Rich722

@@clustersolutions Thanks!

Bob, ClusterSolutions, My configuration is finally working (!) for the first time since the March 31 security-related changes at authorize.net. However, I am not completely sure why. For one thing, I ended up copying that new pem file to both the existing cacert.pem and the authorize.net.crt file (are they functionally the same thing?) And, I went back to the original default osCommerce pages to test this so that none of my modified osCommerce pages and database would be involved. Anyway, thanks for the input.

Bob, I tried what you suggested, but still no luck. I went to Github, got the new pem file, replaced my existing pem file with that one, then renamed that authorize.net.crt file so that the add-on AIM module would not find it and use the pem file instead. But still it does not get any valid response from authorize.net. The add-on module provides the following response from authorize.net: [x_response_code] => -1 [x_response_subcode] => -1 [x_response_reason_code] => -1 This is what I have been getting ever since March 31, UNLESS I set "Verify SSL Certificate" to false in the osCommerce admin section for authorize.net.

@@clustersolutions THANKS for your response. It is great to find out that somebody else sees the same problem I do (and I am still stuck). I also had finally seen the code you listed above. The way I read that code, though, the pem file doesn't get used unless the authorize.net.crt file is missing; however, at least in my installation, the authorize.net.crt file is indeed there. (And it is the one that came with the osCommerce Authorize.net AIM add-on, version 2.1.) I too won't be working on this over the weekend.

@@Jack_mcs Thanks for your reply. I had already checked the authorize.net file and it is not using IP addresses. (Note that it DOES correctly authorize a payment if I set "Verify SSL Certificate" to false, but it won't work if that is set to true.) Yes, I am sure it worked on March 30 with "Verify SSL Certificate" set to true. This was also (unfortunately for me) just my first day of successful testing after establishing the authorize.net sandbox account. And on March 31, it no longer worked, unless I turn off SSL certificate verification. And my hosting service insists the problem is not on their side.

@@clustersolutions To add a little bit more to my earlier response to you, I have found two files in my directory tree that might be relevant: authorize.net.crt (came as part of the osCommerce authorize.net AIM 2.1 add-on module) and cacert.pem. It looks to me like the latter one is not used if the first one exists, which it does.

@@clustersolutions Thanks for your reply. Take a look at my response to Jack_mcs for some details. I am a novice at this. I don't know whether I want a pem file or a cer file, and once I get it, I don't know where to put it. I am using the osCommerce add-on module for authorize.net AIM, version 2.1.

@@Jack_mcs Thanks for the comment and the link, but I still have the problem (and I am a novice when it comes to this security stuff). The link, as best I can tell, is checking the host server setup, which is at InMotion. When I used the link you provided, in the first section "Server Key and Certificate #1", it says the signature algorithm is SHA256withRSA, which seems okay. I had also previously asked InMotion to check the details from Authorize.Net, and InMotion said their setup was okay with respect to the changes. So I don't think my problem is at the server. I suspect it is somewhere inside the osCommerce authorize.net add-on module, but of course that is mere guessing. In the osCommerce Admin panel, I tried setting "Verify SSL Certificate" to false, and then that DID work, and I got to checkout_success. However, when "Verify SSL Certificate" is set to true, I get the display "There is an error processing your credit card. Please try again, and if problems persist, try another payment method." So it seems (at least to me) that there is something related to SSL that is not right, but it is not at the InMotion server.

Here is a link to what Authorize.Net says they are doing: https://community.developer.authorize.net/t5/The-Authorize-Net-Developer-Blog/Authorize-Net-Begins-Infrastructure-and-SHA-2-Certificate/ba-p/49615

Try this link: http://community.developer.authorize.net/t5/The-Authorize-Net-Developer-Blog/Authorize-Net-Begins-Infrastructure-and-SHA-2-Certificate/ba-p/49615

Harald, On March 31, 2015, Authorize.net made changes to the sandbox environment (and these changes will be also made to the production environment when everything checks out). I had just started trying to set up a website using osCommerce and Authorize.net's AIM module the day before, and I was successful in getting an authorization (testing in the sandbox, text mode, test cc numbers, and using the osCommerce AIM module 2.1). However, as of March 31, I am not successful, getting the message "There has been an error processing your credit card. Please try again and if problems persist, please try another payment method." I then tried by changing the "Verify SSL Certificate" from true to false. That DID work. But I don't want to go to production with that. Is AIM 2.1 the latest version? If so, does it still work with the Authorize.net sandbox environment? Thanks for any suggestions you might have.

To clustersolutions: As of March 31, 2015, the authorize.net sandbox is NOT the same as the production environment. Authorize.net is making changes, and starting with the sandbox.

On March 31 (yesterday) Authorize.Net began making some changes related to security, starting with the Sandbox ( http://community.developer.authorize.net/t5/The-Authorize-Net-Developer-Blog/Authorize-Net-Begins-Infrastructure-and-SHA-2-Certificate/ba-p/49615 ). And I (as well as others) discovered yesterday that what was working March 30 was no longer working on March 31 for testing using the Authorize.Net sandbox (I have been using the AIM module, test mode, test cc numbers, and the osCommerce authorize.net module). I tried asking Authorize.Net about this, and they suggested checking with my host (InMotion). I did, and they looked into it and responded that they do meet all the stated requirements on their end, and they suggested I ask the supplier of the osCommerce module for Authorize.net. So, I am asking here. Does something have to change in the osCommerce authorize.net module(s) in order to get working again with Authorize.Net sandbox testing? Thanks