cancel
Showing results for 
Search instead for 
Did you mean: 

DPM works with SSL intermittently in live account;OK without SSL, or with SSL in Developer Account

This is an update to our original post at:

http://community.developer.authorize.net/t5/Integration-and-Testing/DPM-only-working-intermittently-...

 

  • With DPM, a developer account, and using an SSL link for the relay response we ran hundreds of transaction with no AN issues
  • With DPM - same code, a live customer account, and using a SSLlink for the relay response, at least 10% of our transaction submittals time out with no repsonse from AN (no log entries)
  • With DPM, a live customer account, and using an non-SSLlink for the relay response, all transactions seem to be working as intended.

Our conclusions:

  • Developer accounts and live accounts respond differently to the same situations and code
  • There are SSL issues we do not understand on a live account, but not on a developer account.

We have checked our SSL certificate at:

http://www.digicert.com/help/ and

https://www.ssllabs.com/ssltest/analyze.html

 

and do not see any issues but then we are not sure what to look for. There is nothing in the AN documentation about this so any help resolving this issue would be appreciated.

 

Thanks.

 

StephenS
Contributor
26 REPLIES 26

We have been experiencing the same issue since we changed the certificate to digicert. The problem occurred right after we switch the certificate.  

 

Which CA are you using? 

ragnarok77
Member

We use SecureTrust.

 

Does it work on a developer (test) account? That is one of the confusing items.

It definitely works on test account. We've been using SIM (similar to DPM) for two years. We only started to see these timeout errors two weeks ago, right after we changed CA. The failure rate is about 10%. 

 

Before that the system was pretty solid. My guess is that Authorize.net uses a large farm of servers to send relay messages. And some of their servers don't have certain root CAs installed.

 

We used Wireshark to capture the traffic. For those failed transactions, Authorize.net tried to negotiated the certificate. However after negotiation is done, they never sent us the actual relay message, very like because they don't trust the certificate.  

We've been using AIM for ten years with no issues. And we have used SIM as an intermediate step to DPM. Have converted to DPM to help with PCI compliance.

 

I have a ticket in AN support but have not had a response in 48 hours -- not what you would expect! I am suprised a moderator from AN has not responded here to. AN need to help by providing some documentation on this.

 

I see others have also had issues with SSL. We have spent two weeks trying to troubleshoot this, and seeing the difference between developer and live accounts, and SSL and no SSL, would clearly indicate that AN have a problem and that relying on developer accounts for development can lead to real problems. As you say, the servers in their farm are probably not equal.

@ragnarok7 @StephenS

 

I've been watching this thread with great interest, but don't yet have any specific information on a solution, so please stay tuned while we dig a little more into your reports.

 

Richard

 


@RichardH. Thanks for looking into this. Appreciated!

We are seeing the same issue since switching to Digicert a week ago. We too have taken a packet capture and see that Authorize.Net is gracefully terminating the SSL connection without sending a POST. I've been pestering A.net as much as possible concerning this and they say it's not their problem.

@RichardH. Any information on this yet?

 

I still have not any response from support (now 3 business days) so this does not reflect well on AN.

 

Given that a developer account is fine and real accounts exhibit the issue I cannot see that the usual "your code is the problem" really applies unless there are differences in the two account types that are not publicly known.

 

I see other recent threads with SSL issues too.

We're still working on resolution.  As soon as I have anything to report, I'll post here in the community.