From time to time, Workiva rotates our TLS certificates so anyone working in the Workiva platform has the most secure experience possible. Most networks are configured to automatically accept our most up-to-date TLS certificate. When this best practice is followed, users have a seamless experience without interruption when certificates are rotated.
While we discourage IT groups pinning to our TLS certificate fingerprint, some choose to do so. If your network configuration pins to the certificate fingerprint, once we rotate TLS certificates, it’s very likely you won’t be able to access the Workiva platform. Your IT group will need to point to the new certificate to get you back in. It’s all very technical, but our best practices are outlined in the IT network setup guide.
If you have trouble accessing the Workiva platform—for example, if you see a message that says something like: “This site can’t be reached” or “Can’t connect securely to this page”— it’s possible you need help from your IT group. Contact your IT team and let them know:
I think Workiva has recently updated their TLS certificates and my screen says the site can’t be reached. Will you check to see if we are configured to accept the most up-to-date certificate?
This is a great place to start, but it's possible something else could be causing a problem. Always feel free to check the Workiva Status Page for updates about ongoing issues or maintenance. You may also contact Workiva Support at firstname.lastname@example.org, 1-800-706-6526, or one of our international toll-free numbers for immediate assistance.
Why does Workiva update TLS certificates?
Rotating TLS certificates is common for web applications, and it’s one of many important industry standards we use to keep the Workiva platform secure.