Reply
Member
Posts: 5
Registered: ‎01-29-2010

api.authorize.net temporarily invalid SSL certificate

Yesterday, March 1, 2011, between 6:30PM and 9:30PM US Eastern, my system log files show that the SSL certificate returned by the production Authorize.net API server was reporting as being invalid (specifically, that they could not be verified).  This error was reported to occur on 42 separate requests between those hours.

 

Did anyone else see an issue?

 

It doesn't appear as though the api.authorize.net SSL certificates are any different today than they were two days ago:

 

Common Name: *.authorize.net
Issuing CA: Entrust Certification Authority - L1C
Organization: Cybersource Corporation
Valid from March 31, 2010 to March 30, 2012
Key Size: 1024 bits

Member
Posts: 6
Registered: ‎07-29-2010

Re: api.authorize.net temporarily invalid SSL certificate

we noticed this same issue yesterday around the same time in our system log files.  i emailed customer support about it but thus far no response on the issue.

Member
Posts: 5
Registered: ‎01-29-2010

Re: api.authorize.net temporarily invalid SSL certificate

[ Edited ]

Thanks for the feedback.  Please let me know if you ever hear anything back.  Invalid certificates are an exceptionally scary thing, especially for a credit card processor. ;)

Contributor
Posts: 22
Registered: ‎02-10-2010

Re: api.authorize.net temporarily invalid SSL certificate

I can confirm we experienced this issue as well.  First occurrence was at 6:08pm EST and last was at 9:34pm EST on 3/1/2011.

Member
Posts: 1
Registered: ‎04-06-2011

Re: api.authorize.net temporarily invalid SSL certificate

We've been unable to consistently establish SSL connections as well with Auth.Net.  Is there a case number open with them I can tag onto?

All Star
Posts: 1,072
Registered: ‎08-17-2009

Re: api.authorize.net temporarily invalid SSL certificate

Have you validated that your server is using the most up-to-date certificate? Try adding an EnTrust CA certificate to the Web server(s) impacted, and then see if the connection will work properly.

 

Check out this link for more info on how to update your Web servers to support EnTrust for SSL.

 

Thanks,

 

Michelle

Developer Community Manager

 


Member
Posts: 1
Registered: ‎05-23-2011

Re: api.authorize.net temporarily invalid SSL certificate

We are still having this problem.  This should be headline news on your website, and a major broadcasted email for all customer integrations.  We are just getting to the bottom of all of our rejected transactions.  We didn't realize this was such a persistent problem that required action on the part of our host to point to your new SSL certificate provider.  No officense to Authorize.net's hard working developmen team, but somebody dropped the ball on this, and then they dropped it again.  The 101 for anyone responsible for managing a server is not letting the SSL pass due, and then re-new it with a new provider (maybe to save a FEW bucks) which causes long term transaction failtures?  to be honest, we don't know how much we have lost, but it could highly significant sums.

 

PS  We have asked our host today to find this Entrust website page which apparently gives instructions on how to make sure our servers are correctly finding the new SSL certificate for Authorize. net.  I took a look at the page, and it seemed to be for companies installed an Entrust certificate, which we are not doing.

 

Blu Atwood

FiftyFlowers.com