Pendo CNAME configurations created before March 2023 use network infrastructure that’s now considered insecure. To improve security and future maintainability, customers using this legacy configuration must add new DNS validation records so that Pendo can migrate you to an updated system.
Why this migration is required
Pendo’s legacy CNAME infrastructure supports outdated encryption protocols (TLS versions 1.0 through 1.2) and cipher suites with known security vulnerabilities. Because we can’t selectively deactivate insecure ciphers on this infrastructure, we’re migrating all customers to a more secure and configurable system that supports modern TLS standards.
How to migrate
To migrate, you must create new DNS validation records. These records allow Pendo's cloud provider to generate SSL certificates for your domain on our updated, secure infrastructure. The validation records differ between legacy and modern infrastructure, so your existing records can't be reused.
Follow these steps to complete the migration:
- Review the instructions. You'll receive detailed migration instructions through an in-app guide in Pendo, an automated email from Pendo, or direct outreach from your Pendo account representative.
- Add DNS validation records. Ask your IT administrator to add the new DNS validation records to your DNS zone for each existing data host and content host.
- Don’t remove existing records. Keep existing DNS records in place until the migration is complete.
Within 24 hours after adding the new DNS records, Pendo will automatically detect the records, generate new SSL certificates on the updated infrastructure, and then migrate your CNAME configurations.
This migration process is automated, won’t cause downtime, and doesn’t require changes to your existing Pendo install script, CSP rules, or other settings.
If you have further questions about this migration process, contact Pendo Support.