Entrust to DigiCert SSL Certificate Migration
KA-05545
1
12/02/2024 21:55 PM
5.0
This article will guide merchants through understanding Authorize.net certificates migration and change.
What is happening?
Authorize.net is changing the SSL/TLS certificates from Entrust to DigiCert in January 2025. This will affect server-to-server interactions, including API users, Mobile Point of Sale (mPOS) and In-Person SDK users.
Certificate Migration Schedule
Sandbox/Production: January 15, 2025
What this means and actions required?
- Browser Users:
- Ensure your browser is up to date. No other changes are necessary.
- Mobile Point of Sale (mPOS) App Users:
- For iOS Users, iOS 15 and higher is required (available November 2024) and must be updated before January 15, 2024.
- Authorize.net - This legacy version will receive only security and maintenance updates. We recommend using our new app.
- Reader support - This version will will support older/existing readers, including audio jack readers.
- Google Play Store - Authorize.net Mobile POS
- Apple App Store - Authorize.net
- Authorize.net - This legacy version will receive only security and maintenance updates. We recommend using our new app.
- For Android Users, OS 12 or higher is required (available November 2024) and must be updated before January 15, 2024.
- Authorize.net 2.0 - This version will be our go forward version that will be enhanced and update with new feature and reader support.
- This version will not support legacy/older reader using audio jack.
- Google Play Store - Authorize.net 2.0
- Apple App Store - Authorize.net 2.0
- Authorize.net 2.0 - This version will be our go forward version that will be enhanced and update with new feature and reader support.
- For iOS Users, iOS 15 and higher is required (available November 2024) and must be updated before January 15, 2024.
- API Users and Integrators:
- Update your systems to use DigiCert Root and Intermediate (CA) SSL certificates before the revocation dates.
- Custom Mobile Apps:
- Update to the latest In-Person SDK versions (available November 2024) and must be updated before January 15, 2024.
Example Scenarios Requiring Action
- Certificate Pinning: Update settings if pinning the leaf certificate.
- Custom Trust Stores: Import DigiCert CAs.
- CA Pinning: Update pins to DigiCert CAs.
- mPOS App Users: Ensure the latest app versions are downloaded.
- In-Person SDK Users: Update to the newest SDK versions.
Merchants who utilize Authorize.net APIs and endpoint URLs in their websites or applications may need to make updates. They may need to use the newly-issued Root and Intermediate (CA) SSL certificates from DigiCert. This should be done before the scheduled revocation dates to avoid disruptions.
Additionally, if the Authorize.net In-Person SDK is being used for custom mobile app, the newest versions which will need to be used and will be available for download the second week in November, 2024, and must be used once Authorize.net changes over to DigiCert digital certificates on January 15, 2024.
Important Note
If your application is pinning the certificate, do not revoke or remove any of your existing Entrust certificates linked with Authorize.net endpoints before the scheduled dates mentioned above. Until the cut-off dates, the only supported certificates will be the Entrust SSL certificates. You may add the new certificates to your system and verify their functionality in the Sandbox environment.
Downloading the Certificates
You can download the latest version of the Root and Intermediate (CA) certificates from the zip file in the Attachments section below.
If your application requires server-level certificate trust, install (trust) the new certificates before the existing certificates expire to avoid any production impact. The link to the Server-Level (leaf) SSL certificate will be updated later in this support article once they become available. Please note, we recommend that merchants trust only the Root and Intermediate CA SSL certificates on all secure endpoints. This avoids the annual need to renew the server-level certificate.
For additional information on obtaining the latest version of Authorize.net's SSL certificate, please refer to our support article: Where can I find the latest version of Authorize.nets server-level SSL certificates?
Impacted API Endpoints:
Sandbox URLs
- test.authorize.net
- apitest.authorize.net
Production URLs
- secure.authorize.net
- secure2.authorize.net
- api.authorize.net
- api2.authorize.net
Root and CA DigiCert Certificate.zip
Was this article helpful?