Using Custom Certificates for the Authorize.net AIM API in Rails on Heroku
A few days ago Authorize.net updated their certificates to be signed using (SHA-2) .
Now our clients are getting this error returned from Authorize.net:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
So I need to use them in our Rails application on Heroku. The Heroku Root Certificate suite does not include them, so I have to enable them in ActiveMerchant, but I had no luck finding clear instructions on how to do this properly. Here's what I've tried so far:
I downloaded the five root certificates required by Authorize.net and bundled them together as "cacert.pem", replacing the existing "cacert.pem" file in my folder /vendor/plugins/active_merchant/lib/certs/
(I copied the old cacert.pem
file first, just in case). This by itself did not solve the problem - I still get the same error in development.
Looking at the new "cacert.pem" file I created I saw that the last certificate in the chain ( https://cacert.omniroot.com/bc2025.crt ) looked like this:
0Çw0Ç_† π0
*ÜHܘ
0Z10 UIE10U
Baltimore10U
CyberTrust1"0 UBaltimore CyberTrust Root0
000512184600Z
250512235900Z0Z10 UIE10U
Baltimore10U
CyberTrust1"0 UBaltimore CyberTrust Root0Ç"0
*ÜHܘ
Ç 0Ç
Ç £ª"´ò=WË&röµy‘)‚·Ëïı∞„[é+)ödfl°]Ì∞ m€(.Œb¢b˛¥à⁄Î8Î!ù¿A+R{àw"è«∫πàµj ÁsË@ß—Ã bç-Âè¶P"®P√(Íı´%áäöñ©g∏?’˜˘R/¬’ppè¿ Àö·Ÿ 3zw÷¯ÏπÒhDBH"¿¬§Æ^``˛∂¶¸¥›Y‘Yòcı•c‡ê}]≤zÛÖÍΑÆ^Ñ>_ˇÌiº˘96ruœwRMÛ…ê,π=Â…#S?$ò!\ô)Ω∆:ÏÁnÜ:kótc3Ωh1xçvø¸ûé]*ÜßMê‹'9 £E0C0UÂùY0ÇGXè˙T6Ü{:µM0Uˇ0ˇ0Uˇ0
*ÜHܘ
Ç Ö]é‰oQhB†›ªO'%ÑΩ˜d˝-◊0„§Î⁄))∂y?vˆ#∏
˘X§‘apΩajä’
Ω≈º0|÷È%çÜ@OÏã~8∆7OÌ›h1éL"≥tÓæu^Hpˇ\Ñ¿yÖ∏˝æe£¿¥¯R79’©1zø†*Ùô˜£EÇ„<^ıùûµ»û|.»§ûNKm˝pmkcΩdÊ∑ŒÚü.ª∑ÚPàsí¬‚„çö2´é›ÈÓ~5´êØ>0îz–3=ßeı¸éûbœGD,]ªµ2"G"8.–˛Å‹2jµÓ<’¸ÁÅ√$BÍc9©
So, I removed this part in the hopes that I have at least a valid file. Not sure if it helped because I still got the error.
I also tried changing the ActiveMerchant method by connection.rb
configure_ssl
changing
http.ca_file = File.dirname(__FILE__) + '/../../certs/cacert.pem'
to
http.ca_file = Rails.root + "app/vendor/plugins/active_merchant/lib/certs/cacert.pem"
I'm not sure if this pointed to my file correctly cacert.pem
, as I cannot write to the development log from that file. I don't even know if this file will be used if it points to the file correctly. There is a serious lack of information on this on the Internet.
My site doesn't work until I resolve this issue. I'm in complete panic. Any ideas where I need to look / what I need to do?
source to share
Thanks to your post, I was able to resolve this issue. I installed the newest activemerchant gem on another server and copied the cacert.pem from the new gem to the / vendor / plugins / active_merchant / lib / certs / directory of my not running server. Restart Apache and was able to successfully process cc.
This might be a bit of a workaround, but at least we can now accept payments again.
source to share
I was able to solve this on my own and luckily it was pretty easy. I'm glad I backed up the old file cacert.pem
!
I just copied the content of the old file cacert.pem
and pasted it at the beginning of my new file cacert.pem
. I have also given up the Baltimore CyberTrust Root certificate you collected mentioned above.
I also set the ActiveMerchant method connection.rb
configure_ssl
back to its original state.
TL; DR
Chaining new certificates together after all old certificates in cacert.pem
. Boom! Done. Following!
source to share