我正在使用 Authorize.Net DPM (Direct Post Method)集成到我管理的一个特定电子商务系统上。
我们已经为这个网站更新了我们的 SSL 证书,新的 SSL 证书使用 SHA-256而不是建议使用 SHA-1 以提高安全性。
但是,现在 AUthoeize.Net 无法再向我的服务器发送回。处理付款时,我收到消息:
An error occurred while trying to report this transaction to the merchant. An e-mail has been sent to the merchant informing them of the error. The following is the result of the attempt to charge your credit card.
来自 URL https://secure.authorize.net/gateway/transact.dll
,而不是被发送回我的代码,在那里我可以显示“付款成功”页面。重新研究后,我认为问题是 Authorize.Net's servers don't support SHA-2 certificates :
Does anyone know if Authorize.net accepts the newer SHA2 encryption? Our production servers which use this type of certificate do not receive the RelayResponse.
We found an article on SHA2 encryption issues with WIN2003 servers KB968730. We know Authorize.net uses Win 2003 servers based on http headers, which tell us IIS6.0.
We just established that is a real issue with Authorize.Net. We were able to purchase a SHA1 certificate and we are now able to receive the Relay Response from Authorize.NET. Authorize.NET Relay Response does not handle G2/SHA256 certificates. This will become a major issue in 2014 when SHA1 certifictions will not be obtainable from vendors eg. GoDaddy etc.
我已经联系了 Authorize.Net 支持,但他们似乎甚至不了解他们自己的产品是如何工作的,因为我从他们那里得到的回复毫无意义:
We have no announcements regarding the use specifically of SHA-2 hashes to connect to our servers at this time. Notices of any changes to the integration methods will be available in the merchant interface, as well as on the developer center at developer.authorize.net if that change occurs.
我没有连接到他们的服务器。他们正在连接到我的 服务器...所以他们的支持没有帮助...我该如何解决这个问题?不对 x_relay_url
DPM 回发 URL 使用 SSL 是否安全/明智?这似乎是最安全的建议,但我犹豫是否要这样做。
最佳答案
我采取的解决方案是获取使用 SHA-1 签名算法而不是 SHA-2 的 SSL 证书。
SHA-2 证书被 Authorize.net 的服务器拒绝的问题已报告给他们的系统工程团队,但我不知道他们是否会更正此问题。
关于security - Authorize.Net DPM 因 SHA-256 SSL 证书而失败,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/21390144/