cancel
Showing results for 
Search instead for 
Did you mean: 

Relay Response not getting hit. SHA2 certificates and Authorize.net suspect

Does anyone know if Authorize.net accepts the newer SHA2 encryption? Our production servers which use this type of certificate do not receive the RelayResponse.

 

We found an article on SHA2 encryption issues with WIN2003 servers KB968730. We know Authorize.net uses Win 2003 servers based on http headers, which tell us IIS6.0.

evoDev
Member
2 ACCEPTED SOLUTIONS

Accepted Solutions

Hello evoDev,

 

I've forwarded your request to support SHA2 encryption to our product management team for consideration in a future release.

 

Richard

View solution in original post

RichardH
Administrator Administrator
Administrator

We just established that is a real issue with Authorize.Net. We were able to purchase a SHA1 certificate and we are now able to receive the Relay Response from Authorize.NET. Authorize.NET Relay Response does not handle G2/SHA256 certificates. This will become a major issue in 2014 when SHA1 certifictions will not be obtainable from vendors eg. GoDaddy etc.

 

I hope this helps someone.

View solution in original post

21 REPLIES 21

Hello evoDev,

 

I've forwarded your request to support SHA2 encryption to our product management team for consideration in a future release.

 

Richard

RichardH
Administrator Administrator
Administrator

We just established that is a real issue with Authorize.Net. We were able to purchase a SHA1 certificate and we are now able to receive the Relay Response from Authorize.NET. Authorize.NET Relay Response does not handle G2/SHA256 certificates. This will become a major issue in 2014 when SHA1 certifictions will not be obtainable from vendors eg. GoDaddy etc.

 

I hope this helps someone.

We ran into this issue today when we renewed our cert using SHA 2.  We reissued the cert using SHA 1 and this eliminated our errors.  If it is true that Authorize.net is using 2003 Windows servers, I hope they know that these servers reach end of life in April of 2014. 

 

Authorize should be on top of this and should be supporting the new encryption algorithm of SHA 2.  Some PCI-DSS scanners are now requiring SHA 2 be installed. 

 

Can Authorize.net respond to this?

Is there any update as to when this will be fixed DPM? I am begining a new integration for a client and would like to know if I will be able to secure the process properly with the SHA-256.

Hello Zackvbrady;

 

Our product team is still investigating the issue.  How recently have you attempted using an SHA2 certificate?  The product team is interested in further narrowing the issue.  Please send details by submitting a support request at http://developer.authorize.net/support

 

Richard

We have been experiencing this issue as of February 12th when a SHA2 was installed on our client's website. The process to replace it with SHA 1 has been started, but it would be great to know that SHA 2 could be used ASAP.

We also have this problem and are currently unable to obtain an SHA1 certificate. I really don't understand what the problem is, since MS has released a hotfix that specifically addresses this issue. It should have been fixed already.

dtowell
Member

Hello

 

Our product team is currently working to fix this problem.  At this time, I don't have a time line for delivery.

 

I'd recommend subscribing to this topic so that you'll be alerted via email if there are updates. To subscribe, click Topic Options at the top of this thread and then select Subscribe. You'll then receive an email once anyone replies to your post.

Thanks,

Richard

I am also having this issue.  Is there any update or do I need to get my certificates reissued?