Today we had to update the authorize.net SSL certificates on our server to re-enable secure communications.
They have updated their SSL certs. We found 3 certs which we updated to make sure the chain was recognized by our server.
Depending on your server type, this procedure will be different.
We are using ColdFusion 9 and had to add the certs to our java cert store.
We followed these directions to resolve our issue:
http://stackoverflow.com/questions/20469194/coldfusion-https-connection-failure
Why cant autoroize.net just post that they changed the certs?
I had this same issue with another vendor and they kept telling me they made no changes.
Server admins really need to learn how to communicate with their tech support people!
Grrrrr!!!
Hope this helps...
Steve Stout
Kagan Publishing
โ07-22-2014 10:27 AM
Thanks so much as this is making us crazy.....and that makes 100% sense.
I can browse to any other https: site on my server except the transact.dll site.
โ07-28-2014 06:41 AM
Ok so i just tried that link you gave me and I get page cannot be displayed. so i'm guessing this is also the issue?
โ07-28-2014 06:44 AM
the wierd thing is the other windows 2003 servers work.
โ07-28-2014 08:11 AM
Are they running IIS 6?
BTW, I ran Security Updates on my Windows 2003 server as well, hoping that would help. It didn't.
โ07-28-2014 11:50 AM
Im still in the same boat....any help's appreciated.
โ07-29-2014 08:04 AM
It is not so much that the SSL certificates have been updated, but if the header has enabled GZIP Authirize.Net returns a GZIP file. I ran into this myself.
Try This:
Set objhttp = Server.CreateObject("Msxml2.ServerXMLHTTP")
objhttp.open "post", "https://secure.authorize.net/gateway/transact.dll"
objhttp.setRequestHeader "Content-Type", "text/XML; charset=UTF-8"
objhttp.send strrequest
Your Code:
Set objhttp = Server.CreateObject("Msxml2.ServerXMLHTTP")
objhttp.open "post", "https://secure.authorize.net/gateway/transact.dll", false
objhttp.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
objhttp.setRequestHeader "Accept-Encoding", "gzip, deflate, sdch"
objhttp.setRequestHeader "Content-Length", len(strrequest)
objhttp.send strrequest
Good Luck.
โ07-30-2014 10:44 AM
Hi All,
This may be unrelated, but since the cert update on 7/24, all of my previously functioning sites using the AIM gateway started failing with a 403 error. I finally resolved the issue today by changing the verb "Post" to "POST" in the http request open() call. No further changes were necessary and I was able to remove all the Request Header stuff that I'd been unsuccessfully trying out.
Greg.
โ08-04-2014 08:25 AM
Well, in my case, I see the opposite : Authorize.net have NOT updated their (still valid, but not most up to date) certificate. I refer to the certificate seen at https://secure.authorize.net/gateway/transact.dll . If we visit this URL and inspect the certificate, we can see that it is signed by the intermediary certificate with CN = Entrust Certification Authority - L1E , valid to 10 dรฉcembre 2019 17:25:43. However, if you visit the Untrust site https://validev.entrust.net/, you see that their intermediary cert with the same CN is valid until 11 novembre 2021 23:00:59 - so it is a more recent version. These two intermediary certificates do not share the same root certificate. In my case, a problem occured because the standard list http://curl.haxx.se/ca/cacert.pem used by CURL did not contain the root certificate for the previous version of the certificates. It contained only the root certificate for the new version. When I added the root certificate for the old version manually in the file, the problem was solved. In http://stackoverflow.com/questions/29103613/how-comes-authorize-net-uses-a-certificate-that-is-signe... I try to understand what exactly went wrong. Should have the new certificate worked as a replacement of the previous certificate? Should have the list contained both root certificates? Should have Authorize.net updated its certificate so that it matches with the more up to date CA bundle?
โ03-17-2015 05:58 PM
Hi For those of you who are having problems connecting to Authorize.Net via ColdFusion (Windows 2008R2) due to their recent Certificate change here is the FIX:
1 - Go to the AuthorizeNet blog and download all the new Certificates. HERE:
Place these in a folder on your ColdFusion server
2 - Find and BACK UP your cacerts file:
The default truststore is the JRE's cacerts file. This file is typically located in the following places:
Server Configuration:
cf_root/runtime/jre/lib/security/cacerts
Multiserver/J2EE on JRun 4 Configuration:
jrun_root/jre/lib/security/cacerts
Sun JDK installation:
jdk_root/jre/lib/security/cacerts
Consult documentation for other J2EE application servers and JVMs
3 - Download Keystore Explorer Here: http://keystore-explorer.sourceforge.net/ install it ... you may have to upgrade your security to unlimited ... follow the instructions provided during install.
4 - OPEN your cacerts file in Keystore Explorer
5 - Import each of the new Certificates in to the cacerts keystore TOOLS>IMPORT TRUSED CERTIFICATE
6 - SAVE the cacerts file
7 - REBOOT THE SERVER
8 - TO TEST: create a SSLTEST.cfm file: Open a Notepad file and enter:
<cfhttp url="https://secure.authorize.net/gateway/transact.dll" method="GET" port="443">
<cfdump var="#cfhttp#">
SAVE in a WEBSPACE so you can run this from a browser.
9 - Browse to this file SSLTEST.CFM you should get something like this returned if successful
struct
Charset | [empty string] | ||||||||||||||||||||||
ErrorDetail | [empty string] | ||||||||||||||||||||||
Filecontent | <HTML><BODY><H3>The following errors have occurred.</H3>(13) The merchant login ID or password is invalid or the account is inactive.<BR></BODY></HTML> | ||||||||||||||||||||||
Header | HTTP/1.1 200 OK Connection: close Expires: Tue, 01 Jan 1980 00:00:00 GMT Date: Sat, 30 May 2015 14:43:53 GMT Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET Vary: Accept-Encoding Cache-Control: private, must-revalidate, max-age=0 Content-Type: text/html | ||||||||||||||||||||||
Mimetype | text/html | ||||||||||||||||||||||
Responseheader | struct
| ||||||||||||||||||||||
Statuscode | 200 OK | ||||||||||||||||||||||
Text | YES |
Thats the fix
Elliott Kayne
OnlineCorp.com
:smileyhappy:
โ05-30-2015 07:45 AM
Since May 27( the upgrade to SHA-2). The shopping cart on our website has not been working. I am unsure how to upgrade to SHA-2. Do I upgrade to SHA-2 and then install the certificates, or can I just update the certificates. Is there a a companys that could upgrade it for me. I am using coldfusion 8. We don't have a developer at this time to update this and my host won't update it.
โ05-30-2015 10:48 AM