Databricks Community

Om_Jha · ‎01-30-2026

Overview
To enhance security and reliability, Databricks is updating the trusted TLS Certificate Authorities (CAs) that issue certificates for our public-facing websites and API endpoints. This change ensures continued compliance with industry best practices and improved resilience.

New Certificate Authorities - Databricks certificates are being migrated to the following trusted CAs:

Let’s Encrypt
Google Trust Services
AWS Certificate Manager
DigiCert

Who Is Not Impacted
If you use any supported browsers, or a client that already trusts the root and intermediate certificates from all of the CAs listed above, you do not need to take any action.

To confirm, you can test your client connectivity using the links below. If your client connects without errors, you are not impacted. If you see messages such as “Your connection is not private” or “certificate verify error”, your client does not trust one or more of the new CAs and you will need to update your configuration.


Certificate Authority	Test URL
Let’s Encrypt	https://www.delta-sharing.westus.azuredatabricks.net/
Google Trust Service	https://help.databricks.com/s/
AWS Certificate Manager	https://community.databricks.com/
DigiCert	https://nvirginia.cloud.databricks.com/login.html

Timeline - The update will begin rolling out gradually starting March 15, 2026.

If your clients don’t trust all the Certificate Authorities listed above or are set to use only one, please update them to trust the root and intermediate certificates from all providers. This will help make sure your connections to Databricks continue to work without any interruptions.

Need help? If you have any questions about verifying or updating your client certificates, contact your Databricks account team or reach out to help@databricks.com.

LeoQ · ‎02-13-2026

Use the following snippet to test your Java connection:

import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import java.net.Socket;
import java.security.cert.X509Certificate;

public class SslTest {

    public static void testConnection(String hostname) {
        int port = 443;
        Socket sock = null;
        SSLSocket sslSock = null;

        try {
            SSLContext context = SSLContext.getDefault();
            SSLSocketFactory factory = context.getSocketFactory();

            sock = new Socket(hostname, port);
            sslSock = (SSLSocket) factory.createSocket(sock, hostname, port, true);

            sslSock.startHandshake();

            X509Certificate cert = (X509Certificate)
                    sslSock.getSession().getPeerCertificates()[0];

            String subject = cert.getSubjectDN().getName();
            String issuer = cert.getIssuerDN().getName();

            System.out.println("[" + hostname + "]");
            System.out.println("  Successful connection");
            System.out.println("  Subject: " + subject);
            System.out.println("  Issuer : " + issuer);
            System.out.println();

        } catch (Exception e) {
            System.out.println("[" + hostname + "]");
            System.out.println("  Failed to connect: " + e.getMessage());
            System.out.println();
        } finally {
            try {
                if (sslSock != null) sslSock.close();
                if (sock != null) sock.close();
            } catch (Exception ignored) {
            }
        }
    }

    public static void main(String[] args) {
        testConnection("www.delta-sharing.westus.azuredatabricks.net");
        testConnection("help.databricks.com");
        testConnection("community.databricks.com");
        testConnection("customer-academy.databricks.com");
    }
}

LeoQ · ‎02-17-2026

Use the following snippet to test your Python environment:

import ssl, socket
def test_connection(hostname):
  port = 443
  context = ssl.create_default_context()

  try:
      with socket.create_connection((hostname, port)) as sock:
          with context.wrap_socket(sock, server_hostname=hostname) as ssock:
              cert = ssock.getpeercert()
              print("Successful connection with certificate:", cert['subject'], 'Issuer:', cert['issuer'])
  except Exception as error:
      print(f"Failed to connect: {error}")

test_connection('www.delta-sharing.westus.azuredatabricks.net')
test_connection('help.databricks.com')
test_connection('community.databricks.com')
test_connection('customer-academy.databricks.com')

LeoQ · ‎02-17-2026

Use the following snippet to test your Scala environment:

import javax.net.ssl.{SSLContext, SSLSocket, SSLSocketFactory}
import java.net.Socket
import java.security.cert.X509Certificate

def testConnection(hostname: String): Unit = {
  val port = 443
  val context = SSLContext.getDefault
  val factory = context.getSocketFactory

  try {
    val sock = new Socket(hostname, port)
    val ssock = factory.createSocket(sock, hostname, port, true).asInstanceOf[SSLSocket]
    ssock.startHandshake()
    val cert = ssock.getSession.getPeerCertificates.head.asInstanceOf[X509Certificate]
    val subject = cert.getSubjectDN.getName
    val issuer = cert.getIssuerDN.getName
    println(s"Successful connection with certificate: Subject: $subject, Issuer: $issuer")
    ssock.close()
    sock.close()
  } catch {
    case e: Exception => println(s"Failed to connect: ${e.getMessage}")
  }
}
testConnection("www.delta-sharing.westus.azuredatabricks.net")
testConnection("help.databricks.com")
testConnection("community.databricks.com")
testConnection("customer-academy.databricks.com")

Databricks Community

Action Required: Databricks Is Updating the TLS Certificate Authority for Public Certificates

Solution Accelerator Series | Analyze Customer Lifetime Value

🌟 Community Pulse: Your Weekly Roundup! April 06 – 12, 2026

Database Branching in Postgres: Git-Style Workflows with Databricks Lakebase

Agent Bricks | A Pilot to Production Series 🚀

How agentic software development will change databases