Our production site uses ColdFusion MX 7 and is on a Linux server; it now fails on calls to Authorize.net within Sandbox. I get a response back from all Authorize.net transactions of: "Connection Failure."
We are using a CFHTTP (method=POST) call to: https://test.authorize.net/gateway/transact.dll
OUr production environment satisfies all of this criteria:
--Your certificate store includes certificates for Root 2 - GeoTrust Global CA
--Your security transport—the part that negotiates TLS—supports SHA-256
--Your solution does not connect directly to Authorize.Net using an IP address
--Your solution’s firewall is not set to whitelist Authorize.Net IP addresses for outbound connections
Our site uses: PKCS #1 SHA-256 With RSA Encryption
I verified that ColdFusion MX 7 is compatible with SHA-2.
Please advise if anyone knows of a solution or something I can do to debug the issue.
I am having the same problem with ColdFusion8. It turns out that CF8 does not support SSL certs that use SAN. So...any chance Authorize.net would use a cert on apitest.authorize.net that does not use SAN? Because now my CF8 machine is dead in the water for connecting to you. Right now it's just my dev server. I sure hope this doesn't happen on the production environment.
04-09-2015 10:52 AM
We are taking steps to remove this limitation within our sandbox environment. However strongly encourage developers to keep their servers, frameworks and protocol support up to date to ensure compliance with PCI DSS, established and emerging security requirements.
Richard
05-15-2015 08:13 AM
Absoulty correct! All versions of ColdFusion from ColdFusion 9 and lower are past End Of Life support. All of those versions can only run on Java 1.7 or lower which are also all past End Of Life support. I highly recommend that these be upgraded.
Wil Genovese
Sr. Web Application Developer / Systems Administrator
CF Webtools
05-27-2015 11:03 AM
Richard:
Did Authorize.net make a promotion last night / early this morning?
Now all of our clients' Authorize.net calls are failing in our production environment. Was this issue ever fixed for the Sandbox environment?
I thought it was going to be fixed there (via certificate?) before your promoted.
Is there anyway you can rollback the promotion until you have fixed the issue for ColdFusion users?
Thanks.
05-28-2015 08:16 AM
Same here. All AIM clients failing as of this morning!
Running CF9 server, on IIS7.5
05-28-2015 08:54 AM
Vokamis,
Have you installed the 4 certificates that Richard H. recommended. Did you read those postings?
We have not, but we were going to try it later today.
Let me know what works for you. I will keep you posted.
05-28-2015 09:05 AM
To cover all of our production certificates that are currently in use, you will want to install the following three certificates from Entrust.
Entrust.net Secure Server Certification Authority Certificate Thumbprint (SHA-1): 99A6 9BE6 1AFE 886B 4D2B 8200 7CB8 54FC 317E 1539 Entrust.net Certification Authority (2048) Certificate Thumbprint (SHA-1): 5030 0609 1D97 D4F5 AE39 F7CB E792 7D7D 652D 3431 Entrust Root Certification Authority Certificate Thumbprint (SHA-1): B31E B1B7 40E3 6C84 02DA DC37 D44D F5D4 6749 52F9
Each of these can be downloaded on the Entrust site at the following URL:
http://www.entrust.net/developer/
In addition, we are currently using certificates issued by GeoTrust on our sandbox site. You only need one root certificate to verify our GeoTrust certs.
GeoTrust Global CA Certificate Thumbprint (SHA-1): DE:28:F4:A4:FF:E5:B9:2F:A3:C5:03:D1:A3:49:A7:F9:96:2A:82:12
This certificate can be downloaded from GeoTrust's site at:
https://www.geotrust.com/resources/root-certificates/
If you are using software that is capable of using a pem file as a certificate store, then you may also use the pem file that we distribute as a part of our PHP SDK. This file includes all four of the aforementioned certificates and can be found on github at: https://github.com/AuthorizeNet/sdk-php/blob/master/lib/ssl/cert.pem
05-28-2015 01:45 PM - edited 05-28-2015 01:49 PM
We have installed the 4 certificates. All of our attempts over AIM are failing for "secure".
We are running CFMX7 on Apache on one server.
We are running BD on Apache on another server.
05-28-2015 04:25 PM
Hi,
I'm on CF8 Windows Server 2008 and am having these same connection issues since they did the upgrade May 27th. I installed all the certs, but still get a connection error, any other ideas on what might be causing the issue?
Craig
05-28-2015 04:35 PM