- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Authorize.Net DigiCert SSL Certification Migration
Hello,
I am running a Magento 2 store (CE v2.3.2) and I received this notice from DigiCert:
https://support.authorize.net/knowledgebase/Knowledgearticle/?code=KA-05545
I am trying to figure out if this affects our store or not. To my knowledge, we never set up any CA certs with their Entrust certificates to being with, but maybe that is built into Magento 2 somehow? Looking for some help as I don't understand the SSL stuff well. Thanks in advance!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Authorize.Net DigiCert SSL Certification Migration
To determine if the notice from DigiCert affects your Magento 2 store, it's essential to understand the context of the notice and how SSL certificates function within your store setup. Here’s a brief overview:
1. Understanding the Notice
The notice from DigiCert concerns the deprecation of certain Certificate Authority (CA) certificates and their potential impact on secure connections. Specifically, they mention issues with Entrust certificates, which can affect websites if they rely on these certificates for secure communication.
2. Magento 2 and SSL Certificates
Magento 2, by default, supports SSL certificates for secure transactions. However, it does not inherently manage the CA certificates. If your store uses SSL certificates issued by Entrust, or if you’ve ever set up any CA certificates associated with DigiCert or Entrust, you should verify the certificates currently installed on your server.
3. How to Check Your SSL Certificate
You can check the SSL certificate in use by:
- Using Browser Tools: Visit your store and click on the padlock icon in the address bar. This will show you details about the SSL certificate, including the issuer.
- Online Tools: Websites like SSL Labs can help you analyze your SSL configuration and certificate details.
4. Action Steps
- Verify Your SSL Certificate: Confirm whether your certificate is issued by Entrust. If it is, you may need to renew or update your SSL certificate based on DigiCert's guidance.
- Consult with Your Hosting Provider: If you’re unsure about the certificates installed, your hosting provider can assist in checking and updating them if necessary.
5. Resources for More Information
- For further information on the notice and its implications, you can refer to DigiCert's support page
- Additionally, Magento’s official documentation and community forums can be a valuable resource for specific configurations related to SSL.
If you determine that your site is affected or you require assistance in updating your SSL, it may be beneficial to consult a web security expert or your hosting provider for guidance.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Authorize.Net DigiCert SSL Certification Migration
Thank you for your reply. I understand that my website has its own SSL Certificate, which is working fine. The notice from Authorize.Net indicates that we may have to somehow set up a certificate with them for transactions. I have never had to set any of this up before (with their current Entrust SSL) - but I am unsure if somehow, out of the box, Magento 2.3.2 had that set up already? We're just using the Authorize.net option that was built into Magento by default.
I'm wondering if, perhaps, this change they're making will not affect us because of how the transaction is sent to Authorize.net from Magento?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Authorize.Net DigiCert SSL Certification Migration
You should already have the DigiCert CA/Root Certificates on your server. You can verify this depending on your server's OS. In Ubuntu, the Ca Certificates are in /etc/ssl/certs
If you search for DigiCert in this directory, you'll find it has Certificates:
zoilo@ip-10-0-0-237:~$ ls -al /etc/ssl/certs | grep DigiCert lrwxrwxrwx 1 root root 38 Oct 1 2021 244b5494.0 -> DigiCert_High_Assurance_EV_Root_CA.pem lrwxrwxrwx 1 root root 27 Oct 1 2021 3513523f.0 -> DigiCert_Global_Root_CA.pem lrwxrwxrwx 1 root root 27 Oct 1 2021 399e7759.0 -> DigiCert_Global_Root_CA.pem lrwxrwxrwx 1 root root 27 Oct 1 2021 607986c7.0 -> DigiCert_Global_Root_G2.pem lrwxrwxrwx 1 root root 31 Oct 1 2021 69105f4f.0 -> DigiCert_Assured_ID_Root_CA.pem lrwxrwxrwx 1 root root 28 Oct 1 2021 75d1b2ed.0 -> DigiCert_Trusted_Root_G4.pem lrwxrwxrwx 1 root root 31 Oct 1 2021 7f3d5d1d.0 -> DigiCert_Assured_ID_Root_G3.pem lrwxrwxrwx 1 root root 38 Oct 1 2021 81b9768f.0 -> DigiCert_High_Assurance_EV_Root_CA.pem lrwxrwxrwx 1 root root 31 Oct 1 2021 8d6437c3.0 -> DigiCert_Assured_ID_Root_G2.pem lrwxrwxrwx 1 root root 31 Oct 1 2021 9d04f354.0 -> DigiCert_Assured_ID_Root_G2.pem lrwxrwxrwx 1 root root 28 Oct 1 2021 a2c66da8.0 -> DigiCert_Trusted_Root_G4.pem lrwxrwxrwx 1 root root 31 Oct 1 2021 b1159c4c.0 -> DigiCert_Assured_ID_Root_CA.pem lrwxrwxrwx 1 root root 31 Oct 1 2021 c491639e.0 -> DigiCert_Assured_ID_Root_G3.pem lrwxrwxrwx 1 root root 27 Oct 1 2021 c90bc37d.0 -> DigiCert_Global_Root_G2.pem lrwxrwxrwx 1 root root 27 Oct 1 2021 dd8e9d41.0 -> DigiCert_Global_Root_G3.pem lrwxrwxrwx 1 root root 66 Jul 29 2020 DigiCert_Assured_ID_Root_CA.pem -> /usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt lrwxrwxrwx 1 root root 66 Jul 29 2020 DigiCert_Assured_ID_Root_G2.pem -> /usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt lrwxrwxrwx 1 root root 66 Jul 29 2020 DigiCert_Assured_ID_Root_G3.pem -> /usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt lrwxrwxrwx 1 root root 62 Jul 29 2020 DigiCert_Global_Root_CA.pem -> /usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt lrwxrwxrwx 1 root root 62 Jul 29 2020 DigiCert_Global_Root_G2.pem -> /usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt lrwxrwxrwx 1 root root 62 Jul 29 2020 DigiCert_Global_Root_G3.pem -> /usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt lrwxrwxrwx 1 root root 73 Jul 29 2020 DigiCert_High_Assurance_EV_Root_CA.pem -> /usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt lrwxrwxrwx 1 root root 63 Jul 29 2020 DigiCert_Trusted_Root_G4.pem -> /usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt lrwxrwxrwx 1 root root 27 Oct 1 2021 ed39abd0.0 -> DigiCert_Global_Root_G3.pem
Note that this server doesn't have DigiCert's G5 Certificates. You can narrow that down by changing your search: ls -al /etc/ssl/certs | grep DigiCert.*G5