Akeneo PIM uses industry-standard TLS certificates to secure user connections and data in transit over HTTPS. This article is for developers and integration teams who need to configure their systems to trust Akeneo PIM's certificate chain — for example, when building custom integrations, configuring SSO, or setting up outbound webhooks that call back to Akeneo PIM.

TLS certificate lifecycle in Akeneo PIM

Akeneo PIM TLS certificates are managed by our cloud provider. Each certificate has a 90-day validity lifetime and is renewed every 60 days. This follows the industry shift toward shorter-lifetime certificates to improve security agility.

Certificate chain validation

The correct way to verify an Akeneo PIM TLS certificate is to validate the full certificate chain up to a trusted root, as described in the X.509 standard (RFC 5280).

Akeneo PIM certificates are signed by a Google Certificate Authority and validated by a Google Trust Services root certificate. Your system must trust the Google intermediate CA and the Google root certificate for connections to succeed.

Recommended trust anchors for Akeneo PIM

Trust the following certificates to establish a valid chain for Akeneo PIM connections:

Google intermediate CA — GTS CA 1D4 (valid until 2027-09-30)

Download the public key: - GTS CA 1D4 PEM - GTS CA 1D4 DER

The screenshot above shows the GTS CA 1D4 intermediate certificate details, including the issuer (GTS Root R1), subject, and validity period ending 2027-09-30.

Google root certificate — GTS Root R1 (valid until 2036-06-22)

Download the public key: - GTS Root R1 PEM - GTS Root R1 DER

The screenshot above shows the GTS Root R1 root certificate details, including the subject and validity period ending 2036-06-22.

The full Google PKI repository, including all current intermediate and root certificates, is available at https://pki.goog/repository/.