authorize.net 怎么会使用由不在众所周知的 curl.haxx.se/ca/cacert.pem 列表中的 CA 签名的证书? [英] How comes authorize.net uses a certificate that is signed with a CA that is not in the well known curl.haxx.se/ca/cacert.pem list?

查看:35
本文介绍了authorize.net 怎么会使用由不在众所周知的 curl.haxx.se/ca/cacert.pem 列表中的 CA 签名的证书?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

与 authorize.net 交易的 URL 是 https://secure.authorize.net/gateway/transact.dll .如果我们访问这个 URL 并检查证书,我们可以看到它是由中间证书签名的, CN = Entrust Certification Authority - L1E ,有效期至 2019 年 12 月 10 日 17:25:43.但是,如果您访问 Entrust 网站 https://validev.entrust.net/,您会看到他们的中介具有相同 CN 的证书有效期至 2021 年 11 月 11 日 23:00:59 - 所以它是更新的版本.这两个中间证书不共享同一个根证书.就我而言,出现问题是因为众所周知的列表 http://curl.haxx.se/caCURL 在我的配置设置中使用的/cacert.pem 不包含先前版本证书的根证书.它只包含新版本的根证书.当我在文件中手动添加旧版本的根证书时,问题解决了.但是,我想了解到底出了什么问题.该列表是否应该包含两个版本的根证书?Authorize.net 是否应该更新其证书,以便与更新的 CA 包匹配?

The URL for transactions with authorize.net is https://secure.authorize.net/gateway/transact.dll . If we visit this URL and inspect the certificate, we can see that it is signed by the intermediary certificate with CN = Entrust Certification Authority - L1E , valid to 10 décembre 2019 17:25:43. However, if you visit the Entrust site https://validev.entrust.net/, you see that their intermediary cert with the same CN is valid until 11 novembre 2021 23:00:59 - so it is a more recent version. These two intermediary certificates do not share the same root certificate. In my case, a problem occured because the well known list http://curl.haxx.se/ca/cacert.pem used by CURL in my configuration setting did not contain the root certificate for the previous version of the certificate. It contained only the root certificate for the new version. When I added the root certificate for the old version manually in the file, the problem was solved. However, I want to understand what exactly went wrong. Should have the list contained the root certificates for both versions? Should have Authorize.net updated its certificate so that it matches with the more up to date CA bundle?

推荐答案

更新:这不再是必要的,因为 Authorize.net 已更新其生产服务器的证书.

您可能会发现它突然停止工作,因为 Ubuntu ca-certificates 软件包在最近的更新中放弃了对它们的支持:

You may have found this to stop working all of a sudden because the Ubuntu ca-certificates package just dropped support for them in the most recent update:

http://changelogs.ubuntu.com/changelogs/pool/main/c/ca-certificates/ca-certificates_20141019ubuntu0.12.04.1/changelog

http://changelogs.ubuntu.com/changelogs/pool/main/c/ca-certificates/ca-certificates_20141019ubuntu0.14.04.1/changelog

前几天我和我的同事在一个客户身上遇到了这个问题——他们的捐款突然停止了.

My coworkers and I encountered this with a client just the other day--their donations suddenly stopped working.

真正的解决方案是 Authorize.net 需要更新他们的证书.但是,与此同时,您可以只添加一个缺少的证书.我在此处汇总了有关如何在 Ubuntu 中执行此操作的说明:

The real solution is that Authorize.net needs to update their certificate. However, in the meantime, you can just add the one missing certificate. I put together notes on how to do this in Ubuntu here:

https://aghstrategies.com/content/SSL3_GET_SERVER_CERTIFICATE

我还在 https 上保存了一个根证书(尽管它可能不安全)://github.com/agh1/ca-certificate-for-authorize.net

同样,我希望这只是一个短期解决方案,直到他们获得新证书,但这将是一个很好的权宜之计.

Again, my hope is that this only needs to be a short-term solution until they get a new certificate, but this will be a good stop-gap.

这篇关于authorize.net 怎么会使用由不在众所周知的 curl.haxx.se/ca/cacert.pem 列表中的 CA 签名的证书?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆