cancel
Showing results for 
Search instead for 
Did you mean: 

Authorize.net has updated their SSL certificates

Today we had to update the authorize.net SSL certificates on our server to re-enable secure communications.

 

They have updated their SSL certs. We found 3 certs which we updated to make sure the chain was recognized by our server.

 

Depending on your server type, this procedure will be different.

 

We are using ColdFusion 9 and had to add the certs to our java cert store.

 

We followed these directions to resolve our issue:

 

http://stackoverflow.com/questions/20469194/coldfusion-https-connection-failure

 

Why cant autoroize.net just post that they changed the certs?

 

I had this same issue with another vendor and they kept telling me they made no changes.

 

Server admins really need to learn how to communicate with their tech support people!

 

Grrrrr!!!

 

Hope this helps...

 

Steve Stout

Kagan Publishing

stoutman
Member
30 REPLIES 30

Thanks so much as this is making us crazy.....and that makes 100% sense.

 

I can browse to any other https: site on my server except the transact.dll site.

Ok so i just tried that link you gave me and I get page cannot be displayed. so i'm guessing this is also the issue?

the wierd thing is the other windows 2003 servers work.

Are they running IIS 6?

 

BTW, I ran Security Updates on my Windows 2003 server as well, hoping that would help. It didn't.

Im still in the same boat....any help's appreciated.

It is not so much that the SSL certificates have been updated, but if the header has enabled GZIP Authirize.Net returns a GZIP file. I ran into this myself. 

Try This:

 

Set objhttp = Server.CreateObject("Msxml2.ServerXMLHTTP")

objhttp.open "post", "https://secure.authorize.net/gateway/transact.dll"

objhttp.setRequestHeader "Content-Type", "text/XML; charset=UTF-8"

objhttp.send strrequest

 

 

Your Code:

Set objhttp = Server.CreateObject("Msxml2.ServerXMLHTTP")

objhttp.open "post", "https://secure.authorize.net/gateway/transact.dll", false
objhttp.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"

objhttp.setRequestHeader "Accept-Encoding", "gzip, deflate, sdch"
objhttp.setRequestHeader "Content-Length", len(strrequest)

objhttp.send strrequest

 

Good Luck.

Hi All,

 

This may be unrelated, but since the cert update on 7/24, all of my previously functioning sites using the AIM gateway started failing with a 403 error. I finally resolved the issue today by changing the verb "Post" to "POST" in the http request open() call. No further changes were necessary and I was able to remove all the Request Header stuff that I'd been unsuccessfully trying out.

 

Greg.

Well, in my case, I see the opposite : Authorize.net have NOT updated their (still valid, but not most up to date) certificate. I refer to the certificate seen at https://secure.authorize.net/gateway/transact.dll . If we visit this URL and inspect the certificate, we can see that it is signed by the intermediary certificate with CN = Entrust Certification Authority - L1E , valid to 10 décembre 2019 17:25:43. However, if you visit the Untrust site https://validev.entrust.net/, you see that their intermediary cert with the same CN is valid until 11 novembre 2021 23:00:59 - so it is a more recent version. These two intermediary certificates do not share the same root certificate. In my case, a problem occured because the standard list http://curl.haxx.se/ca/cacert.pem used by CURL did not contain the root certificate for the previous version of the certificates. It contained only the root certificate for the new version. When I added the root certificate for the old version manually in the file, the problem was solved. In http://stackoverflow.com/questions/29103613/how-comes-authorize-net-uses-a-certificate-that-is-signe... I try to understand what exactly went wrong. Should have the new certificate worked as a replacement of the previous certificate? Should have the list contained both root certificates? Should have Authorize.net updated its certificate so that it matches with the more up to date CA bundle?

dominic108
Member

Hi   For those of you who are having problems connecting to Authorize.Net via ColdFusion (Windows 2008R2) due to their recent Certificate change here is the FIX:

 

1 -  Go to the AuthorizeNet blog and download all the new Certificates.  HERE:

http://community.developer.authorize.net/t5/The-Authorize-Net-Developer-Blog/Production-Certificate-...

Place these in a folder on your ColdFusion server

 

2 -  Find and BACK UP your cacerts file:

The default truststore is the JRE's cacerts file. This file is typically located in the following places:

  • Server Configuration:

    cf_root/runtime/jre/lib/security/cacerts

  • Multiserver/J2EE on JRun 4 Configuration:

    jrun_root/jre/lib/security/cacerts

  • Sun JDK installation:

    jdk_root/jre/lib/security/cacerts

  • Consult documentation for other J2EE application servers and JVMs

 

3 -  Download Keystore Explorer  Here:  http://keystore-explorer.sourceforge.net/   install it ... you may have to upgrade your security to unlimited ... follow the instructions provided during install.

 

4 - OPEN your cacerts  file in Keystore Explorer 

 

5 - Import each of the new Certificates in to the cacerts keystore TOOLS>IMPORT TRUSED CERTIFICATE

 

6 - SAVE the cacerts file

 

7 - REBOOT THE SERVER

 

8  -  TO TEST:   create a SSLTEST.cfm  file:    Open a Notepad file and  enter:   

<cfhttp url="https://secure.authorize.net/gateway/transact.dll" method="GET" port="443">
<cfdump var="#cfhttp#">

SAVE in a WEBSPACE so you can run this from a browser.

 

9 - Browse to this file  SSLTEST.CFM  you should get something like this returned if successful

struct

Charset[empty string]
ErrorDetail[empty string]
Filecontent<HTML><BODY><H3>The following errors have occurred.</H3>(13) The merchant login ID or password is invalid or the account is inactive.<BR></BODY></HTML>
HeaderHTTP/1.1 200 OK Connection: close Expires: Tue, 01 Jan 1980 00:00:00 GMT Date: Sat, 30 May 2015 14:43:53 GMT Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET Vary: Accept-Encoding Cache-Control: private, must-revalidate, max-age=0 Content-Type: text/html
Mimetypetext/html
Responseheaderstruct
Cache-Controlprivate, must-revalidate, max-age=0
Connectionclose
Content-Typetext/html
DateSat, 30 May 2015 14:43:53 GMT
ExpiresTue, 01 Jan 1980 00:00:00 GMT
ExplanationOK
Http_VersionHTTP/1.1
ServerMicrosoft-IIS/7.5
Status_Code200
VaryAccept-Encoding
X-Powered-ByASP.NET
Statuscode200 OK
TextYES

 

 

Thats the fix

 

Elliott Kayne

OnlineCorp.com

 

:smileyhappy:

 

onlinecorp
Member

Since May 27( the upgrade to SHA-2). The shopping cart on our website has not been working. I am unsure how to upgrade to SHA-2. Do I upgrade to SHA-2 and then install the certificates, or can I just update the certificates. Is there a a companys that could upgrade it for me. I am using coldfusion 8. We don't have a developer at this time to update this and my host won't update it. 

kvillcheck
Member