Yesterday, March 1, 2011, between 6:30PM and 9:30PM US Eastern, my system log files show that the SSL certificate returned by the production Authorize.net API server was reporting as being invalid (specifically, that they could not be verified). This error was reported to occur on 42 separate requests between those hours.
Did anyone else see an issue?
It doesn't appear as though the api.authorize.net SSL certificates are any different today than they were two days ago:
Common Name: *.authorize.net
Issuing CA: Entrust Certification Authority - L1C
Organization: Cybersource Corporation
Valid from March 31, 2010 to March 30, 2012
Key Size: 1024 bits
03-02-2011 06:38 AM
we noticed this same issue yesterday around the same time in our system log files. i emailed customer support about it but thus far no response on the issue.
03-02-2011 01:50 PM
Thanks for the feedback. Please let me know if you ever hear anything back. Invalid certificates are an exceptionally scary thing, especially for a credit card processor. ;)
03-02-2011 05:51 PM - edited 03-02-2011 05:51 PM
I can confirm we experienced this issue as well. First occurrence was at 6:08pm EST and last was at 9:34pm EST on 3/1/2011.
03-04-2011 08:59 AM
We've been unable to consistently establish SSL connections as well with Auth.Net. Is there a case number open with them I can tag onto?
04-06-2011 09:49 AM
Have you validated that your server is using the most up-to-date certificate? Try adding an EnTrust CA certificate to the Web server(s) impacted, and then see if the connection will work properly.
Check out this link for more info on how to update your Web servers to support EnTrust for SSL.
Thanks,
Michelle
Developer Community Manager
04-08-2011 04:03 PM
We are still having this problem. This should be headline news on your website, and a major broadcasted email for all customer integrations. We are just getting to the bottom of all of our rejected transactions. We didn't realize this was such a persistent problem that required action on the part of our host to point to your new SSL certificate provider. No officense to Authorize.net's hard working developmen team, but somebody dropped the ball on this, and then they dropped it again. The 101 for anyone responsible for managing a server is not letting the SSL pass due, and then re-new it with a new provider (maybe to save a FEW bucks) which causes long term transaction failtures? to be honest, we don't know how much we have lost, but it could highly significant sums.
PS We have asked our host today to find this Entrust website page which apparently gives instructions on how to make sure our servers are correctly finding the new SSL certificate for Authorize. net. I took a look at the page, and it seemed to be for companies installed an Entrust certificate, which we are not doing.
Blu Atwood
FiftyFlowers.com
05-23-2011 03:28 PM