Authorize.Net will upgrade and replace Production certificates for API services starting May 26, 2015. Technical details are provided for solutions connecting to Authorize.Net APIs that may need updates.
To see the full announcement, please see this blog post.
04-24-2015 01:05 PM
UPDATE: We got it to work again with ColdFusion 8.0.1 on an older windows 2003 server. Importing the 3 Entrust certs into the JRE certificate store and then rebooting the server did the trick. Don't bother importing into the Windows certificate stores (Personal, Computer, etc.) as Cold Fusion 8 does not look there. Also, when I ran the keytool to import the certs, it prompted that one of the certs already existed in the store but it gave an option to import anyway, which I did.
There is hope...
05-28-2015 11:48 PM
I got it to work with CFX_HTTP5, but it was a painstaking process to switch all our code to do a form submit.
Works at least....glad to see you got it working without..i didn't reboot my server, but restarted services...and that didn't help...i'm not going to reboot now since it's working..but will try that later.
05-29-2015 12:23 AM
omg, holy moly....i got this working, i've been working on this for 14 hrs, with no help from authorize.net. i called them about 5 times and of course they were clueless and of course no help from their forum moderators. but some of the posts from other helpful CF users got me thinking more and on the right track. i kept thinking it was an issue with the CFHTTP protocol. It comes down to having to install the certificate to the java keystore. i'd never done this before myself, but found a great video right here that explains how to do it:
https://www.youtube.com/watch?v=ewT4aud-xww
I had already installed all the certs to the server, but of course that didn't work as many of you know. For CFHTTP on CF9 and below you sometimes have to install the certificate in the java keystore, if it's not in there CF will give you a connection refused. To get this working I only installed the Entrust G2 root certificate (entrust_g2_ca.cer)
Here is my exact code I used in the command prompt on my Windows 2008 server (this works for CF9 as well, as I did it on my development server, just change the ColdFusion8 to ColdFusion9). Also a tip, when you open command prompt, right click on it and 'Run as administrator', otherwise it will give you an error.
C:\ColdFusion8\runtime\jre\bin\keytool -import -trustcacerts -keystore C:\ColdFusion8\runtime\jre\lib\security\cacerts -storepass changeit -noprompt -alias entrust_g2 -file D:\entrust_g2.cer
Watch the youtube video though as it explains what each thing means, as you'll need to name your cert and path properly in the command prompt, but basically mine was on the D drive and named entrust_g2.cer
We charge about 15K per day in credit cards and we were not able to process credit cards for 26 hrs total, I lost about 10K in profits because of authorize.net's inept rollout of this update. I had zero idea about this update, never received one email about this update, literally just found out about it the next morning when all my customer service is telling me no orders are going thru or getting charged. After 10 years with authorize.net it's obviously time to look for a replacement and just keep them as the secondary backup.
With my lost profits because of this I will no longer be going to hawaii on my honeymoon, instead we're headed to death valley with a 12 pack, thanks a lot authorize.net.
05-29-2015 01:03 AM
This worked for me too! Thank you 1 million times seeraig. I would like to buy that 12 pack for you!
05-29-2015 03:23 AM
haha, authorize.net should be buying us all 12 packs, and not the cheap stuff either. i'm glad I could help as I know how frustrating this was and what a huge time waster for everyone, not to mention all the lost revenue.
at least there was this forum for us to get to the bottom of things....
05-29-2015 03:26 AM
A note to Authorizenet. We have been running through your gateway for 8 years and never had a problem. When I say never had a problem, I mean we literally had zero problems. There are simply no excuses to hide behind for this. If it was a simple hiccup that had our systems down for less than an hour, I would completely understand. However, there has been a complete lack of planning with this update. We could not submit orders for 30 hours!
No, we did not receive any notices from you. Perhaps they went to junk folders or maybe we just simply missed them. And the link you have in the user interface is barely noticeable. I am in there every day looking at transactions and never noticed it. The phone support you have is horrible. No one knows anything and no one wants to help because no one cares. The lax approach from the moderators on this forum is pathetic. Leaving solutions to problems you create to be solved by your customers is disgusting.
05-29-2015 03:51 AM
I couldn't have said it better, I too am in there and didn't notice anything or receive any emails and I'm very on top of emails. Plus when I did go call them, their support was crazy bad. The first guy I talked to told me that I had to set a new transaction key and that was the problem, unbelievable....he had no clue that they even did an upgrade. When I called back an hour later, the next person did know right away that it was because of their upgrade, but of course she was still clueless on how to help and steered me in the wrong direction. The 3rd time I called they instructed me to call Entrust to have them resolve my problem, when I called them they told me they couldn't help me because I wasn't a direct customer. So it was just a comedy of errors, except I wasn't laughing as I was losing tons of money.
I'm not joking or exaggerating when I say I've processed over 25 million thru authorizenet, and haven't had too many issues, but I realize now when there are issues, they are not going to help and you'll basically be on your own to fix any technical issues. I guess I am partly to blame, with all the transaction processing I should have had a better backup gateway and should have had an upgraded CF server, but it's the old saying, when it's not broke why fix it. But i've realized that authorize.net's customer/technical service is also broke.
Authorize.net has long supported CF, over 10 years ago they had plenty of sample CF code to integrate AIM. So they know they have a lot of CF users, yet they obviously did not test their upgrades with CF9 or CF8, which they have to know is being used by lots of their users. And some tiny notice a few weeks before an upgrade like this, that affects businesses' total transaction processing, is completely unacceptable.
05-29-2015 04:17 AM
Another note to Authorizenet:
You should have had an alternative gateway available that you could have directed us to. Being blinsided is one thing, but not having a temporary option for anyone that was not ready has really made this a black hole in your planning. Many of us are 1, 2 or 5 man shops that deal with certificate issues once a year and are not well versed in it.
On a related note, can anyone suggest alternative gateways that we can start looking at. At this point it would be as a backup, but who knows what the eventual outcome may be.
05-29-2015 04:45 AM
THANK YOU! Where do we send the beer money? :smileyhappy:
Just updated several CF8 installations on Windows Server 2008 (64 bit) and one Windows Server 2003 (32 bit). Worked in all cases.
Note: You do NOT need to import the entrust_g2_ca.cer into the Windows Certificate Store, just import into the Java machine. And that cert is the only one you need.
05-29-2015 06:45 AM
seeraig & obiwebkenobi:
How did you determine that "Entrust G2 root certificate (entrust_g2_ca.cer)" was the only certificate that needed to be installed?
When I look at the (4) certificates that Authorize.net recommended to be installed, the G2 is not even one of them.
We are using CFMX7. I hope this works for us.
Thanks.
05-29-2015 07:02 AM