(Last updated on: October 9, 2024)
If you use Authorize.net as a payment gateway, you may have received either or both of the following emails from Authorize.net between September 26 and October 9. Here are the emails and some information on what you need to – or don’t need to – do about them.
At the end of the post are instructions on how to check your site is secure.
____________________________________________________________
September 26, 2024
Dear Authorize.net Merchant,
It came to our attention that the previous email had links that were not easily accessible. We apologize for any confusion. Here are the correct links to the support articles with detailed instructions below:
• Entrust to DigiCert SSL Certificate Migration (KA-05545)
• Latest Version of Authorize.net Server-Level SSL Certificates (000003009)
Who is being affected: Merchants who utilize Authorize.net APIs and endpoint URLs in their websites or applications will need to make updates. They will need to integrate and use the newly-issued Root and Intermediate (CA) SSL certificates from DigiCert. This should be done before the scheduled revocation dates to avoid disruptions.
What you need to do: You must integrate and use the newly-issued Root and Intermediate (CA) SSL certificates from DigiCert by October 24 to avoid any disruptions. To help you fight fraud, AFDS is automatically enabled on your account, which gives you access to many powerful fraud filters, including:
To stay updated on future notifications, please sign up on our status page.
_____________________________________________________________
October 9
Dear Authorize.net Merchant,
To ensure secure and up-to-date API transactions, we identified some merchants are still using unsupported ciphers/TLS versions when connecting to our API endpoints.
All merchants must use our supported versions by October 30th, 2024.
Our records indicate that you may be using unsupported TLS/cipher versions that need to be updated. Please work with your developer or solution support to update to the correct versions.
* For details on our supported TLS/cipher versions please see our documentation here.
* A maintenance notice for this change can be found on our status page.
Please note that if you continue to use an unsupported cipher after October 30, 2024, the connection will fail, and an error will be generated. This may result in you being unable to process payments.
To stay updated on future notifications and upcoming maintenance notices, please subscribe to our status page.
____________________________________________________________
How to see if your site is secure
- Go to https://www.howsmyssl.com/ Look at the Version entry. It will tell you what version of TLS you are using.
- You can also check in internet browsers. There is usually a symbol to the left of the URL that can give you information, too.
- For instance, in Chrome, the horizontal marks indicate the site is secure.
In Edge, it can look like this.
