Jump to content
Rich722

authorize.net changes causing problems

Recommended Posts

On March 31 (yesterday) Authorize.Net began making some changes related to security, starting with the Sandbox ( http://community.developer.authorize.net/t5/The-Authorize-Net-Developer-Blog/Authorize-Net-Begins-Infrastructure-and-SHA-2-Certificate/ba-p/49615 ).  And I (as well as others) discovered yesterday that what was working March 30 was no longer working on March 31 for testing using the Authorize.Net sandbox (I have been using the AIM module, test mode, test cc numbers, and the osCommerce authorize.net module).   I tried asking Authorize.Net about this, and they suggested checking with my host (InMotion).  I did, and they looked into it and responded that they do meet all the stated requirements on their end, and they suggested I ask the supplier of the osCommerce module for Authorize.net.

 

So, I am asking here.   Does something have to change in the osCommerce authorize.net module(s) in order to get working again with Authorize.Net sandbox testing?

 

Thanks

Share this post


Link to post
Share on other sites

To clustersolutions:  As of March 31, 2015, the authorize.net sandbox is NOT the same as the production environment.  Authorize.net is making changes, and starting with the sandbox.

Share this post


Link to post
Share on other sites

@@Rich722. Thanks for the info. I probably wouldn't call this a bunch of changes, just necessary security updates...I found you can download Root 2 GeoTrust Cert here...

 

https://www.geotrust.com/resources/root-certificates/

 

Not a fire for me yet...but it will be once the deadline announcement was made...

 

 

 

To clustersolutions:  As of March 31, 2015, the authorize.net sandbox is NOT the same as the production environment.  Authorize.net is making changes, and starting with the sandbox.

Share this post


Link to post
Share on other sites

@@Rich722 They are just changing which ssl certs will work with their site. All such companies are doing it. Test your site on this page. If it does not show your cert is using SHA1, you should be OK. If it is, you have to upgrade your ssl certificate.

Share this post


Link to post
Share on other sites

@@Jack_mcs  Thanks for the comment and the link, but I still have the problem (and I am a novice when it comes to this security stuff). The link, as best I can tell, is checking the host server setup, which is at InMotion.   When I used the link you provided, in the first section "Server Key and Certificate #1", it says the signature algorithm is SHA256withRSA, which seems okay.  I had also previously asked InMotion to check the details from Authorize.Net, and InMotion said their setup was okay with respect to the changes.  So I don't think my problem is at the server.  I suspect it is somewhere inside the osCommerce authorize.net add-on module, but of course that is mere guessing.   In the osCommerce Admin panel, I tried setting "Verify SSL Certificate" to false, and then that DID work, and I got to checkout_success.  However, when "Verify SSL Certificate" is set to true, I get the display "There is an error processing your credit card. Please try again, and if problems persist, try another payment method."  So it seems (at least to me) that there is something related to SSL that is not right, but it is not at the InMotion server.

Share this post


Link to post
Share on other sites

@@clustersolutions  Thanks for your reply.  Take a look at my response to Jack_mcs for some details.   I am a novice at this.  I don't know whether I want a pem file or a cer file, and once I get it, I don't know where to put it.  I am using the osCommerce add-on module for authorize.net AIM, version 2.1.

Share this post


Link to post
Share on other sites

@@clustersolutions  To add a little bit more to my earlier response to you, I have found two files in my directory tree that might be relevant:  authorize.net.crt (came as part of the osCommerce  authorize.net AIM 2.1 add-on module) and cacert.pem.  It looks to me like the latter one is not used if the first one exists, which it does.

Share this post


Link to post
Share on other sites

Check your authorize.net file to be sure it is not using an IP for connecting. Also, not all authorize.net modules will work in all versions of oscommerce. If you are sure this module was working before, then it should work now. But if you are not sure, it may be the module is not compatible with your shop.

Share this post


Link to post
Share on other sites

@@Jack_mcs  Thanks for your reply.  I had already checked the authorize.net file and it is not using IP addresses.  (Note that it DOES correctly authorize a payment if I set "Verify SSL Certificate" to false, but it won't work if that is set to true.)  Yes, I am sure it worked on March 30 with "Verify SSL Certificate" set to true.  This was also (unfortunately for me) just my first day of successful testing after establishing the authorize.net sandbox account.  And on March 31, it no longer worked, unless I turn off SSL certificate verification.  And my hosting service insists the problem is not on their side.

Share this post


Link to post
Share on other sites

Then I think you need to contact authorize.net and ask them to explain the problem. They can see attempts to connect so they may be able to determine the cause. You could also try a different authorize.net module.

Share this post


Link to post
Share on other sites

@@Rich722, I am running AIM 2.0 and your right that it has problem with the test server. SSL true it works on prod server but not test...will look into it some more and will let u know if I find anything...Tim

Share this post


Link to post
Share on other sites

@@Rich722, look at this block of codes...the pem file should be in the include dir...

 

        if ( file_exists(DIR_FS_CATALOG . 'ext/modules/payment/authorizenet/authorize.net.crt') ) {
          curl_setopt($curl, CURLOPT_CAINFO, DIR_FS_CATALOG . 'ext/modules/payment/authorizenet/authorize.net.crt');
        } elseif ( file_exists(DIR_FS_CATALOG . 'includes/cacert.pem') ) {
          curl_setopt($curl, CURLOPT_CAINFO, DIR_FS_CATALOG . 'includes/cacert.pem');
        }
 

I run the OSCBS and the cacert.pem already included the GeoTrust Root 2 cert...I think mine has to do with my setup...but I will have to spent more time looking at the log file and troubleshoot...I'll do that after Easter weekend...got orders to process and going camping for the weekend...

 

Will keep u posted...or let me know when u find out the issue...thx! Tim

Share this post


Link to post
Share on other sites

@@clustersolutions  THANKS for your response.   It is great to find out that somebody else sees the same problem I do (and I am still stuck).  I also had finally seen the code you listed above.  The way I read that code, though, the pem file doesn't get used unless the authorize.net.crt file is missing; however, at least in my installation, the authorize.net.crt file is indeed there. (And it is the one that came with the osCommerce Authorize.net AIM add-on, version 2.1.)

 

I too won't be working on this over the weekend.

Share this post


Link to post
Share on other sites

Hi Rich

 

You have that right - try renaming the .crt file to something lime .crtxxx and test - the new key that was published on Github by auth.net - https://github.com/AuthorizeNet/sdk-php/blob/master/lib/ssl/cert.pem

 

in response to the thread

 

https://community.developer.authorize.net/t5/The-Authorize-Net-Developer-Blog/Authorize-Net-Begins-Infrastructure-and-SHA-2-Certificate/ba-p/49615

 

is held within the .pem file (or at least it is in the latest osCommerce) - that may do the trick for you

Share this post


Link to post
Share on other sites

Bob,

 

   I tried what you suggested, but still no luck.  I went to Github, got the new pem file, replaced my existing pem file with that one, then renamed that authorize.net.crt file so that the add-on AIM module would not find it and use the pem file instead.  But still it does not get any valid response from authorize.net.  The add-on module provides the following response from authorize.net:

    [x_response_code] => -1

    [x_response_subcode] => -1

    [x_response_reason_code] => -1

 

This is what I have been getting ever since March 31, UNLESS I set "Verify SSL Certificate" to false in the osCommerce admin section for authorize.net.

Share this post


Link to post
Share on other sites

Bob, ClusterSolutions,

 

  My configuration is finally working (!) for the first time since the March 31 security-related changes at authorize.net.   However, I am not completely sure why.  For one thing, I ended up copying that new pem file to both the existing cacert.pem and the authorize.net.crt file (are they functionally the same thing?)  And, I went back to the original default osCommerce pages to test this so that none of my modified osCommerce pages and database would be involved.  Anyway, thanks for the input.

Share this post


Link to post
Share on other sites

@@Rich722...

 

Include the new Root 2 Geo Trust Global CA in the authorize.net.crt file as replacing it will wipe out the other certs...for some reason the Root 2 Geo Trust Global CA isn't in either of the default files. I would just make the change in the authorize.net.crt file and leave the cacert.pem file alone. The if block reads from the authorize.net.crt file or the cacert.pem file.

 

Mines working as well...also make sure that your SSL is SSH2...and follow the Authorize.net instructions you should be good to go...Thx for letting me know! Tim

Share this post


Link to post
Share on other sites

I'm having similar problems as you are describing here. Hopefully, your experience in overcoming them can point me in the right direction. I am using authroize.net AIM module 2.1 (in oscommerce 2.3.4). I am able to run test transaction through my testing account. However, when I try this in the live merchant account, I get the following error:

 

There has been an error processing your credit card

Please try again and if problems persist, please try another payment method.

 

I get this error whether the "Verify SSL Certificate" option is set to true or false. Furthermore, when I test the API Server Connection on the admin side, I get the following error:

 

"Failed! Please review the Verify SSL Certificate settings and try again."

 

So this does appear to be a SSL verification problem. My hosting and SSL certificate are through GoDaddy, but it is a SHA-2 based certificate (see below) so it ought to work...right?

 

"Valid until Tue, 07 Jun 2016 21:32:38 UTC (expires in 11 months and 25 days)

Key RSA 2048 bits (e 65537)

Weak key (Debian) No

Issuer Go Daddy Secure Certificate Authority - G2

Signature algorithm SHA256withRSA"

 

Finally, I have tried to add the Root 2 Geo Trust Global CA to the authorize.net.crt file but this has not helped. In contacting both Authorize.net and GoDaddy multiple times, they both claim that everything is good on their ends (which may or may not be true). Any ideas?

 

Thanks,

Tsentralka

Edited by Tsentralka

Share this post


Link to post
Share on other sites

@@Tsentralka, if you have added the Root 2 Geo Trust Global CA correctly to the authorize.net.crt file then it should work. Why don't you also add it to the cacert.pem file just as well. Other than that you may want to get someone to look at the install if this is causing you conversions...

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×