Reply
Highlighted
Member
Posts: 6
Registered: ‎07-31-2013
Accepted Solution

Relay Response not getting hit. SHA2 certificates and Authorize.net suspect

Does anyone know if Authorize.net accepts the newer SHA2 encryption? Our production servers which use this type of certificate do not receive the RelayResponse.

 

We found an article on SHA2 encryption issues with WIN2003 servers KB968730. We know Authorize.net uses Win 2003 servers based on http headers, which tell us IIS6.0.


Accepted Solutions
Highlighted
Solution
Accepted by topic author evoDev
‎08-21-2015 01:58 AM
Posts: 2,765
Topics: 57
Kudos: 246
Blog Posts: 67
Registered: ‎12-05-2011

Re: Relay Response not getting hit. SHA2 certificates and Authorize.net suspect

Hello evoDev,

 

I've forwarded your request to support SHA2 encryption to our product management team for consideration in a future release.

 

Richard

View solution in original post

Highlighted
Solution
Accepted by topic author evoDev
‎08-21-2015 01:58 AM
Member
Posts: 6
Registered: ‎07-31-2013

Re: Relay Response not getting hit. SHA2 certificates and Authorize.net suspect

We just established that is a real issue with Authorize.Net. We were able to purchase a SHA1 certificate and we are now able to receive the Relay Response from Authorize.NET. Authorize.NET Relay Response does not handle G2/SHA256 certificates. This will become a major issue in 2014 when SHA1 certifictions will not be obtainable from vendors eg. GoDaddy etc.

 

I hope this helps someone.

View solution in original post


All Replies
Highlighted
Solution
Accepted by topic author evoDev
‎08-21-2015 01:58 AM
Posts: 2,765
Topics: 57
Kudos: 246
Blog Posts: 67
Registered: ‎12-05-2011

Re: Relay Response not getting hit. SHA2 certificates and Authorize.net suspect

Hello evoDev,

 

I've forwarded your request to support SHA2 encryption to our product management team for consideration in a future release.

 

Richard

Highlighted
Solution
Accepted by topic author evoDev
‎08-21-2015 01:58 AM
Member
Posts: 6
Registered: ‎07-31-2013

Re: Relay Response not getting hit. SHA2 certificates and Authorize.net suspect

We just established that is a real issue with Authorize.Net. We were able to purchase a SHA1 certificate and we are now able to receive the Relay Response from Authorize.NET. Authorize.NET Relay Response does not handle G2/SHA256 certificates. This will become a major issue in 2014 when SHA1 certifictions will not be obtainable from vendors eg. GoDaddy etc.

 

I hope this helps someone.

Highlighted
Member
Posts: 1
Registered: ‎10-02-2013

Re: Relay Response not getting hit. SHA2 certificates and Authorize.net suspect

We ran into this issue today when we renewed our cert using SHA 2.  We reissued the cert using SHA 1 and this eliminated our errors.  If it is true that Authorize.net is using 2003 Windows servers, I hope they know that these servers reach end of life in April of 2014. 

 

Authorize should be on top of this and should be supporting the new encryption algorithm of SHA 2.  Some PCI-DSS scanners are now requiring SHA 2 be installed. 

 

Can Authorize.net respond to this?

Highlighted
Member
Posts: 1
Registered: ‎02-10-2014

Re: Relay Response not getting hit. SHA2 certificates and Authorize.net suspect

Is there any update as to when this will be fixed DPM? I am begining a new integration for a client and would like to know if I will be able to secure the process properly with the SHA-256.

Highlighted
Posts: 2,765
Topics: 57
Kudos: 246
Blog Posts: 67
Registered: ‎12-05-2011

Re: Relay Response not getting hit. SHA2 certificates and Authorize.net suspect

Hello Zackvbrady;

 

Our product team is still investigating the issue.  How recently have you attempted using an SHA2 certificate?  The product team is interested in further narrowing the issue.  Please send details by submitting a support request at http://developer.authorize.net/support

 

Richard

Highlighted
Member
Posts: 1
Registered: ‎02-19-2014

Re: Relay Response not getting hit. SHA2 certificates and Authorize.net suspect

We have been experiencing this issue as of February 12th when a SHA2 was installed on our client's website. The process to replace it with SHA 1 has been started, but it would be great to know that SHA 2 could be used ASAP.

Highlighted
Member
Posts: 1
Registered: ‎02-20-2014

Re: Relay Response not getting hit. SHA2 certificates and Authorize.net suspect

We also have this problem and are currently unable to obtain an SHA1 certificate. I really don't understand what the problem is, since MS has released a hotfix that specifically addresses this issue. It should have been fixed already.

Highlighted
Posts: 2,765
Topics: 57
Kudos: 246
Blog Posts: 67
Registered: ‎12-05-2011

Re: Relay Response not getting hit. SHA2 certificates and Authorize.net suspect

Hello

 

Our product team is currently working to fix this problem.  At this time, I don't have a time line for delivery.

 

I'd recommend subscribing to this topic so that you'll be alerted via email if there are updates. To subscribe, click Topic Options at the top of this thread and then select Subscribe. You'll then receive an email once anyone replies to your post.

Thanks,

Richard

Highlighted
Member
Posts: 2
Registered: ‎02-17-2014

Re: Relay Response not getting hit. SHA2 certificates and Authorize.net suspect

I am also having this issue.  Is there any update or do I need to get my certificates reissued?