(Last updated on: May 14, 2015)
Center Stage Software and some of our customers received this information from Authorize.net recently:
Important: Security Certificate Upgrades on May 26th
Authorize.Net is upgrading our infrastructure to enhance system performance and security. On May 26, 2015, we are upgrading to new security certificates, which are signed using Security Hash Algorithm 2 (SHA-2) and 2048-bit signatures. Most modern operating systems and web servers support certificates that use SHA-2, however, there is a concern that older software—especially software based on outdated versions of Java—may not.
Please contact your web developer or solution provider as soon as possible to find out if your website or payment solution will support the new security certificates.
If any updates are necessary, please refer your web developer to this blog post in our Developer Community, which has all of the certificate information they will need for this update. Our sandbox environment has already been updated so that your developer can validate that your solution will continue to work using SHA-2 signed certificates, prior to May 26th.
After the update is complete on May 26th, any website or payment solution that cannot validate SHA-2 signed certificates will fail to connect to Authorize.Net’s servers.
What this means is that the encryption being used for SSL has been changed. The more modern encryption is the SHA-2. Authorize.net will start using it.
In order to use it, the operating system and browser has to support it. That means that the older operating systems and older browsers are not going to be able to be used for payments. Right now, they are using SHA-1.
So, if you have older equipment, now would be a good time to replace it.
If your patrons are using older browsers, this could cause problems with their online ticket orders. Please put a notification on your website to update their browsers if they have an issue buying a ticket.