Views:

This article will guide merchants through understanding Authorize.net certificates migration and change.

What is happening?

Authorize.net is changing the SSL/TLS certificates from Entrust to DigiCert in January 2025. This will affect server-to-server interactions, including API users, Mobile Point of Sale (mPOS) and In-Person SDK users.

Certificate Migration Schedule

  • Sandbox/Production: Feb 2025, exact date for switch over will be provided soon. It is recommended to complete adding any support for the new certificate by January 31, 2025.

What this means and actions required?

  • Browser Users:
    • Ensure your browser is up to date. No other changes are necessary.
  • Mobile Point of Sale (mPOS) App Users:
    • For iOS Users, iOS 15 and higher is required (available November 2024) and must be updated before January 31, 2025.
      • Authorize.net - This legacy version will receive only security and maintenance updates. We recommend using our new app.
    • For Android Users, OS 12 or higher is required (available November 2024) and must be updated before January 31, 2025.
      • Authorize.net 2.0 - This version will be our go forward version that will be enhanced and update with new feature and reader support.
  • API Users and Integrators:
  • Custom Mobile Apps:

Example Scenarios Requiring Action

  • Certificate Pinning: Update settings if pinning the leaf certificate.
  • Custom Trust Stores: Import DigiCert CAs.
  • CA Pinning: Update pins to DigiCert CAs.
  • mPOS App Users: Ensure the latest app versions are downloaded.
  • In-Person SDK Users: Update to the newest SDK versions.

Merchants who utilize Authorize.net APIs and endpoint URLs in their websites or applications may need to make updates. They may need to use the newly-issued Root and Intermediate (CA) SSL certificates from DigiCert. This should be done before the scheduled revocation dates to avoid disruptions.

Additionally, if the Authorize.net In-Person SDK is being used for custom mobile app, the newest versions which will need to be used and are available for download as of December 16, 2024 and must be used once Authorize.net changes over to DigiCert digital certificates after January 31, 2025.

Important Note

If your application is pinning the certificate, do not revoke or remove any of your existing Entrust certificates linked with Authorize.net endpoints before the scheduled dates mentioned above. Until the cut-off dates, the only supported certificates will be the Entrust SSL certificates. You may add the new certificates to your system and verify their functionality in the Sandbox environment. 

Downloading the Certificates

You can download the latest version of the Root and Intermediate (CA) certificates from the zip file in the Attachments section below.

If your application requires server-level certificate trust, install (trust) the new certificates before the existing certificates expire to avoid any production impact. The link to the Server-Level (leaf) SSL certificate will be updated later in this support article once they become available. Please note, we recommend that merchants trust only the Root and Intermediate CA SSL certificates on all secure endpoints. This avoids the annual need to renew the server-level certificate.

For additional information on obtaining the latest version of Authorize.net's SSL certificate, please refer to our support article: Where can I find the latest version of Authorize.nets server-level SSL certificates?

Impacted API Endpoints:

Sandbox URLs

  • test.authorize.net
  • apitest.authorize.net

Production URLs

  • secure.authorize.net
  • secure2.authorize.net
  • api.authorize.net
  • api2.authorize.net

 

Related Attachments (1)