developer.authorize.net developer.cybersource.com
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a question

Confused about updating to the new SLL Certificates

I recently got an email about SSL certificate changes for anyone using the authorize.net API to process transactions. I use a cURL in PHP to call the following endpoint for all my payment processing:

https://api.authorize.net/xml/v1/request.api

I am confused by the whole certificate thing, I just call the endpoint with my merchant credentials in the XML, as far as I know. Do I need to do anything or install something on my server to keep it working? Or am I fine continuing to do what I have been doing?

Excerpt from the email I got: You must integrate and use the newly-issued Root and Intermediate (CA) SSL certificates from DigiCert by October 24 to avoid any disruptions.

I love the vague words "integrate and use". How do I integrate and then how do I use, in PHP and on my server?

Talentville
Contributor

‎09-27-2024 07:08 AM

0 Kudos
3 REPLIES 3

I too am confused by this.  I've opened a support ticket with Authorize.NET, but they only keep referring me to the same links that were in that email.

In their article, Entrust to DigiCert SSL Certificate Migration, it states, "You can download the latest version of the Root and Intermediate (CA) certificates from the zip file in the Attachments section below."  However, there is no attachments section or links to a zip file.  They also referred me to the article Where can I find the latest version of Authorize.nets server-level SSL certificates?  However, the instructions in here also appear useless.  Navigating to the endpoints to download the certificates only gets the current certificates -- not the new ones they will transition to.  They also have links to DigiCert to download root certificates, but DigiCert lists dozens of certificates on that page and I don't know which one to download.

Does anyone know which certificates we actually need and where to get them?

jmorrison
Contributor

‎09-27-2024 09:33 AM

0 Kudos

My bigger confusion is that right now I don't rely on anything at all other than calling the API endpoint with my merchant credentials in the XML. I just call it and it works, no certificate or anything else.  If I am just calling a URL via cURL, how would this certificate even get used and where would it get 'installed'?  Am I supposed to install it somehow on my own server and then set some callback in the authnet portal?  

What I am getting at is a wonder of what the flow of execution is when I just call the API endpoint with XML passed in, as well as where this certificate would be put and how it would be triggered in my use of the API endpoints.

Perhaps I just have to wait it out and see if it all keeps working, without real guidance from those in the know.

Talentville
Contributor
In response to jmorrison

‎09-27-2024 09:40 AM

0 Kudos

When you call the API endpoint, the Auth.Net server sends back a TLS certificate.  This certificate was issued by a trusted third party (DigiCert in this case), and the Auth.Net certificate references back to an intermediate and root certificate from DigiTrust.  Your server must know and trust those other certificates in order to trust the Auth.Net certificate.  If your server doesn't trust the TLS certificate, the connection will likely fail.

Therefore, it sounds like we need to verify that these intermediate and root certificates are installed on our servers so that the new Auth.Net certificate will be trusted.  However, I don't know what intermediate and root certificates to check for or install if they are missing.

jmorrison
Contributor

‎09-27-2024 09:48 AM

0 Kudos
Copyright © 2024 Khoros, LLC