Candex SSL/TLS Certificate Information

Overview

Candex maintains strict security standards for all data in transit. This page provides technical details regarding our current public-facing SSL/TLS configuration, active certificates, and connectivity requirements.

Note: Future certificate renewals and security updates will be published on this page. We recommend IT and Network Security teams bookmark this resource for the latest connectivity specifications.

Applicable Endpoints

The configuration and certificates described below apply to the following public endpoints:

  • Production: www.candex.com

  • Staging: stg.candex.com

Current Certificate Details

Our public endpoints currently use certificates issued by the DigiCert hierarchy.

  • Common Name: *.CANDEX.COM

  • Root Authority: DigiCert Global Root G2

  • Intermediate Authority: RapidSSL TLS RSA CA G1

  • Valid Until: May 15, 2026

Connectivity Requirements & Cipher Suites

Candex enforces strict transport layer security. To ensure successful connectivity to our endpoints, client applications must support TLS 1.2 or higher.

Supported Configuration:

  • Protocol: TLS 1.2, TLS 1.3

  • Strong Ciphers Only: We have disabled older, insecure cipher suites (including weak TLS_RSA_* and CBC mode ciphers) to align with industry best practices.

For a real-time analysis of our SSL configuration, please refer to the Qualys SSL Labs Report.

Certificate Downloads

If your organization utilizes certificate pinning or maintains a manual trust store, you may need to import the certificates below.

as individual Certificates:

Certificate Type Common Name Download
Server Certificate *.CANDEX.COM PEM
Intermediate CA RapidSSL TLS RSA CA G1 PEM
Root CA DigiCert Global Root G2 PEM

Future Updates

We recommend following this page for updates on our SSL certificates

Did this resolve the issue?
Have more questions? Submit a request