Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Empty API responses: bundled cert.pem is invalid for new sandbox SSL certificate #301

Closed
schmich opened this issue Mar 24, 2018 · 8 comments
Closed

Empty API responses: bundled cert.pem is invalid for new sandbox SSL certificate #301

schmich opened this issue Mar 24, 2018 · 8 comments

Comments

@schmich
Copy link

schmich commented Mar 24, 2018

All sandbox Authorize.net API requests (at least those using AuthorizeNetCIM) are failing and returning empty responses:

object(AuthorizeNetCIM_Response)#631 (2) {
  ["xml"]=>
  NULL
  ["response"]=>
  bool(false)
}

I tracked this down to a cURL error in AuthorizeNetRequest.php: "Peer's Certificate issuer is not recognized." with the endpoint being https://apitest.authorize.net/xml/v1/request.api.

It appears the SSL cert for apitest.authorize.net was updated recently:

image

The issuing CA, GeoTrust RSA CA 2018, is not included in this library's cert.pem, which is used to configure cURL. Because of this, host verification fails, so requests are failing.

I saw this issue was also brought up on the developer support forum. It appears the temporary workaround is to copy cURL's cert.pem over the library's version.

Unfortunately, I haven't seen an official response from any Authorize.net folks.

If possible, I would like to see the following:

  1. An acknowledgement of this problem, ideally along with an ETA on when you will publish a fixed version of this library.
  2. Updates to AuthorizeNetRequest.php to fail with more information than just ["xml"]=> NULL ["response"]=> bool(false). I realize you have logging there, but including and propagating cURL error information to the API consumer can only help users that hit issues.
  3. Internal process improvements to prevent this from happening again. Apparently, a similar problem happened in 2015 resulting in similar confusion and frustration.

I'm sincerely not trying to be a jerk, but I do expect much more from an organization like Authorize.net. I (and likely others) burned far too much time today debugging and diagnosing something that should have never been an issue.
@ashtru
Copy link
Contributor

ashtru commented Mar 24, 2018

We apologize for the serious inconvenience faced by all the Sandbox developers.

  1. The issues is caused by the change in the certificate used for verification. We will release a fix for the SDK by 25th March.
  2. This is a great suggestion, we will look into adding this information.
  3. We will surely put in a process for any certificate updates and release them in time, so that no such issues occur in future.

Thanks again for your useful suggestions @schmich

@ashtru
Copy link
Contributor

ashtru commented Mar 24, 2018

The issue has been fixed in latest release of the PHP SDK (version 1.9.6) .

Join the Authorize.Net developer forum to keep abreast with latest features and contribute ideas.
Thanks
Ashutosh

@ashtru ashtru mentioned this issue Mar 24, 2018
Closed
@schmich
Copy link
Author

schmich commented Mar 25, 2018

Thanks, Ashutosh, for the quick turnaround, and on the weekend, no less. I appreciate the support and the response!

@schmich schmich closed this as completed Mar 25, 2018
@phpstudyone
Copy link

phpstudyone commented Mar 26, 2018
edited

@ashtru

I noticed that the new version released (version 1.9.6) requires php version 5.6.

But the version that I installed version 1.9.3 needs is 5.5

Do I have to upgrade php to get support for this change?

@ashtru
Copy link
Contributor

ashtru commented Mar 26, 2018

@phpstudyone , for this change, you can replace your lb/ssl/cert.pem with the latest cert.pem manually.

But for TLS 1.2, you will need to upgrade your PHP version to at least 5.6.
Kindly verify your integration works with the sandbox endpoint as soon as possible. Follow the steps in TLS section in the README. TLS below 1.2 is already disabled in sandbox, and will be soon disabled in production for all merchants.

The minimum software requirements are as follows, you might need to upgrade all of them:

PHP >= 5.6
OpenSSL >= 1.0.1
CURL >= 7.34.0

You can go through the forum thread and the news for reference.

Feel free to open a new issue, if you need any more TLS 1.2 related assistance or clarification.

@ashtru ashtru mentioned this issue Mar 27, 2018
Open
@phpstudyone
Copy link

phpstudyone commented Mar 27, 2018
edited

@ashtru This is my test result :

image

Also, when I do not replace the 'lib/ssl/cert.pem' file with a new cert.pem file, if my cert and domain name match, sanbox can be used normally. Otherwise, the error CURL ERROR: SSL certificate problem: unable to get local issuer certificate will occur.

replace to this cert.pem file can fix this problem.

@ashtru
Copy link
Contributor

ashtru commented Mar 28, 2018

@phpstudyone
It is good that the connection is using TLS 1.2.
Just for some additional information, can you share the version for PHP, Openssl and curl as well?

@phpstudyone
Copy link

@ashtru sure.

this is phpinfo() result:

image

image

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@schmich @phpstudyone @ashtru