Cybersource Developer Community Cybersource Developer Community

Talentville · ‎09-27-2024

I recently got an email about SSL certificate changes for anyone using the authorize.net API to process transactions. I use a cURL in PHP to call the following endpoint for all my payment processing:

https://api.authorize.net/xml/v1/request.api

I am confused by the whole certificate thing, I just call the endpoint with my merchant credentials in the XML, as far as I know. Do I need to do anything or install something on my server to keep it working? Or am I fine continuing to do what I have been doing?

Excerpt from the email I got: You must integrate and use the newly-issued Root and Intermediate (CA) SSL certificates from DigiCert by October 24 to avoid any disruptions.

I love the vague words "integrate and use". How do I integrate and then how do I use, in PHP and on my server?

Talentville · ‎10-10-2024

I am not trying to necessarily knock AuthNet (used it for a decade), but consider the following:

I will no longer need quarterly PCI tests, which are invasive and filled with false positives. That killed a week of my time every 90 days.
After cancelling my AuthNet, I called to cancel my processor, Evo Payments, and it seems I am in a contract for 2 more months, so I have to keep paying those thieves even as I do not use their service any more. Good riddance to all of them.
I can now get rid of my entire custom-coded checkout system, as well as XML formatting and calling the AuthNet API, with their fairly substandard error messages when things go wrong. I no longer handle any card info at all since that is done in the Stripe form.
I can now accept a wide variety of alternate payment types, from Amazon pay to Cash App and others. Gives more flexibility with zero coding.

Implementing Stripe was easy with a bit of chat support and their embedded form (I like that instead of switching to the Stripe site for the payment). Their form looks fine and lists the items, sends a nice receipt to the customers, etc. Smooth 3 day integration, start to finish. Products/Memberships (anything you sell) will have to be either manually added to their system or done via the API, but if you have loads of products, and you have their software installed (done via composer for the most part), a programmatic loop to create products and associated prices is a simple task.

We all have to make our own decisions on payment processors, I just finally decided an all in one setup, with a drop-in form for card info, would simplify everything. So far it feels like a move years too late.

jmorrison · ‎10-11-2024

Their support was not super helpful, and couldn't tell me specifically what certs to install. However, looking more closely at their article, Where can I find the latest version of Authorize.nets server-level SSL certificates?, I found an Attachments section at the very bottom of the page where you can download a zip file with certificates. It's easy to miss because there is extra whitespace between the last set of instructions and the attachments section.

warmantus · ‎10-21-2024

Hi everyone. I figured out what needed to be done. I accomplished it by using ChatGPT & SSH and here are the steps (hope this can help some of you):

i want to try with ssh. do i need to be logged in with special privelages?
ChatGPT said:
ChatGPT
Yes, to manually add the Root and Intermediate certificates to your server’s trusted certificate store via SSH, you will need to log in with root or superuser (sudo) privileges. This is necessary because the certificate files you’ll be modifying are located in system directories that require administrative permissions to access and modify.

Steps to Proceed with SSH:
Log in to your server via SSH:

Use a terminal (on Linux/Mac) or an SSH client (like PuTTY on Windows).
The login command should look something like this:
css
Copy code
ssh root@your-server-ip
If you're using a non-root user, but that user has sudo privileges, log in with that user and prefix commands with sudo.
Locate the Trusted Certificates Directory:

On many Linux-based systems, the CA certificate directory is typically:
/etc/ssl/certs/ (for trusted certificates)
Or /usr/share/ca-certificates/ (for adding new certificate authorities)
Copy the CRT files to the Trusted Directory:

You can use the scp command to copy the certificates from your local machine to the server, or you can use an editor like nano to manually create the certificate files in the trusted directory.
Example (if using scp):

perl
Copy code
scp /path/to/your/Intermediate.crt root@your-server-ip:/etc/ssl/certs/
scp /path/to/your/Root.crt root@your-server-ip:/etc/ssl/certs/
Update the CA Certificates:

If you're using a Debian-based system (like Ubuntu), you can run:
sql
Copy code
sudo update-ca-certificates
For Red Hat/CentOS-based systems, use:
sql
Copy code
sudo update-ca-trust
This will refresh the system's trusted certificate store, adding the new Root and Intermediate certificates you just copied.

Verify:

After updating the certificate store, you can verify that your server trusts the new certificates by testing the API connection to Authorize.net in the Sandbox environment.
Important Notes:
Make sure you are logged in with root or a user with sudo privileges.
Be careful when working with system files to avoid accidentally removing or misconfiguring important system components.
Let me know if you need any more detailed instructions!

You said:
I am using Terminal from WHM and the first thing I see is: [root@ded6177 ~]#
ChatGPT said:
ChatGPT
Since you're already logged in as root in your WHM terminal ([root@ded6177 ~]#), you have the necessary privileges to proceed with the certificate installation. Here’s how to manually add the Root and Intermediate certificates to your trusted certificate store:

Steps to Manually Add the Certificates
Create the Certificate Files:

You'll need to create two files in the appropriate directory to store the Root and Intermediate certificates. We’ll place them in /etc/ssl/certs/ for this example.
You can use a text editor like nano to create these files.

To create the Intermediate certificate file:

bash
Copy code
nano /etc/ssl/certs/Intermediate-DigiCert.crt
Paste the entire content of the Intermediate DigiCert Certificate (CRT) into the file.
Save the file by pressing CTRL + X, then press Y and Enter.
To create the Root certificate file:

bash
Copy code
nano /etc/ssl/certs/Root-DigiCert.crt
Paste the entire content of the Root DigiCert Certificate (CRT) into this file.
Save the file in the same way.
Update the CA Certificates:

Now that you’ve added the Root and Intermediate certificates to the directory, you need to update the CA store to recognize them.
Run the following command depending on your Linux distribution:

For Debian/Ubuntu based systems:

bash
Copy code
update-ca-certificates
For Red Hat/CentOS based systems:

bash
Copy code
update-ca-trust
Verify the Installation:

After running the command, the system should now trust the newly added certificates. You can test the connection to Authorize.net's sandbox environment or the production environment after the update.
Summary:
You’re already logged in as root, so you have the required permissions.
Create and paste the contents of the Root and Intermediate certificates in /etc/ssl/certs/.
Run update-ca-certificates (or update-ca-trust for CentOS/Red Hat).
Let me know how it goes or if you run into any issues!

You said:
Authorize.net's sandbox environment isn't ready for a couple of days but in the meantime is there a way to verify that the certificates I added are in my server?
ChatGPT said:
ChatGPT
Yes, you can verify that the certificates were successfully added to your server by checking the contents of the directory where you placed them or by using specific commands to list the trusted certificates. Here’s how you can do both:

1. Check the Certificate Files Directly
You can check if the Root and Intermediate certificate files are present in the /etc/ssl/certs/ directory:

bash
Copy code
ls -l /etc/ssl/certs/
Look for the files you created (Intermediate-DigiCert.crt and Root-DigiCert.crt). If they appear in the list, then they were successfully created.

2. Display the Contents of the Certificate Files
You can also view the contents of the certificate files to ensure that they contain the correct data:

bash
Copy code
cat /etc/ssl/certs/Intermediate-DigiCert.crt
bash
Copy code
cat /etc/ssl/certs/Root-DigiCert.crt
This will display the contents of each file in the terminal. Ensure that the text matches the CRT files you received from Authorize.net.

3. Use the openssl Command
You can use the openssl command to verify that your server recognizes the certificates. Here's how to check if the certificates are part of the trusted store:

To check the Intermediate certificate:
bash
Copy code
openssl x509 -in /etc/ssl/certs/Intermediate-DigiCert.crt -text -noout
To check the Root certificate:
bash
Copy code
openssl x509 -in /etc/ssl/certs/Root-DigiCert.crt -text -noout
These commands will display detailed information about the certificates, including their validity and issuer details. If the commands execute without errors, your server recognizes these certificates.

Summary
Use ls -l to list the files in /etc/ssl/certs/.
Use cat to view the contents of the certificates.
Use openssl to inspect the certificates further.
Let me know if you need help with any of these steps or if you have further questions!

warmantus · ‎10-21-2024

I finally figured this out with the help of ChatGPT. I am pasting my conversation here. Hope this helps someone out: