Views:

Understanding SSL Leaf Level Certificates and Yearly Renewals

Authorize.net recommends that your site and applications trust the Root and Intermediate CA SSL certificates rather than the server-level certificate. This method eliminates the need to update or install the latest leaf certificate, which is updated annually before their expiration dates. If your application trusts only the Root and Intermediate level certificates, there is no need to install the certificates attached to this article.

Latest Update:

Sandbox/Production: Feb 2025, exact date for switch over will be provided soon. It is recommended to complete adding any support for the new certificate by January 31, 2025.

The most current certificates are attached as of September 2024 and will be in use after January 31, 2025. This latest update involves a complete certificate change for both Sandbox and Production. For more details, please see: Entrust to DigiCert SSL Certificate Migration

Impacted API endpoints:

Sandbox URLs

  • test.authorize.net
  • apitest.authorize.net

Production URLs

  • secure.authorize.net
  • secure2.authorize.net
  • api.authorize.net
  • api2.authorize.net

How to obtain Authorize.net SSL certificate?

  1. Download the Root and Intermediate Certificates from DigiCert
    • To Download the Root Certificate (DigiCert Global Root G2):
      1. Open your browser and navigate to the DigiCert Global Root G2 page.
      2. Scroll down to find "DigiCert Global Root G2".
      3. Click on the "Download" link next to "PEM" (or the format you require).
      4. Save the file with a suggested filename: digicert_global_root_g2.crt.
    • To Download the Intermediate Certificate (DigiCert SHA2 Secure Server CA):
      1. Open your browser and navigate to the DigiCert SHA2 Secure Server CA page.
      2. Scroll down to find "DigiCert SHA2 Secure Server CA".
      3. Click on the "Download" link next to "PEM" (or the format you require).
      4. Save the file with a suggested filename: digicert_sha2_secure_server_ca.crt.
  2. Using SSL Labs:
    • Go to SSL Labs
    • Enter the API endpoint/URL you want to test (e.g., https://secure.authorize.net).
    • Click Submit
    • Wait for the test to complete and review the results.
    • In the results, navigate to the "Certificate" section.
    • Use the download option to obtain the leaf certificate and the intermediate/root CA as needed.

 

Related Attachments (1)