• Resolved pe4manz

    (@pe4manz)


    Recieved this from Authorize.net:

    Authorize.net?is updating the SSL/TLS certificates used for secure communication with our systems. This change affects both browser-based and server-to-server interactions.?

    Who is being affected: Merchants who utilize Authorize.net APIs and endpoint URLs in their websites or applications will need to make updates. They will need to integrate and use the newly-issued Root and Intermediate (CA) SSL certificates from DigiCert. This should be done before the scheduled revocation dates to avoid disruptions.

    What you need to do:?You must integrate and use the newly-issued Root and Intermediate (CA) SSL certificates from DigiCert by October 24 to avoid any disruptions. To help you fight fraud, AFDS is automatically enabled on your account, which gives you access to many powerful fraud filters.

    Is this something you need to do at the plugin level or something we need to address at the server level?

Viewing 15 replies - 1 through 15 (of 17 total)
  • chumidor

    (@chumidor)

    I’d like to know this too. Got the same email

    oscyberdogz

    (@oscyberdogz)

    Should we get and install a DigiCert SSL certificate to be able to work with the plugin – Authorize.NET service?

    invouq

    (@invouq)

    Here’s a link to the Knowledge Article from Authorize.net.

    It’s unclear if WordPress plugin users need to take any action. Please advise.

    Jesterman

    (@jesterman)

    Yes, please advise.

    Plugin Author mohsinoffline

    (@mohsinoffline)

    @all

    This should not impact the plugin. However, we will still follow the developments and will make any necessary changes to the plugin in advance in case there is a need.

    oscyberdogz

    (@oscyberdogz)

    Is still unclear for me

    What If our server’s SSL/TLS certificates do not include DigiCert certificates, which are required by Authorize.Net (or at least thats what I understand), Do we need to install the SSL certificates issued by DigiCert.?

    Plugin Author mohsinoffline

    (@mohsinoffline)

    Basically the plugin itself uses WP’s built in wp_remote_post() function to send the API requests and does not specify a certificate to be used. This, to my knowledge would use the root certificates installed on your server. It is best to check with your hosting if the change of SSL/TLS certificates on Authorize.Net’s side would affect the site’s communication with the API endpoints listed below:

    Sandbox: apitest.authorize.net
    Production: api.authorize.net

    @mohsinoffline yeah, I know that the plugin is good about the SSL/TLS changes. Honestly, I was expecting a little support on this because the message from Authorize.NET says that we must get a DigiCert certificate to be able to establish the connection with their endpoints. I think I’m going to follow that path, but if you get to know something about it, please spread the word on this, it would help us a lot, In the end we use your plugin because it works great, and maybe the SSL issue isn’t a plugin thing, but could lead to fail the usage of it.

    So my client got this digicert notification too so i just switched him to this plugin here for taking authorize.net payments. (He was using the old woothemes abandoned authorize.net AIM plugin) anyway…So are we saying that this digi cert requirement is a “non issue” with this plugin and we can ignore this notification? Currently we obviously use a legit fully signed Let’s Encrypt ssl certificate in our autossl Cpanel environment. But based on the developer’s response here, it seems to not really matter or is bypassed due to the way the plugin process payments? If so please confirm that I do not need to somehow attain a digicert ssl certificate and that business can go on as usual. Thanks!

    @allwebnow , that’s exactly what we understand (the plugin is good; no change is needed). Our SSL CPanel, etc, works great. we are good. I think the confussion was trigger by Authorize.NET’s notification, the redaction was ambiguos, they alrady change it (v3 so far)

    • This reply was modified 1 month, 3 weeks ago by oscyberdogz.

    Yes their notification about this sounded like we had to install this cert or else all payments would stop or something and it didn’t seem like there was any other way around it. So what’s changed in the notification or what does v3 mean? btw thanks for responding.

    v3, version three of the document (they modified it because it wasn’t clear enogh)

    oh where can i find that? my client is the one that gets these notifications and information.

    Oh yeah that one! thanks!

Viewing 15 replies - 1 through 15 (of 17 total)
  • You must be logged in to reply to this topic.