Showing results for 
Search instead for 
Did you mean: 

Authorize.Net Begins Infrastructure and SHA-2 Certificate Upgrades

Authorize.Net is upgrading our infrastructure to enhance system performance and security. The changes will be made to our sandbox environment first with updates to production following at a date still to be determined.


See the full details in our blog post here.



Administrator Administrator

@Lilith my php files are sitting on a godaddy shared hosting account. It's not very clear to me what kind of changes i could do to work with the SHA-2 certificate upgrades. Should i just wait because they are still working on the upgrade or you think there is something that i manually have to do?

Thanks for the help.

I was looking at the host name that was referenced in the ssl cert. I guess SAN was the issue, as after setting the url back to apitest it seems to be working fine after updating my machines php/curl/openssl earlier.


Thank you for your help.

@magalh Thank you for posting your PHP changes in the blog post comments. We were updating our PHP SDK yesterday and should have the new version on GitHub shortly.

"Move fast and break things," out. "Move carefully and fix what you break," in.

@greg1972 Do you know which versions of PHP, cURL, and OpenSSL you were using before, and what you're using now?

I ask because the information might be helpful if anyone else has a similar issue.

"Move fast and break things," out. "Move carefully and fix what you break," in.

I contacted my host (InMotion) as you suggested, they looked into, and replied that everything is okay on their end. I am now trying to find out where osCommerce got the module for Authorize.Net . . . .

@Lilith  I did as you suggested and my host (InMotion) said they meet all the stated requirements (from the link you suggested).  And there does not seem to be a problem with the osCommerce module for AIM.  But I am still stuck.  I tried setting the "Verify SSL Certificate" to false, and that *worked* giving me a successful authorization (I am still only testing in the sandbox in test mode using test cc numbers).   Do you have any other suggestions about what next to investigate, given that the sandbox worked for me prior to March 31, and does not work now unless I turn off "Verify SSL Certificate"?

Is there any chance of getting you to provide a non-SAN cert for as I have an application server running ColdFusion 8 which doesn't support certificates with SAN?



Last december I set up the sandbox for my clients site,


It took al weekend but we managed to get it wokrking wiht the right responses.


We were unsure how ling we would be developing for but we have finally managed to get the site into a position where we can go live.


So in final testing I start from scratch to register and when it comes to accepting payments via the sandbox, this happens



The sandbox accpets the payment and actually created the payment profile etc and the payment for the item is taken, 




the XML response is that there is an unhandled exception and there is an error with the security certificate, I have read the 'SSL Security error - again' thread and followed the instructions on installing the trusted certificate onto the server, this has not resolved the issue.


Can you give me any pointers to resolve this issue please as the site is now on a deadline



Many thanks for any help






I recently switched hosts to Godaddy and I can only get a SHA-2 cert. My website is running WordPress with Gravityforms and the Gravityforms Add-on. The payments seem to go through but it appears as if no response is coming back or being blocked somehow. Is this due to my SHA-2 cert? Is there anything I can do to get this to work in production?

@sethstevenson The references to SHA-2 pertain only to our upcoming new SHA-2 certificates, not yours.

API calls on our system handle the request and the response on the same connection. If you are able to connect to us and successfully send a request, we will reply in the same connection with the response. Since you say payments go through, that tells me that the request is coming in just fine, and so there isn't any connectivity issue.


My guess is that your parser may not be reading the reply correctly. Make sure the parser starts with the first blank line following the HTTP response headers. Also, if you are connecting to or, you may need to be explicit about MIME types--text/xml for XML requests and responses, application/json for JSON requests and responses. (If you're using the MIME type doesn't have to be explicit, but text/plain is what I'd recommend.) 

If these suggestions don't help, you may need to work with Gravityforms to make sure it's parsing correctly.

"Move fast and break things," out. "Move carefully and fix what you break," in.