Entrust to DigiCert SSL Certificate Migration
KA-05545
17
11/06/2024 18:05 PM
4.0
This article will guide merchants through understanding Authorize.net certificates and support and usage.
What is happening?
Authorize.net is changing the SSL/TLS certificates that applications and websites use to communicate with our systems, moving from Entrust to DigiCert. This change is currently planned to take place in January, 2025. The change will impact both browser-based and server-to-server interactions.
What this means and actions required?
This will depend on how you are using and connecting to Authorize.net.
For non-API users interacting with Authorize.net via a browser on their mobile device or computer, there's no change necessary other than ensuring that your browser is up to date.
For users of Authorize.net Mobile Point of Sale (mPOS) apps for iOS and Android downloading and using the most recent version of the app will be required. New versioons of the apps will be available during the second week of November, 2024.
- There are two Authorize.net mPOS apps:
- For iOS Users, iOS 15 and higher is required.
- Authorize.net - This legacy version will receive only security and maintenance updates and may experience delays in updates. We recommend using our new app with newer readers.
- Reader support - This version will will support older/existing readers, including audio jack readers.
- Google Play Store - Authorize.net Mobile POS
- Apple App Store - Authorize.net
- Authorize.net - This legacy version will receive only security and maintenance updates and may experience delays in updates. We recommend using our new app with newer readers.
- For Android Users, OS 12 or higher is required.
- Authorize.net 2.0 - This version will be our go forward version that will be enhanced and update with new feature and reader support.
- This version will not support legacy/older reader using audio jack.
- Google Play Store - Authorize.net 2.0
- Apple App Store - Authorize.net 2.0
- Authorize.net 2.0 - This version will be our go forward version that will be enhanced and update with new feature and reader support.
- For iOS Users, iOS 15 and higher is required.
Merchants who utilize Authorize.net APIs and endpoint URLs in their websites or applications may need to make updates. They may need to use the newly-issued Root and Intermediate (CA) SSL certificates from DigiCert. This should be done before the scheduled revocation dates to avoid disruptions.
Additionally, if the Authorize.net In-Person SDK is being used for custom mobile app, the newest versions which will need to be used and will be available for download the second week in November, 2024, and must be used once Authorize.net changes over to DigiCert digital certificates in January, 2024.
If testing is needed, it is recommended to be done in the Sandbox environment as soon as Authorize.net releases the new DigiCert SSL certificates. Testing in the Production environment won't be possible before the Production.
Example Scenarios Requiring Action:
- Users whose applications or websites pin the leaf certificate will need to update their settings.
- Users whose applications or websites use custom trust stores will need to import the DigiCert CAs.
- Users whose applications or websites pin to the CAs will need to update their pins.
- Users who download and use the mPOS app for Android and iOS users.
- Users who have a customer app built and using In-Person SDKs.
Certificate Migration Schedule
Sandbox/Production:
January, 2025 TBD
November 11, 2024October 23rd and 24th, 2024
Important Note
If your application is pinning the certificate, do not revoke or remove any of your existing Entrust certificates linked with Authorize.net endpoints before the scheduled dates mentioned above. Until the cut-off dates, the only supported certificates will be the Entrust SSL certificates. You may add the new certificates to your system and verify their functionality in the Sandbox environment.
Downloading the Certificates
You can download the latest version of the Root and Intermediate (CA) certificates from the zip file in the Attachments section below.
If your application requires server-level certificate trust, install (trust) the new certificates before the existing certificates expire to avoid any production impact. The link to the Server-Level (leaf) SSL certificate will be updated later in this support article once they become available. Please note, we recommend that merchants trust only the Root and Intermediate CA SSL certificates on all secure endpoints. This avoids the annual need to renew the server-level certificate.
For additional information on obtaining the latest version of Authorize.net's SSL certificate, please refer to our support article: Where can I find the latest version of Authorize.nets server-level SSL certificates?
Impacted API Endpoints:
Sandbox URLs
- test.authorize.net
- apitest.authorize.net
Production URLs
- secure.authorize.net
- secure2.authorize.net
- api.authorize.net
- api2.authorize.net
Root and CA DigiCert Certificate (1).zip
Was this article helpful?