Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

When will the cert.pem file be updated to reflect the Entrust to DigiCert SSL migration? #465

Open
gellieann opened this issue Sep 30, 2024 · 16 comments
Open

When will the cert.pem file be updated to reflect the Entrust to DigiCert SSL migration? #465

gellieann opened this issue Sep 30, 2024 · 16 comments

Comments

@gellieann
Copy link

We are using this php sdk in our application, so we will be waiting for the updated file.

Thank you.
@hikashop-nicolas
Copy link

Same here. Please update the SDK with the new certificate.

This was referenced Sep 30, 2024
Closed
Open
@demeritcowboy
Copy link

demeritcowboy commented Sep 30, 2024
edited
Loading

I've submitted a pull request with the latest cert.pem available: #466

One thing I don't understand from the update notice: https://support.authorize.net/knowledgebase/Knowledgearticle/?code=KA-05545. It sounds like both the sandbox and production will switch at the same time, so how are you supposed to test it ahead of time? I checked and the sandbox still seems to have the Entrust cert (see below). But I can see that the new cert.pem has both the old entrust cert and new digicert cert.

> openssl s_client -connect apitest.authorize.net:443 -showcerts
CONNECTED(000001BC)
depth=2 C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2009 Entrust, Inc. - for authorized use only", CN = Entrust Root Certification Authority - G2
verify return:1
depth=1 C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2012 Entrust, Inc. - for authorized use only", CN = Entrust Certification Authority - L1K
verify return:1
depth=0 C = US, ST = California, L = Foster City, O = Authorize.Net, CN = *.authorize.net
verify return:1

@sdserage
Copy link

sdserage commented Oct 9, 2024
edited
Loading

A member of my team received this email from authorize.net's support:

Thank you for contacting Authorize.net. We appreciate your continued trust in our service. I'm here to assist you with your query about the DigiCert SSL Certificate Migration.

As your gateway bridge, ensuring the security and legitimacy of each card transaction and information is our top priority. We're transitioning our SSL/TLS certificates from Entrust to DigiCert due to

DigiCert's strong reputation for providing highly secure and reliable SSL certificates. DigiCert meets stringent industry standards and offers advanced security features, which are crucial for a payment gateway like Authorize.net.

If you utilize Authorize.net APIs and endpoint URLs on your website or application, you will need to update and integrate the newly issued Root and Intermediate (CA) SSL certificates from DigiCert before the scheduled revocation dates to avoid disruptions.

Regarding your concern about updating SDKs or making changes in the code, there's no need for any updates as this change only affects websites/payment systems using Authorize.net APIs and endpoint URLs.

To test before the certificate release date, you can use the Sandbox URLs: test.authorize.net or apitest.authorize.net.

For more detailed information, refer to our Knowledge Articles via Support.Authorize.net

  • Entrust to DigiCert SSL Certificate Migration (Article number KA-05545)
  • Where can I find the latest version of Authorize.net's server-level SSL certificates? (Article 000003009)

We hope this clarifies your query. If the information provided meets your needs, please close this Support Case. Otherwise, add an update to this Support Case with your follow-up questions so we can further assist you.

For more information, visit the Authorize.net Knowledge Base at https://support.authorize.net/, available 24x7.

For details regarding our privacy practices, visit the privacy page at Authorize.net.

This seems wrong. I want to make sure the SDK really is up to date or if we will need to manually add the certs before the 23rd/24th.

@demeritcowboy
Copy link

I tried their tech support earlier but it's just a bot, or someone blindly copying chatgpt answers.

The best I can figure, assuming the reference to Digicert Global Root G2 is correct, is that that root certificate is already in the cert.pem in the SDK and so should be fine when they switch the server certificate. PR #466 is an updated version of all the root certificates, but has the same Digicert Global Root G2, so the PR likely isn't required here, just it's nice to have a newer file than 2018.

I honestly don't understand why they haven't planned to switch the server certificate in the sandbox earlier than the live servers so that everyone can verify their integration in the sandbox first.

@gellieann
Copy link
Author

Have anyone seen the certificate attached in the updated article "Where can I find the latest version of Authorize.nets server-level SSL certificates?" ?

@demeritcowboy Do you think the certificate needs to be updated with this again?

@demeritcowboy
Copy link

It's the same cert that's already in the current file.

@gellieann
Copy link
Author

It's the same cert that's already in the current file.

For the Root DigiCert Certificate yes, but the Intermediate DigiCert Certificate seems to be different.

@bearinaustin
Copy link

@demeritcowboy so if we apply the pull you listed above with the updated cert.pem we should be good right? I'm flabbergasted as to why there is no sandbox test period :(

@demeritcowboy
Copy link

@gellieann The intermediate certs don't go in the root file. You usually only need to do something with intermediate certs if you have some kind of specialized integration that needs it.

@bearinaustin At the moment I don't think anybody needs to do anything since the old file already has the root cert for the new server cert. I didn't notice that when I first made the PR, so the updated cert.pem is just a nice-to-have.

@gellieann
Copy link
Author

@demeritcowboy Thank you for clarifying.

@gregorysandoval
Copy link

If I read the KB article correctly, it does not seem that any of the Accept CDN / API endpoints are affected though that seems odd to me?
https://support.authorize.net/knowledgebase/Knowledgearticle/?code=KA-05545

I suppose I can inspect the certificate chain via SSL Labs and see if they are using the Entrust root and intermediary certificates or wait to see if there is any interruption after the cutover. But it would be nice if the KB article simply clarified this?

https://jstest.authorize.net/v1/
https://jstest.authorize.net/v3/
https://js.authorize.net/v1/
https://js.authorize.net/v3/

@gellieann
Copy link
Author

So, it turns out we didn't really have to update anything since the new DigiCert certificate are already in the cert.pem. I will be closing this thread now.
Thank you everyone.

@demeritcowboy
Copy link

Yes probably but also authorize.net hasn't actually changed the server certs yet. The servers are still using the old Entrust one.
¯\_(ツ)_/¯

@gellieann
Copy link
Author

Yes probably but also authorize.net hasn't actually changed the server certs yet. The servers are still using the old Entrust one. ¯\_(ツ)_/¯

What the heck??

@demeritcowboy
Copy link

Indeed.

I see they've updated the article today: https://support.authorize.net/knowledgebase/Knowledgearticle/?code=KA-05545

So now January, but they still don't appear to be scheduling a period where you can test in the sandbox for a while before the live change.

@gellieann
Copy link
Author

Indeed.

I see they've updated the article today: https://support.authorize.net/knowledgebase/Knowledgearticle/?code=KA-05545

So now January, but they still don't appear to be scheduling a period where you can test in the sandbox for a while before the live change.

Thank you for this! I guess we'll just have to wait for more updates.
I will reopen so to let everyone know.

And just when I thought this is over...

@gellieann gellieann reopened this Nov 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@demeritcowboy @bearinaustin @hikashop-nicolas @sdserage @gellieann @gregorysandoval