Yesterday, March 1, 2011, between 6:30PM and 9:30PM US Eastern, my system log files show that the SSL certificate returned by the production Authorize.net API server was reporting as being invalid (specifically, that they could not be verified). This error was reported to occur on 42 separate requests between those hours.
Did anyone else see an issue?
It doesn't appear as though the api.authorize.net SSL certificates are any different today than they were two days ago:
Common Name: *.authorize.net
Issuing CA: Entrust Certification Authority - L1C
Organization: Cybersource Corporation
Valid from March 31, 2010 to March 30, 2012
Key Size: 1024 bits
Have you validated that your server is using the most up-to-date certificate? Try adding an EnTrust CA certificate to the Web server(s) impacted, and then see if the connection will work properly.
Check out this link for more info on how to update your Web servers to support EnTrust for SSL.
Developer Community Manager
We are still having this problem. This should be headline news on your website, and a major broadcasted email for all customer integrations. We are just getting to the bottom of all of our rejected transactions. We didn't realize this was such a persistent problem that required action on the part of our host to point to your new SSL certificate provider. No officense to Authorize.net's hard working developmen team, but somebody dropped the ball on this, and then they dropped it again. The 101 for anyone responsible for managing a server is not letting the SSL pass due, and then re-new it with a new provider (maybe to save a FEW bucks) which causes long term transaction failtures? to be honest, we don't know how much we have lost, but it could highly significant sums.
PS We have asked our host today to find this Entrust website page which apparently gives instructions on how to make sure our servers are correctly finding the new SSL certificate for Authorize. net. I took a look at the page, and it seemed to be for companies installed an Entrust certificate, which we are not doing.