Authorize.NET integration changes for SOLO Server

You may have recently received several E-mails from Authorize.NET notifying you of upcoming integration changes that may impact your ability to accept and process payments. If you are using Instant SOLO Server Shared or Dedicated URL, no action is needed. If you are providing your own hosting for SOLO Server, action may be needed. Read on to determine what, if any action is needed to address these changes.

Important Authorize.Net Networking Change

Over the coming months, Authorize.Net will be upgrading access to the Internet connections that serve their data centers. Instead of allowing direct connections, all Internet traffic will be routed through Akamai, a third-party cloud network service that routes and delivers Internet traffic. As part of this change, Authorize.Net strongly recommends updating your web site to use a new transaction URL hosted by Akamai.

Do I need to take any action?

Regardless of the version of SOLO Server you are running, action is optional. The existing transaction URL will continue to function. If you would like to start using the new URL:

• If you are running SOLO Server version 1.10.3.3 or later, you must update the AuthorizeNETServer entry in the SOLO Server web.config file to https://secure2.authorize.net/gateway/transact.dll. You can determine what version of SOLO Server you are presently using by logging into the Administration interface, going to Authors / Author Home, scrolling down to the bottom and looking for SOLO Server Build: X.X.X.X.
• If you are running a version of SOLO Server prior to 1.10.3.3, please open a ticket and provide us with your current SOLO Server version number for further instructions.

Security Certificate Upgrades to api.authorize.net

On September 21, 2015, Authorize.NET is upgrading api.authorize.net to new security certificates, which are signed using Security Hash Algorithm 2 (SHA-2) and 2048-bit signatures.

Do I need to take any action?

No action is needed. SOLO Server does not use api.authorize.net.

Transaction ID Changes

In October of this year, due to system updates, it will be possible to receive Authorize.Net IDs (Transaction ID, Batch ID, etc.) that are not in sequential order. Additionally, Authorize.Net notes that any payment solutions should not restrict any Authorize.NET ID field to 10 characters.

Do I need to take any action?

No action is needed. SOLO Server does not rely on Authorize.NET Transaction IDs being in sequential order, and allots up to 25 characters for the Transaction ID, 5 more than the recommended limit of 20.

TLS Remediation for PCI DSS Compliance

New PCI DSS requirements state that all payment systems must disable TLS 1.0 by June 30, 2016. To ensure that compliance ahead of that date, Authorize.NET will be disabling TLS 1.0 first in the sandbox environment and then in our production environments.

Do I need to take any action?

• If you are running SOLO Server on Windows Server 2012 or greater, no action is needed.
• If you are running SOLO Server on Windows Server 2008 R2, action is needed. TLS 1.1 and 1.2 are not enabled by default on Windows Server 2008 R2, so you must verify TLS 1.1 and TLS 1.2 are enabled and enable them if not. See https://technet.microsoft.com/en-us/library/dn786418.aspx for more details on enabling TLS 1.1 and 1.2.
• If you are running SOLO Server on Windows Server 2008 or prior, you must upgrade to Windows Server 2008 R2 or later, as TLS 1.1 and 1.2 are not supported on Windows Server 2008 or prior.

Please contact us with any questions.