Cybersource Developer Community Cybersource Developer Community

RichardH · ‎04-24-2015

Authorize.Net will upgrade and replace Production certificates for API services starting May 26, 2015. Technical details are provided for solutions connecting to Authorize.Net APIs that may need updates.

To see the full announcement, please see this blog post.

RichardH · ‎05-26-2015

Hello @phippster

None of the planned upgrades to production occured today. Instead they will be done tomorrow evening May 27th. I've updated the blog post to reflect this change.

Richard

phippster · ‎05-26-2015

@RichardH Thanks -- Would have been wonderful to know that 10 hours ago though....

In the meantime then, api.authorize.net is down. Not pingable from our production boxes. Can't MTR either. It seems to only respond to certain boxes (like my desktop Mac from a Comcast connection.)

All this information would have saved my day if communication would have been forthcoming from Authorize.net today. This has severly impacted our operations today and wasted my entire day.

ping api.authorize.net

PING downloadvpos.authorize.net (64.94.118.84) 56(84) bytes of data.

--- downloadvpos.authorize.net ping statistics ---

12 packets transmitted, 0 received, 100% packet loss, time 11000ms

MTR Report:

Packets Pings

Host Loss% Last Avg Best Wrst StDev

1. hosted-by.datarealm.com 0.0% 0.9 0.6 0.6 0.9 0.1

2. 174.128.25.51 0.0% 0.6 0.6 0.6 0.9 0.1

3. vl-103.core1.scd1.ip.io.com 0.0% 0.6 9.2 0.6 135.3 33.6

4. te-3-2.edge5.scd1.ip.io.com 0.0% 0.6 0.7 0.6 1.1 0.1

5. ???

npiasecki · ‎05-26-2015

Nice point, @phippster. Our monitoring has transitioned to showing outages from Phoenix, Las Vegas, Portland, and Toronto, but many other international locations in Europe and Asia are working. (Our servers are in Chicago and still can't connect nearly 7 hours later.) My guess is some kind of DDoS or routing issue where they have blocked a huge portion of legitimate traffic, and then needed some convincing that they still had a problem. I'm getting tired of the ol' "let's band a bunch of people on Twitter to convince them" charade....

phippster · ‎05-26-2015

I only found out api.authorize.net was down when I finally called support. I don't call support because they've always been useless. I called to close my accounts when they told me they're down. Way to hose customers. But you are right, authorize.net doesn't care and has never been responsive or upfront. We can only move on and maybe setup the domain authorizenet.sucks to warn others.

sramcse · ‎05-26-2015

@RichardH We hosted our payment server in linux server. Its run in apache.

When authorize .NET had done security upgrades in sandbox environment.We faced the connection issue,So to make it work we just replaced the cert.pem file inside authorize .net lib/ssl in test environment.cert.pem file i got from mozilla.cert.pem hold all root certiifcates including EnTrust & Global certificates.

The solution i got from stackoverflow.

In Authorize .NET, by May 27th security certificate upgrade happens in production, So what exactly we need to do that makes production environment proper.can you tell us that cert.pem file replacement in production environment is sufficient or have to do any other additional things?.Inform us about exact time when security upgrade happens.

API services to use EnTrust’s SHA-256, 2048-bit certificate.So, should root certificate of this contain in cert.pem file?

OIT-AuthNet · ‎05-27-2015

Hi @RichardH,

Can you confirm that latest PHP SDK PEM file is the correct certificate to use in both Sandbox and Production after you start certificate upgrades tonight.

https://github.com/AuthorizeNet/sdk-php/blob/master/lib/ssl/cert.pem

MD5 (cert.pem) = c2b4aa1a80a30fd08357545d9cac6443