcNbP1yrFg6YKjOTqernfiJ4h/Bx
BcmHj8g0ndRZHppDNgO2+TLvDmDivQ0ziBeVCNOdDXpVOwIqKTGdhC+QiUiqXcIT
vMd5hO8x+BEqCKpVzcq98dhpE3l5Mwy0eC1248gek8HlZjvDeyrj5bYuCXC8L5wC
dl1qxaD3Ey3eFKenaCCwF+HIMlC7XC9mj96egABfp5AC7AmKk35yQBVi7JV6Lyja
ucPBMASQd66PAStynSitmQgA2qMDgDpi7KN6YacuyMUeXmQ=
-----END CERTIFICATE-----
Which does not match what is published in the docs (Connectivity | Coinbase Cloud):
-----BEGIN CERTIFICATE-----
MIIEezCCA2OgAwIBAgIQB4BoKHs2w7hI3RLss1nw7DANBgkqhkiG9w0BAQsFADBG
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg
Q0EgMUIxDzANBgNVBAMTBkFtYXpvbjAeFw0yMjAzMzEwMDAwMDBaFw0yMzA0Mjky
MzU5NTlaMCIxIDAeBgNVBAMMFyouZXhjaGFuZ2UuY29pbmJhc2UuY29tMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnmFkdVt+0k/d+HkZaX/kgjtCU6Ts
5TePVbYCGOjT05ClT7GHu7fSzUjO/BNCkBItp5WwFRdOOkWV8Zeg2WSHpDBOZNJt
cXiQx6BSTRD/myjv0NBxVsKby9BbKmj8df3C1PehakUQPdsiP7DkviYUpXz+T4FQ
PAg8M6PXu7sT7Rfbc6gY49VyyRU6slcij/Xwn4WSVWK+GMYPlsu7M2Vp0rr+sCIZ
uLHh/23TNzlGiYzXgypoZ/F57AIi+ToeRvnLe++ZfIKP37uhNxYfYrr4c3wPBoGc
LIWgSNMK9/Oue6VUCG7AVioCy2yL0CEiTmvS4Eb2urbt3iDWI+6wySW9LwIDAQAB
o4IBhzCCAYMwHwYDVR0jBBgwFoAUWaRmBlKge5WSPKOUByeWdFv5PdAwHQYDVR0O
BBYEFOlcV+BjGTnleq713Nzl4UifIPZCMDkGA1UdEQQyMDCCFyouZXhjaGFuZ2Uu
Y29pbmJhc2UuY29tghVleGNoYW5nZS5jb2luYmFzZS5jb20wDgYDVR0PAQH/BAQD
AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA9BgNVHR8ENjA0MDKg
MKAuhixodHRwOi8vY3JsLnNjYTFiLmFtYXpvbnRydXN0LmNvbS9zY2ExYi0xLmNy
bDATBgNVHSAEDDAKMAgGBmeBDAECATB1BggrBgEFBQcBAQRpMGcwLQYIKwYBBQUH
MAGGIWh0dHA6Ly9vY3NwLnNjYTFiLmFtYXpvbnRydXN0LmNvbTA2BggrBgEFBQcw
AoYqaHR0cDovL2NydC5zY2ExYi5hbWF6b250cnVzdC5jb20vc2NhMWIuY3J0MAwG
A1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBADemhPMMlRRLMlnSvaVaaSCF
ncdehfDVg3Lmr2UjcMCq2MJxriz8elgu7M6TqVGwiRVrMb4j2kD+3EUc/+V+W1dE
uX8aEzxuV01MKTFEh4R/WihCKM2l0NCfg6O8jYmtKPE9gkHe+5hW4igsM90mK+hA
GlhH7hGSouHDjkwbvlN0yrNFJXaTZE8wHd1VTDtYmzTQXkn8hAR4muesAgEtc22W
B8vbLCt6ZOeoMH/SKh2vsAmWE/3DR7+TIh9Dm+54jEwuUID+nmETaacY2wDT1XU9
eWR4xJMa8QuK1sGuO3TgvYZPCyzAXoXCjR5mVYit8PteMVwfJnTm1nLc73rAiWA=
-----END CERTIFICATE-----
So is this an intended change you failed to communicate or is this something malicious?
Hello @ano334! Thank you for bringing this up to our attention. For the details regarding your concern, we will check on this for you with our team to ensure this is addressed accurately for you. We will get back to you once we have more information. Keep in touch!
1 Like
Can we please get a timely update? Thought coinbase exchange is an institutional grade product, but the fact that things like this got missed and no resolution for over a day is concerning. This must be breaking all FIX clients who properly do certificate validation following your own documentation.
Ok, just checked myself the doc is now updated to reflect the new cert. Wishing the upgrade was handled better…
Hello @ano334! We sincerely apologize for any inconvenience this may have caused you. We would like to acknowledge that yes, the documentation has been updated accordingly.
Thank you and have a great day! 
1 Like
Gotta be kidding me. The certificates changed again with today’s deployment. What is going on? Is there any quality control?
New certificate reported by server:
-----BEGIN CERTIFICATE-----
MIIEbzCCA1egAwIBAgIQD3CFWInE1GbbBWY6L0zEaDANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAxMB4XDTIzMDMwMTAwMDAwMFoXDTI0MDMyOTIzNTk1OVowIjEg
MB4GA1UEAwwXKi5leGNoYW5nZS5jb2luYmFzZS5jb20wggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQC2Psp2P8Ql2nQECmeuAtCkGRyRdbXAFvJUs+C2I2cf
0/cg+BC6R0cH7ao/Z5qapbgp0L93ILK6gb7QjXGjc3J4Oc1ZlnJr1Tzu5YdTcnFU
uxaAdHx6OVUPlXWxqvj1Jp5lheJeoHZRUI5kjUldYgC0aL6eVvMHNafmUfyEIjgX
q7dbuCRXVILJ+s15TB4rJRC2EIkH9dHKfEzRPg+Pm6i44myNozGYiteJw++FKOJO
bIczAgYQ9oLydqt2azKtEJgfgnRLm1pkdKoZ6a0EL3JdVbRcpLSM6nG3XaR/jFet
yJ2r0OjIsVr9W9caOJGYjZGQwXY2uMAyB6TP0BvHz1jHAgMBAAGjggGFMIIBgTAf
BgNVHSMEGDAWgBSBuA5jiokSGOX6OztQlZ/m5ZAThTAdBgNVHQ4EFgQU/q8EJe7O
aCJcMOkxT56gjDwxCjgwOQYDVR0RBDIwMIIXKi5leGNoYW5nZS5jb2luYmFzZS5j
b22CFWV4Y2hhbmdlLmNvaW5iYXNlLmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0l
BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6
Ly9jcmwucjJtMDEuYW1hem9udHJ1c3QuY29tL3IybTAxLmNybDATBgNVHSAEDDAK
MAgGBmeBDAECATB1BggrBgEFBQcBAQRpMGcwLQYIKwYBBQUHMAGGIWh0dHA6Ly9v
Y3NwLnIybTAxLmFtYXpvbnRydXN0LmNvbTA2BggrBgEFBQcwAoYqaHR0cDovL2Ny
dC5yMm0wMS5hbWF6b250cnVzdC5jb20vcjJtMDEuY2VyMAwGA1UdEwEB/wQCMAAw
DQYJKoZIhvcNAQELBQADggEBAF79VB4O8/Wt7eGOOZWmt7cBJnPimTCYsndubW6n
o+IjccwIDEa7LFjuR6n6WHywQY6L6NGSPlfun4c3QBXO/ghKO4hJ7ayOVN9uvJwb
OOhneNvOM0/IIM5YVQ8BRei4dBpRUCBdNYm9oYAaxl7Y8VovNFsYNl3jJWiH2bIN
Mz8D0LfnP5S7b1c5FKIXRh43CimA7n+6UPo+NcGF7ORavMLQO71k3xFpPcT8Oo5v
CBepuhEaEtgJ2FZLNMDQOSJrtRDjHTSqGtL48+TyY+QLzbFZIEffVftfjpB9p/xa
WD1uMHA21j0JxN7pjkYwZzXhmXLV2dKH6yNq0kDb6qizJC4=
-----END CERTIFICATE-----
At this point would you even recommend clients to validate the server certificate?
Hi @ano334! We apologize for the late response regarding this matter and for the inconvenience and frustration this may have caused you. It was confirmed with our internal team that a new certificate was issued again. Rest assured that Coinbase is working on updating the documentation and the changes made will be reflected soon.
Additionally, as stated here, it is indeed recommended for clients to validate the FIX server SSL certificate.
We hope for your understanding and patience.
1 Like