Re: Authorize.Net DigiCert SSL Certification Migra...

justin_viera · ‎09-30-2024

Hello,

I am running a Magento 2 store (CE v2.3.2) and I received this notice from DigiCert:

https://support.authorize.net/knowledgebase/Knowledgearticle/?code=KA-05545

I am trying to figure out if this affects our store or not. To my knowledge, we never set up any CA certs with their Entrust certificates to being with, but maybe that is built into Magento 2 somehow? Looking for some help as I don't understand the SSL stuff well. Thanks in advance!

rimshadevr27ac · ‎10-02-2024

To determine if the notice from DigiCert affects your Magento 2 store, it's essential to understand the context of the notice and how SSL certificates function within your store setup. Here’s a brief overview:

1. Understanding the Notice

The notice from DigiCert concerns the deprecation of certain Certificate Authority (CA) certificates and their potential impact on secure connections. Specifically, they mention issues with Entrust certificates, which can affect websites if they rely on these certificates for secure communication.

2. Magento 2 and SSL Certificates

Magento 2, by default, supports SSL certificates for secure transactions. However, it does not inherently manage the CA certificates. If your store uses SSL certificates issued by Entrust, or if you’ve ever set up any CA certificates associated with DigiCert or Entrust, you should verify the certificates currently installed on your server.

3. How to Check Your SSL Certificate

You can check the SSL certificate in use by:

Using Browser Tools: Visit your store and click on the padlock icon in the address bar. This will show you details about the SSL certificate, including the issuer.
Online Tools: Websites like SSL Labs can help you analyze your SSL configuration and certificate details.

4. Action Steps

Verify Your SSL Certificate: Confirm whether your certificate is issued by Entrust. If it is, you may need to renew or update your SSL certificate based on DigiCert's guidance.
Consult with Your Hosting Provider: If you’re unsure about the certificates installed, your hosting provider can assist in checking and updating them if necessary.

5. Resources for More Information

For further information on the notice and its implications, you can refer to DigiCert's support page
Additionally, Magento’s official documentation and community forums can be a valuable resource for specific configurations related to SSL.

If you determine that your site is affected or you require assistance in updating your SSL, it may be beneficial to consult a web security expert or your hosting provider for guidance.

justin_viera · ‎10-07-2024

Thank you for your reply. I understand that my website has its own SSL Certificate, which is working fine. The notice from Authorize.Net indicates that we may have to somehow set up a certificate with them for transactions. I have never had to set any of this up before (with their current Entrust SSL) - but I am unsure if somehow, out of the box, Magento 2.3.2 had that set up already? We're just using the Authorize.net option that was built into Magento by default.

I'm wondering if, perhaps, this change they're making will not affect us because of how the transaction is sent to Authorize.net from Magento?

zoilowebscde8e · ‎10-11-2024

You should already have the DigiCert CA/Root Certificates on your server. You can verify this depending on your server's OS. In Ubuntu, the Ca Certificates are in /etc/ssl/certs

If you search for DigiCert in this directory, you'll find it has Certificates:

zoilo@ip-10-0-0-237:~$ ls -al /etc/ssl/certs | grep DigiCert
lrwxrwxrwx 1 root root     38 Oct  1  2021 244b5494.0 -> DigiCert_High_Assurance_EV_Root_CA.pem
lrwxrwxrwx 1 root root     27 Oct  1  2021 3513523f.0 -> DigiCert_Global_Root_CA.pem
lrwxrwxrwx 1 root root     27 Oct  1  2021 399e7759.0 -> DigiCert_Global_Root_CA.pem
lrwxrwxrwx 1 root root     27 Oct  1  2021 607986c7.0 -> DigiCert_Global_Root_G2.pem
lrwxrwxrwx 1 root root     31 Oct  1  2021 69105f4f.0 -> DigiCert_Assured_ID_Root_CA.pem
lrwxrwxrwx 1 root root     28 Oct  1  2021 75d1b2ed.0 -> DigiCert_Trusted_Root_G4.pem
lrwxrwxrwx 1 root root     31 Oct  1  2021 7f3d5d1d.0 -> DigiCert_Assured_ID_Root_G3.pem
lrwxrwxrwx 1 root root     38 Oct  1  2021 81b9768f.0 -> DigiCert_High_Assurance_EV_Root_CA.pem
lrwxrwxrwx 1 root root     31 Oct  1  2021 8d6437c3.0 -> DigiCert_Assured_ID_Root_G2.pem
lrwxrwxrwx 1 root root     31 Oct  1  2021 9d04f354.0 -> DigiCert_Assured_ID_Root_G2.pem
lrwxrwxrwx 1 root root     28 Oct  1  2021 a2c66da8.0 -> DigiCert_Trusted_Root_G4.pem
lrwxrwxrwx 1 root root     31 Oct  1  2021 b1159c4c.0 -> DigiCert_Assured_ID_Root_CA.pem
lrwxrwxrwx 1 root root     31 Oct  1  2021 c491639e.0 -> DigiCert_Assured_ID_Root_G3.pem
lrwxrwxrwx 1 root root     27 Oct  1  2021 c90bc37d.0 -> DigiCert_Global_Root_G2.pem
lrwxrwxrwx 1 root root     27 Oct  1  2021 dd8e9d41.0 -> DigiCert_Global_Root_G3.pem
lrwxrwxrwx 1 root root     66 Jul 29  2020 DigiCert_Assured_ID_Root_CA.pem -> /usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt
lrwxrwxrwx 1 root root     66 Jul 29  2020 DigiCert_Assured_ID_Root_G2.pem -> /usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt
lrwxrwxrwx 1 root root     66 Jul 29  2020 DigiCert_Assured_ID_Root_G3.pem -> /usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt
lrwxrwxrwx 1 root root     62 Jul 29  2020 DigiCert_Global_Root_CA.pem -> /usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt
lrwxrwxrwx 1 root root     62 Jul 29  2020 DigiCert_Global_Root_G2.pem -> /usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt
lrwxrwxrwx 1 root root     62 Jul 29  2020 DigiCert_Global_Root_G3.pem -> /usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt
lrwxrwxrwx 1 root root     73 Jul 29  2020 DigiCert_High_Assurance_EV_Root_CA.pem -> /usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt
lrwxrwxrwx 1 root root     63 Jul 29  2020 DigiCert_Trusted_Root_G4.pem -> /usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt
lrwxrwxrwx 1 root root     27 Oct  1  2021 ed39abd0.0 -> DigiCert_Global_Root_G3.pem

Note that this server doesn't have DigiCert's G5 Certificates. You can narrow that down by changing your search: ls -al /etc/ssl/certs | grep DigiCert.*G5

yolanda32350e0

The Authorize.Net DigiCert SSL Certification Migration plays an important role in ensuring secure online transactions, data protection, and user confidence when accessing government-related platforms such as the www.psa.gov.ph online appointment system. With the increasing demand for digital services, particularly for sensitive processes like birth certificates, marriage certificates, and other civil registry documents, upgrading to DigiCert SSL certificates ensures that all communications between users and the PSA website remain encrypted and safe from cyber threats. This migration not only strengthens the security framework but also aligns with international standards of trust, thereby reducing risks of unauthorized access, phishing, and data breaches. By using advanced authentication protocols, DigiCert SSL provides users with the assurance that their information is transmitted securely while scheduling or confirming appointments online. Additionally, this transition enhances website performance and compatibility with modern browsers and mobile devices, ensuring smoother access for millions of Filipinos who rely on digital public services.

loferialopae14

Good question! SSL updates can be confusing kind of like learning the rules of 3 patti for the first time, but once you check Magento’s built-in certs, it becomes clear quickly.

Authorize.Net DigiCert SSL Certification Migration

Authorize.Net DigiCert SSL Certification Migration