Showing results for 
Search instead for 
Did you mean: 

Production Certificate Upgrades begin May 26, 2015

Authorize.Net will upgrade and replace Production certificates for API services starting May 26, 2015. Technical details are provided for solutions connecting to Authorize.Net APIs that may need updates.


To see the full announcement, please see this blog post.

Administrator Administrator
172 REPLIES 172

Can someone explain to me what I need to do in plain english?  I am working with Plesk through a hosted site.  Do I just need to add the 5 certificates in the blog post to my site?


I'm very confused and frustrated.  Our SSL is already SHA-2 and 2048 bit.

@kabutotx - did you use the latest JAVA keytool but the "old" Coldfusion Java directory?


I downloaded the java 1.4.2_19 and still got the same error...

Yep.  The only thing you use from the newer Java is the keytool.exe.  You still point it to your Coldfusion's jre security directory for updating the cacerts with the '-keystore'.  I used the latest 1.8 but I think 1.6 or higher is fine.

Regular Contributor


I don't know much about Plesk.  This has NO affect on your SSL.  This is a change in talking to Authorize.Net using AIM or SIM APIs.  This will mainly affect Java 1.4 to Java 1.6 based apps.  For example most seem to have problems with older Coldfusion servers which is basically a Java application.

Regular Contributor

@Andrew86  I think you're having the same problem I had.  If that is the case, you cannot fix it on your own.  These certificates have to be uploaded to the server, which you don't have access to.  


Contact your hosting company and explain the problem  Ask them about the age of the server and the operating system.  In my case, my site was hosted on a server from 2003 and the OS (operating system) was outdated and would not handle these changes.  They migrated my site to a newer server and I was back in business immediately.  The way they explained it - the newer server already had these security requirements in place.  

I have been using for 3 months and I have to say this was fun, days of downtime, no help from, a developer and the hosting company as well as an office manager working on it (yes we have all the correct and up to date certs ect) .. in the end we just switched to a processor who uses usaepay better rates.. simply plugged it in and got back up and running.. thanks for the good times I will not be back.

What type of server is your CFMX7 runnning on--Windows or Linux?

I had our host update our Plesk environment similar to what you explained, Rachel.  We were on 2003 and went to a 2012 with TLS 1.2 updated.  


We tried getting the new certtificates online with no luck.  


I have no problem working through issues, but the fact that we had no time to plan for this and lost 6 days worth of sales is ridiculous to me.  We switched to Converge in about 15 minutes and are back accepting orders.


I just want another record on here showing how lost another customer.  Their phone support is literally the worst I have ever worked with in my 9 years of IT.  Half of them didn't even know about the issue and the ones that did just read me the blog post like it was written in Greek to them.  I'm very happy to never have to deal with them again.

Has anyone successfully managed to upgrade a Windows Server 2003/IIS 6.0 server to meet the new requirements? According to a Ben we spoke with moments ago in merchant support, TLS 1.0 is still supported for the time being, which is the maximum version that Windows Server 2003 can support. Our servers have all of the certificates installed and are all SHA-2 compliant from what we can discern.


We're readying a new server to migrate to but at least a month (likely longer) from being able to migrate to our new server environment... and if it's not possible to resolve this from our existing server, we will have to find an alternative provider. 


If this change had been effectively publicized in any manner outside of's website, we might have been able to speed our server migration up, but there was none.


Can anyone help/confirm this issue?