Reply
Regular Contributor
Posts: 60
Registered: ‎05-29-2015

Re: Timeouts posting XML after certificate upgrade

The other thing is to try downloading the certificates on another machine in Firefox or IE.  Copy the secure.authorize.net certificate file over to the machine having problems and run certutil on it.  See what that says.

Contributor
Posts: 12
Registered: ‎06-05-2015

Re: Timeouts posting XML after certificate upgrade

Still down...after much investigation I'm convinced it has something to do with our firewall or ISP.  Doing an OpenSSL session I get this:

 

OpenSSL> s_client -connect secure.authorize.net:443 -state
Loading 'screen' into random state - done
CONNECTED(0000011C)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:error in SSLv2/v3 read server hello A
write:errno=10060

Looks like we're sending info great, Authorize.net is getting it and sending info back. Our server is not getting the message...smehow it's being blocked or diverted or something. After 20 or 30 seconds it times out. 

 

This behavior doesn't happen with most https sites (https://www.google.com as an example).The problem is happening with all higher security sites like secure.authorize.net and Geotrust as an example...Here's the Openssl to Geotrust:

 

OpenSSL> s_client -connect www.geotrust.com:443 -state
Loading 'screen' into random state - done
CONNECTED(0000011C)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:error in SSLv2/v3 read server hello A
write:errno=10060

 

Same problem.  Thoughts  anyone?

Posts: 2,765
Topics: 57
Kudos: 245
Blog Posts: 67
Registered: ‎12-05-2011

Re: Timeouts posting XML after certificate upgrade

Are you filtering inboud connections?  You may want to whitelist the addresses AuthorizeNet posts from:

 

https://community.developer.authorize.net/t5/Integration-and-Testing/Authorize-Net-Whitelist-IP-Addr...

 

Richard

Contributor
Posts: 12
Registered: ‎06-05-2015

Re: Timeouts posting XML after certificate upgrade

No filtering is happening

Regular Contributor
Posts: 60
Registered: ‎05-29-2015

Re: Timeouts posting XML after certificate upgrade

For giggles try my site www.houstonuniform.com:443 and see what it gets.

 

A quick look shows www.google.com still seems to allow SSLv3 where authorize.net only allow TLS1.0 or higher.  My site should be the same in only allowing TLSv1.0 or higher.  If you get the same error your system isn't allowing TLS for some reason.

Contributor
Posts: 12
Registered: ‎06-05-2015

Re: Timeouts posting XML after certificate upgrade

[ Edited ]

That worked great in openssl.. And I'm able to browse the site in both IE and Chrome. But going to https it takes a very long time to load the page as it establishes a connection, but finally does load. Here are the Openssl results:

OpenSSL> s_client -connect www.houstonuniform.com:443 -state
Loading 'screen' into random state - done
CONNECTED(0000011C)
SSL_connect:before/connect initialization
SSL_connect: SSLv2/v3 write client hello A
SSL_connect: SSLv3 read server hello A
depth=3 /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Autho
rity
verify error:num=19:self signed certificate in certificate chain
verify return:0
SSL_connect: SSLv3 read server certificate A
SSL_connect: SSLv3 read server key exchange A
SSL_connect: SSLv3 read server done A
SSL_connect: SSLv3 write client key exchange A
SSL_connect: SSLv3 write change cipher spec A
SSL_connect: SSLv3 write finished A
SSL_connect: SSLv3 flush data
SSL_connect: SSLv3 read finished A
---
Certificate chain
0 s:/OU=Domain Control Validated/CN=www.houstonuniform.com
i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.c
om/repository//CN=Go Daddy Secure Certificate Authority - G2
1 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.c
om/repository//CN=Go Daddy Secure Certificate Authority - G2
i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certific
ate Authority - G2
2 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certific
ate Authority - G2
i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authorit
y
3 s:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authorit
y
i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authorit
y
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgIIdNPClFATgckwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNV
BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRow
GAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRz
LmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1
cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMTUwNTE0MjAzNzM4WhcN
MTUwOTI5MDA1OTAyWjBEMSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0
ZWQxHzAdBgNVBAMTFnd3dy5ob3VzdG9udW5pZm9ybS5jb20wggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDYCw689SaDaWjgwdvMALkPF8CHPuw7Lc7GIKpW
V2oXZ26J5hHUB25gU34viDhWt7Jx6QokF/HSO5q4Axw3LRVGQFXntqqQ6AnwbUXU
3AsEKGUiEzFyEzNnLNLJMu2DK3/zIlwPwWuiZYzaEloaJsbL6L1q3DUpJKx8+MFi
sCDMs1EGHoT7YNhjc2QfBMfcsV3Ykt3AsrRsBybKqGa/7B1psIzDIc6S2br+ENg/
OAs4wgXUbXjD6uElNv3R60clGbsrASqzgQVpznYrYNcOPRkTt/XCvvF/BrGwJK9T
mH/7whMm1KaSV3rGpg3jGFhFo26XDi3L/rUB7y44Bhk+6GOVAgMBAAGjggG9MIIB
uTAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAO
BgNVHQ8BAf8EBAMCBaAwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5nb2Rh
ZGR5LmNvbS9nZGlnMnMxLTg3LmNybDBTBgNVHSAETDBKMEgGC2CGSAGG/W0BBxcB
MDkwNwYIKwYBBQUHAgEWK2h0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20v
cmVwb3NpdG9yeS8wdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhhodHRwOi8v
b2NzcC5nb2RhZGR5LmNvbS8wQAYIKwYBBQUHMAKGNGh0dHA6Ly9jZXJ0aWZpY2F0
ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS9nZGlnMi5jcnQwHwYDVR0jBBgwFoAU
QMK9J47MNIMwojPX+2yz8LQsgM4wNQYDVR0RBC4wLIIWd3d3LmhvdXN0b251bmlm
b3JtLmNvbYISaG91c3RvbnVuaWZvcm0uY29tMB0GA1UdDgQWBBSVQmXX3DSmp3uu
rxbAcs7LpaGXwTANBgkqhkiG9w0BAQsFAAOCAQEAWfRJf/3sBOT1QlUG87yh4xb4
Nde21CRPuwUtuEA53vBMX0GNjENUZsPfEnNgWU2NhBzG+7C3s7HvSy3Jgq1q2ool
E5GptkR0rUD/hwg+aVi1Nyg2H+vU8peJLGn0U/4MtSmOjyKOV9RaPMP56B1CUOZ3
zx/NIpc4uykZcbB6r0po+QhnygoYU8mp/bsFPcsJ7kmFncY3sVf+Y3KEFFlaQuKs
XEeRRQQtPAmYInOeMSDyzwH9Cc4UNT4MPEQMiyvMmQGME8TuDrb05z/EQ5DMDtqA
ToD1B4MCKLr7P8VW6uxQsWwxZ3RtkpHkcZKE7gVAvah+tJFxSm74cq4PjgT8tA==
-----END CERTIFICATE-----
subject=/OU=Domain Control Validated/CN=www.houstonuniform.com
issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy
.com/repository//CN=Go Daddy Secure Certificate Authority - G2
---
No client certificate CA names sent
---
SSL handshake has read 5460 bytes and written 322 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES128-SHA
Server public key is 2048 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES128-SHA
Session-ID: 53B1E1D646FE06CFF3E2FA59247FB8B4BAC7B3D87C048257A5D2B3AE00F1BB0D
Session-ID-ctx:
Master-Key: E460B5F43357CDC5729B4DDE61E6DC8A0F069B7BCA9B82E09FA7BEAD92578ECF
BBC6F7755FD53A8E5AFA06D8C089A882
Key-Arg : None
Start Time: 1433901445
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
---

 

Regular Contributor
Posts: 60
Registered: ‎05-29-2015

Re: Timeouts posting XML after certificate upgrade

The only thing I can think of is to try going to secure.authorize.net in a browser on another computer and see if it just your server or your whole network blocking.

Member
Posts: 1
Registered: ‎06-10-2015

Re: Timeouts posting XML after certificate upgrade

Did you ever get a solution to this problem. Last night, I began experiencing this issue exactly as you described. I cannot access secure.authorize.net from any servers on my work network, but I can access it from my home network. Any insights are appreciated.

Contributor
Posts: 12
Registered: ‎06-05-2015

Re: Timeouts posting XML after certificate upgrade

I can access secure.authorize.net from an XP computer on the network as the affected server but still no secure connection with our server. But I will say, browsing around with the XP computer was very slow, and in fact accessing these boards and this post was extremely slow and when it did come back the formatting was a mess. Could that be a sign that the firewall might be malfunctioning? That's a total dart throw guess.

Regular Contributor
Posts: 60
Registered: ‎05-29-2015

Re: Timeouts posting XML after certificate upgrade

Something is weird then.  Try to do some type of speedtest or something to test your line and ISP.  I would also double check your DNS settings.  Good luck.