cancel
Showing results for 
Search instead for 
Did you mean: 

Timeouts posting XML after certificate upgrade

Having a bugger of a time here. We had a windows 2000 server with IIS5.0 working like a champ for a decade...then the A.N certificate updrade killed it. Upgraded our server to 2008 r2 with IIS7.5. We're using classic asp. I'm trying to use XML post and the thing keeps timing out on me. Posting to the test server works sweet...comes back fast, but in production I get the following:

 

using Msxml2.ServerXMLHTTP.6.0:

 

msxml6.dll error '80072ee2'

The operation timed out

 

using Microsoft.XMLHTTP:

 

msxml3.dll error '800c000b'

The operation was timed out.

 

Server has all the new certificates and got an A from www.ssllabs.com test (happy about that at least)

Clearly something is not right and it's likely very easy, but I'm stumped

 

Here's the post code

 

Dim xml
Dim strStatus
Dim strRetval
Set xml = Server.CreateObject("Msxml2.ServerXMLHTTP.6.0")

xml.Open "POST","https://secure.authorize.net/gateway/transact.dll?" & vPostData & "",false

xml.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"

xml.send ""

strStatus = xml.Status
strRetval = xml.responseText
Set xml = nothing

 

Someone must know the easy answer.  My small brain cannot find it.

jayada
Contributor
28 REPLIES 28

Do you have a proxy setup?  It uses different settings than IE.  Can IE go to the https://secure.authorize.net site?

kabutotx
Regular Contributor
No proxy.
We use godaddy for the certificate chain, however all recommended certificates are installed. Is there a new encryption required to encrypt the XML string before posting it something? The test server and production ought to be the same, but clearly and frustratingly they are not.

1. This has nothing to do with your own SSL certificates.  This is an update of Authorize.net's SSL certificates.  So don't worry about those.

2.  Did you try IE to browse to https://secure.authorize.net ? This will test at least basic communications and that your system can recognize Authorize's new SSL Certs and ciphers.  It should since 2008r2 is newer. On anything above 2003 you shouldn't even need to import the certificates.

3.  When you say "test server" are you talking about a whole new physical server or test.authorize.net?  test.authorize.net uses a different SSL certificate chain than secure.authorize.net.

4.  Try Microsoft.xmlhttp or at least the sample.asp in the SDK.  I think this call is older and uses a different communication pathway than serverXMLHTTP.

kabutotx
Regular Contributor

IE CANNOT access secure.authorize.net which is likely a huge clue...clearly a security issue, which seems to be beyond my IQ and pay grade.

 

Using either serverXMLHTTP or Microsoft.xmlhttp result the same timeouts...those errors are in the OP...but I would expect this will be solved with the IE connection problem. The system should be totally cool with security with all certificates meeting or exceeding new standards.

Talk you to your network person to see if they are blocking the site or ip. Can the server access any https site? are the windows updates current?

 

maybe to browswer settings issue, can you try with another browser?

 

did you use the IE buildin developer tool network traffic to see what the error is?

-Sites are not being blocked. 

-I Cannot access https://secure.authorize.net from either IE or Chrome on the affected server. I can see many other https sites, but not secure.authorize.net

-F12 provides little information...just a timeout. with no other errors

-Doing a traceroute for secure.authorize.net stops at  10ge15-7.core1.ash1.he.net [184.105.213.197] which is the fifth hop

-I set IE security to the lowest level...all efforts are still not allowing the affected computer to access https://secure.authorize.net

 

Again this is a new install of Windows server 2008R2. It now has service pack 1 with all updates.  All certificates are per Authorize.net spec.  TLS 1.2 endbled, TLS 1.1 and 1.0 disabled. SSL3.0 and SSL2.0 disabled. (I enabled all that to try to get a connection without success, so now they're all off again)

 

-SSLLabs gives the server an A for security, just like Authorize.net wants. Still cannot connect.

 

Thoughts??

-Lowering IE security to the lowest still doesnt allow access to connect to Authorize.net. 

-By test server I meant posting the XML string by sending the the test authorize.net site at https://test.authorize.net/gateway/transact.dll?. THAT works perfect. Great connection, great response...no problems. Changing the URL within the same page to https://secure.authorize.net/gateway/transact.dll? will not connect.

-Putting the test URL in a browser works great

-Putting the secure production URL in a browser will not connect 

-F12 is no help...just shows a long timeout with no error coming back aside from the generic one ERR_CONNECTION_RESET or ERR_CONNECTION_TIME_OUT

 

I'm not only stumped but down and stumped. Any help would be greatly appreciated

secure.authorize.net uses totally different SSL certificates, so I think that is the problem.  In IE, can you connect and click on the lock icon?  I think you can click on the Certificate Path tab and it will show what cert isn't working.  I would assume the Entrust G2 certificate.  It needs to be added to Third Party Root Ceritificate section.  You can check the Certificate mmc add-in.

kabutotx
Regular Contributor

IE cannot connect to secure.authorize.net at all. Times out. It does connect to test.authorize.net without trouble, so I cannot find certificate info for secure.Authorize.net. 

All certificates are propelry in place.

Still no joy