Authorize.Net will upgrade and replace Production certificates for API services starting May 26, 2015. Technical details are provided for solutions connecting to Authorize.Net APIs that may need updates.
To see the full announcement, please see this blog post.
04-24-2015 01:05 PM
Our lower environment stopped working when calling apitest.authorize.net. While investigating I was informed that the Sandbox Environment moved to Dyanmic IP addresses. ( 23.x.x.x) My server is behind a firewall and the Secuirty Team is not comfortable approving PCI requests to any destination on the public net.
Do you have plans to move Production Environment to use Dynamic IP addresses as well?
Thank you, Dave51
04-27-2015 01:01 PM
Yup it will go into production too.
04-27-2015 01:04 PM
Richard,
In this post, you mentioned we need 3 certs.
However, you only mention one cert in this other post (Root 2 - GeoTrust Global CA).
We tested transactions with the test/sandbox API and it works on our production servers (becuase we have Root 2 - GeoTrust Global CA installed). Is there anything else we will need?
04-27-2015 02:06 PM
We recommend everyone install all four certificates mentioned in our blog post, for minimal disruption, whether in Sandbox or Production:
Richard
04-28-2015 09:08 AM - edited 04-28-2015 10:09 AM
I have just confirmed with my Network team that the firewall solution we use only allows IP. I can't create a rule by domain or URL. Do you have a white paper that I can bring to my internal teams ( Network and Security) to find a work around before Dynamic IP is actived in Produciton?
Thank you, Dave51
04-28-2015 10:26 AM
Hello @Dave51
A good reference is this article by Matthew Pascucci of Algosec. In it he emphasizes using a DMZ on the perimeter to control inbound traffic (PCI 1.3.1) and controlling access between your internal systems and the DMZ to control unauthorized outbound traffic to the internet (PCI 1.3.5).
Richard
04-28-2015 01:36 PM
RichardH,
Appreciate the article. My server does sit in a DMZ zone between two firewalls. Will need to have a chat with my Network team.
Thank you, Dave51
04-29-2015 05:19 AM
Update: My Security Team has some concerns on this statement in the article. " Direct connections via IP address are strongly discouraged and will soon be disallowed." They site these reason for their concern and are asking why this direction was chosen.
* Changing to dynamic IP range without any identification of potential scope poses a significant security risk to our data as we cannot acertain with significant reliability our data is going to the correct destination.
* Authorization based on DNS lookup is insecure as these are easily spoofed.
* Is Authorize.net performing any ingress filtering from their customers?
Thank you, Dave51
04-30-2015 07:54 AM
Is there any change for TLS support ? specifically, will TLS 1.0 still be supported ?
04-30-2015 07:57 AM