- Issue created by @djween
- 🇺🇸United States tkiehne
Commerce Authnet has a dependency on commerceguys/authnet to provide the API functionality. There is a certificate bundle in that package which I presume is impacted by this notice.
- 🇺🇸United States djween
Per authorize.net, this module will need to be updated by Oct 23, 2024.
- 🇺🇸United States jphelan
I've posted an issue on the github repo for commerceguys/authnet
https://github.com/commerceguys/authnet/issues/41 - 🇺🇸United States matthensley Portland, OR
Will the 7x version of the plugin be affected by this change as well?
- 🇺🇸United States ezraw
Since the DigiCert Root certificate is not attached to the Authorize.net attachment as stated, I assume it's likely the same as Visa's announcement
That root cert is already included in the bundle and likely in any modern server already.
- 🇺🇸United States mglaman WI, USA
The SDK has the following logic:
if (isset($config['certificate_verify'])) { $this->certificateVerify = $config['certificate_verify']; } elseif ($cert = ini_get('curl.cainfo')) { $this->certificateVerify = $cert; } else { $this->certificateVerify = __DIR__ . '/../resources/cert.pem'; }The shipped certs are a fallback incase
curl.cainfoisn't available, which it should be. - 🇮🇳India DimpleL
Following up on #6, do we have any update here if this will impact Drupal 7 module or not?
- 🇮🇳India abhay.agarwal
Hi Guys,
Any update guys whether there will be any impact on our current functionality which integrates it with authorize.net
I am using Drupal 9. - 🇺🇸United States BTMash
2 questions:
@ezraw, they mention an intermediate cert. Would that need to be included anywhere or we we good with just the root cert? I see we can get a cacert.pem file via https://curl.se/docs/caextract.html
@mglaman I think this may still be necessary as curl.cainfo isn't available everywhere. For example, I have a D10 site on Acquia and when I looked at its phpinfo page, I do not see curl.cainfo defined.
- 🇺🇸United States rclemings
OK, this is all pretty confusing to me and consequently this may be a stupid question but here goes:
I'm looking at /vendor/commerceguys/authnet/resources/cert.pem on my server and it already has certificates for:
DigiCert Assured ID Root CA
DigiCert Global Root CA
DigiCert High Assurance EV Root CA
DigiCert Assured ID Root G2
DigiCert Assured ID Root G3
DigiCert Global Root G2
DigiCert Global Root G3
DigiCert Trusted Root G4I compared the DigiCert certificates in that file to the latest (2024-09-24) from https://curl.se/docs/caextract.html and they're all identical.
Does that mean I don't have to do anything?
- 🇺🇸United States derekw
My credit card checkout quit working today (10/24/2024) in line with the certificate change deadline: "Accept.js is not loaded correctly" above the card number field.
I cleared all website caches and now credit cards are accepted again.
- 🇺🇸United States jphelan
I don't believe it's related to the certificate. Authorize.net shows there is an ongoing issue with Accept.js.
https://status.authorize.net/ - 🇺🇸United States EHLOVader
Was there a resolution for Accept.js issue and have they actually completed the switch to the SSL certificates?
I was still seeing Entrust certs coming from apitest.authorize.net and api.authorize.net.
I also see that the maintenance on the status page for SSL was still "In Progress" and now all of the APIs are in maintenance but no new incidents appear for Accept.jsI've still been seeing issues from Accept.js and they don't seem to know what is causing it.
Were others having issues still? - 🇺🇸United States derekw
I'm using the "Updates to include all certs currently in the Authorize.net cert.pem" patch from commerceguys/authnet and everything is functioning properly.
I think @jphelan was correct that my Accept.js issue was a temporary outage.
- 🇺🇸United States rclemings
According to this the certificate change was rolled back. Not clear where it stands now.
- 🇺🇸United States rclemings
Now scheduled for Jan. 15: https://status.authorize.net/incidents/ynl52t1jg58c
