Authorize SSL/TLS Updates

I’d like to know this too. Got the same email

Should we get and install a DigiCert SSL certificate to be able to work with the plugin – Authorize.NET service?

Here’s a link to the Knowledge Article from Authorize.net.

It’s unclear if WordPress plugin users need to take any action. Please advise.

Yes, please advise.

@all

This should not impact the plugin. However, we will still follow the developments and will make any necessary changes to the plugin in advance in case there is a need.

Is still unclear for me

What If our server’s SSL/TLS certificates do not include DigiCert certificates, which are required by Authorize.Net (or at least thats what I understand), Do we need to install the SSL certificates issued by DigiCert.?

Basically the plugin itself uses WP’s built in wp_remote_post() function to send the API requests and does not specify a certificate to be used. This, to my knowledge would use the root certificates installed on your server. It is best to check with your hosting if the change of SSL/TLS certificates on Authorize.Net’s side would affect the site’s communication with the API endpoints listed below:

Sandbox: apitest.authorize.net
Production: api.authorize.net

@mohsinoffline yeah, I know that the plugin is good about the SSL/TLS changes. Honestly, I was expecting a little support on this because the message from Authorize.NET says that we must get a DigiCert certificate to be able to establish the connection with their endpoints. I think I’m going to follow that path, but if you get to know something about it, please spread the word on this, it would help us a lot, In the end we use your plugin because it works great, and maybe the SSL issue isn’t a plugin thing, but could lead to fail the usage of it.

So my client got this digicert notification too so i just switched him to this plugin here for taking authorize.net payments. (He was using the old woothemes abandoned authorize.net AIM plugin) anyway…So are we saying that this digi cert requirement is a “non issue” with this plugin and we can ignore this notification? Currently we obviously use a legit fully signed Let’s Encrypt ssl certificate in our autossl Cpanel environment. But based on the developer’s response here, it seems to not really matter or is bypassed due to the way the plugin process payments? If so please confirm that I do not need to somehow attain a digicert ssl certificate and that business can go on as usual. Thanks!

@allwebnow , that’s exactly what we understand (the plugin is good; no change is needed). Our SSL CPanel, etc, works great. we are good. I think the confussion was trigger by Authorize.NET’s notification, the redaction was ambiguos, they alrady change it (v3 so far)

• This reply was modified 1 month, 2 weeks ago by oscyberdogz.

Yes their notification about this sounded like we had to install this cert or else all payments would stop or something and it didn’t seem like there was any other way around it. So what’s changed in the notification or what does v3 mean? btw thanks for responding.

v3, version three of the document (they modified it because it wasn’t clear enogh)

oh where can i find that? my client is the one that gets these notifications and information.

https://support.authorize.net/knowledgebase/Knowledgearticle/?code=KA-05545

Oh yeah that one! thanks!