cancel
Showing results for 
Search instead for 
Did you mean: 

Verified Merchant Seal via SSL

We ran into a weird issue on our site involving the Verified Merchant Seal when using SSL but only when using iOS with Safari (and possibly stock android browser on older versions of android).

 

if you visit this page:

 

https://www.letspool.com/test.php

 

You will notice that most (if not all) of the major desktop browsers display the seal without issue (Chrome, Safari, IE, and Firefox have been tested). The issue becomes when using Safari on an iPhone or iPad to visit the same page. Notice how the AuthorizeNet seal doesn't show up. This works with Chrome on iOS on the iPhone (haven't tested with the iPad).

 

I went ahead and used remote debugging with the iPhone and a MacBook Pro. When I check the Networking tab in the Dev Tools it shows that verify.authorize.net doesn't have a trusted certificate.

 

I tested with 2 iphones: iOS 6 with Safari 8536.25 and the most up to date iOS 7 and most up to date Safari.

 

Note: This is only an SSL issue. If I were to go to http:// as opposed to https:// then the image would load fine.

Note 2: The snippet provided from Authorize.Net has a script src of //verify.authorize.net/etc. On my test page I forced it to SSL just for testing/verification. I can gladly remove the https: from the src if anybody thinks that matters.

letspool
Member
2 REPLIES 2

Sorry I didn't get to this post sooner. We discourage modifying the Verified Merchant Seal code--it's in the terms and conditions for the VMS, I believe--but the issue isn't just with forcing SSL through the code.

 

We're still investigating the issue, but what we know is that it appears to be related to the security chain. Also, it does not impact most web browsers, as you note. It does impact Android's stock browser, however. It also impacts Firefox in certain circumstances--Firefox can obtain the missing intermediary certificate from a site that hosts it, and store it to apply later on other sites, but doesn't come with the intermediary and thus can fail SSL certirficate checks.

 

We're working with our CDN to resolve the matter and I'll try to keep you updated.

--
"Move fast and break things," out. "Move carefully and fix what you break," in.
Lilith
Administrator Administrator
Administrator
I apologize for not replying sooner, but I believe we've resolved the CDN SSL issue. I am no longer able to duplicate the issue in the Android stock brower or in Firefox.
--
"Move fast and break things," out. "Move carefully and fix what you break," in.