Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSL error when connecting to sandbox API #187

Open
benlieb opened this issue Dec 28, 2020 · 0 comments
Open

SSL error when connecting to sandbox API #187

benlieb opened this issue Dec 28, 2020 · 0 comments

Comments

@benlieb
Copy link

benlieb commented Dec 28, 2020

I can't connect to the API. I'm getting the following SSL error:

#<OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain)>

I'm not an expert by any means in SSL so I'm not really sure how to solve this.

My colleage can run the code in his local environment and not get this error. Does it depend on ssl? I'm using openssl 1.1.1h he is using libressl. The same error occurs on our production machine using openssl 0.9. All 3 machines are Mac.

The output of:

─$ openssl s_client -showcerts -connect apitest.authorize.net:443

is:

CONNECTED(00000005) depth=1 C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2012 Entrust, Inc. - for authorized use only", CN = Entrust Certification Authority - L1K verify return:1 depth=0 C = US, ST = California, L = Foster City, O = Authorize.Net, CN = *.authorize.net verify return:1
--- Certificate chain  0 s:C = US, ST = California, L = Foster City, O = Authorize.Net, CN = *.authorize.net    i:C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2012 Entrust, Inc. - for authorized use only", CN = Entrust Certification Authority
- L1K
-----BEGIN CERTIFICATE----- MIIGxzCCBa+gAwIBAgIQfjbSKF+9lNAAAAAAUP5NeTANBgkqhkiG9w0BAQsFADCB ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy MDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0y MDAyMDUyMDQ0MDhaFw0yMTAzMTUyMTE0MDhaMGoxCzAJBgNVBAYTAlVTMRMwEQYD VQQIEwpDYWxpZm9ybmlhMRQwEgYDVQQHEwtGb3N0ZXIgQ2l0eTEWMBQGA1UEChMN QXV0aG9yaXplLk5ldDEYMBYGA1UEAwwPKi5hdXRob3JpemUubmV0MIIBIjANBgkq hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnBMtpwsQcEI3Pd7MKBPs/bhVye/yYNnL Pp3zrJloBy217QtpZpbXj9c1Sjt7xMXv9RotOt9aSbOsAc7CGkKPuwUIcdVbQg/8 gOlWxuT2zF+gek3NzmQSUSbrnVLe5XuT5OQBxjLH922Rm5OTJ3k6rcrQz6Q3nN37 hBClYcHBlTdnFTfCFsSDMAm2w9njNgLSkF1JaPnWfTPnda8xBmqLwJBDgTEy/a1P kPnbsosyp1/R9cE5Dn7VuFfzEgN/D9/YNbg8KxK63O5GVswc/mSzHT19wb4lgXlF zptvoYHKIyl1KwCw4/tt5fAuI59KRUAYzQKQFTcRZbNcYAEccmKilwIDAQABo4ID FjCCAxIwKQYDVR0RBCIwIIIPKi5hdXRob3JpemUubmV0gg1hdXRob3JpemUubmV0 MIIBfQYKKwYBBAHWeQIEAgSCAW0EggFpAWcAdQBVgdTCFpA2AUrqC5tXPFPwwOQ4 eHAlCBcvo6odBxPTDAAAAXAXNAX7AAAEAwBGMEQCIAOcM5IXfx51+2Ne2ApYlwkw /sHPMPZUSbXYwF6m4P4uAiBZOnqTkH63rvErM3JZ3nLc0om+qqRLriHI5KZxYN4O JQB2AFYUBpov18Ls0/XhvUSyPsdGdrm8mRFcwO+UmFXWidDdAAABcBc0BggAAAQD AEcwRQIhAJrKOTbyOlcTpELU1FDB844Svqz0BQFO5a8beVuPQoulAiAZwnatMff6 6VGE80UJ8BqHDwPFZOjj5jt4dHtYKonU/AB2AKS5CZC0GFgUh7sTosxncAo8NZgE
+RvfuON3zQ7IDdwQAAABcBc0BgQAAAQDAEcwRQIgbC4cCT2jB38DWbzWobGL4NG1 9BdOTPaWd3acm2v+7yACIQDE2H8U5+65+IMrn5UXRFP/DdSCHNQI/xr7OKEQGDJp 4zAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC MDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwuZW50cnVzdC5uZXQvbGV2ZWwx ay5jcmwwSwYDVR0gBEQwQjA2BgpghkgBhvpsCgEFMCgwJgYIKwYBBQUHAgEWGmh0 dHA6Ly93d3cuZW50cnVzdC5uZXQvcnBhMAgGBmeBDAECAjBoBggrBgEFBQcBAQRc MFowIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0MDMGCCsGAQUF BzAChidodHRwOi8vYWlhLmVudHJ1c3QubmV0L2wxay1jaGFpbjI1Ni5jZXIwHwYD VR0jBBgwFoAUgqJwdN28Uz/Pe9T3zX+nYMYKTL8wHQYDVR0OBBYEFK069bMPyloE nNXcyli5AieCD9MiMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAB2wqZ17 AAmYCO4EnmXWDTp1D9iBbNQxYSnj6oR9w0kMVahQ4Q43rdERaw2BsNWByG2peXP0 GRoOTUr5dpAKu5qa1A4V93Y/pc8RuDM0mxI/EmgzO7D4eSPRvC6735sa6XVDc5mk G9hccypCAR6u+tYeXGTmcYG10zunnHPQIf67zM1INdm+pfMfBc/IzvZ7tVWkfOEQ Wl2C/+i5hcdrIONTWD7QWqmr34kZckq+NLcF0z2M70ZdwvdeWxf1xFjgGfdoakuH PsuQI8XDA9DMc3r4GbTid70rTB+z0DNajMz/jGOm7r/Sp2C8wK+ukrzd9vVpZyf/ Q+GfoA0hiovUxiI=
-----END CERTIFICATE-----  1 s:C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2012 Entrust, Inc. - for authorized use only", CN = Entrust Certification Authority - L1K    i:C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2009 Entrust, Inc. - for authorized use only", CN = Entrust Root Certification Authority - G2
-----BEGIN CERTIFICATE----- MIIFDjCCA/agAwIBAgIMDulMwwAAAABR03eFMA0GCSqGSIb3DQEBCwUAMIG+MQsw CQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2Vl IHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkg RW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MTIwMAYDVQQD EylFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjAeFw0x NTEwMDUxOTEzNTZaFw0zMDEyMDUxOTQzNTZaMIG6MQswCQYDVQQGEwJVUzEWMBQG A1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5l dC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMTIgRW50cnVzdCwgSW5jLiAt IGZvciBhdXRob3JpemVkIHVzZSBvbmx5MS4wLAYDVQQDEyVFbnRydXN0IENlcnRp ZmljYXRpb24gQXV0aG9yaXR5IC0gTDFLMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A MIIBCgKCAQEA2j+W0E25L0Tn2zlem1DuXKVh2kFnUwmqAJqOV38pa9vH4SEkqjrQ jUcj0u1yFvCRIdJdt7hLqIOPt5EyaM/OJZMssn2XyP7BtBe6CZ4DkJN7fEmDImiK m95HwzGYei59QAvS7z7Tsoyqj0ip/wDoKVgG97aTWpRzJiatWA7lQrjV6nN5ZGhT JbiEz5R6rgZFDKNrTdDGvuoYpDbwkrK6HIiPOlJ/915tgxyd8B/lw9bdpXiSPbBt LOrJz5RBGXFEaLpHPATpXbo+8DX3Fbae8i4VHj9HyMg4p3NFXU2wO7GOFyk36t0F ASK7lDYqjVs1/lMZLwhGwSqzGmIdTivZGwIDAQABo4IBDDCCAQgwDgYDVR0PAQH/ BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwMwYIKwYBBQUHAQEEJzAlMCMGCCsG AQUFBzABhhdodHRwOi8vb2NzcC5lbnRydXN0Lm5ldDAwBgNVHR8EKTAnMCWgI6Ah hh9odHRwOi8vY3JsLmVudHJ1c3QubmV0L2cyY2EuY3JsMDsGA1UdIAQ0MDIwMAYE VR0gADAoMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LmVudHJ1c3QubmV0L3JwYTAd BgNVHQ4EFgQUgqJwdN28Uz/Pe9T3zX+nYMYKTL8wHwYDVR0jBBgwFoAUanImetAe 733nO2lR1GyNn5ASZqswDQYJKoZIhvcNAQELBQADggEBADnVjpiDYcgsY9NwHRkw y/YJrMxp1cncN0HyMg/vdMNY9ngnCTQIlZIv19+4o/0OgemknNM/TWgrFTEKFcxS BJPok1DD2bHi4Wi3Ogl08TRYCj93mEC45mj/XeTIRsXsgdfJghhcg85x2Ly/rJkC k9uUmITSnKa1/ly78EqvIazCP0kkZ9Yujs+szGQVGHLlbHfTUqi53Y2sAEo1GdRv c6N172tkw+CNgxKhiucOhk3YtCAbvmqljEtoZuMrx1gL+1YQ1JH7HdMxWBCMRON1 exCdtTix9qrKgWRs6PLigVWXUX/hwidQosk8WwBD9lu51aX8/wdQQGcHsFXwt35u Lcw=
-----END CERTIFICATE-----  2 s:C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2009 Entrust, Inc. - for authorized use only", CN = Entrust Root Certification Authority - G2   i:C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2009 Entrust, Inc. - for authorized use only", CN = Entrust Root Certification Authority - G2
-----BEGIN CERTIFICATE----- MIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMC VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50 cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3Qs IEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVz dCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwHhcNMDkwNzA3MTcy NTU0WhcNMzAxMjA3MTc1NTU0WjCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVu dHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwt dGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0 aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmlj YXRpb24gQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQC6hLZy254Ma+KZ6TABp3bqMriVQRrJ2mFOWHLP/vaCeb9zYQYKpSfYs1/T RU4cctZOMvJyig/3gxnQaoCAAEUesMfnmr8SVycco2gvCoe9amsOXmXzHHfV1IWN cCG0szLni6LVhjkCsbjSR87kyUnEO6fe+1R9V77w6G7CebI6C1XiUJgWMhNcL3hW wcKUs/Ja5CeanyTXxuzQmyWC48zCxEXFjJd6BmsqEZ+pCm5IO2/b1BEZQvePB7/1 U1+cPvQXLOZprE4yTGJ36rfo5bs0vBmLrpxR57d+tVOxMyLlbc9wPBr64ptntoP0 jaWvYkxN4FisZDQSA/i2jZRjJKRxAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAP BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqciZ60B7vfec7aVHUbI2fkBJmqzAN BgkqhkiG9w0BAQsFAAOCAQEAeZ8dlsa2eT8ijYfThwMEYGprmi5ZiXMRrEPR9RP/ jTkrwPK9T3CMqS/qF8QLVJ7UG5aYMzyorWKiAHarWWluBh1+xLlEjZivEtRh2woZ Rkfz6/djwUAFQKXSt/S1mja/qYh2iARVBCuch38aNzx+LaUa2NSJXsq9rD1s2G2v 1fN2D807iDginWyTmsQ9v4IbZT+mD12q/OWyFcq1rca8PdCE6OoGcrBNOTJ4vz4R nAuknZoh8/CbCzB428Hch0P+vGOaysXCHMnHjf87ElgI5rY97HosTvuDls4MPGmH VHOkc8KT/1EQrBVUAdj8BbGJoX90g5pJ19xOe4pIb4tF9g==
-----END CERTIFICATE-----
--- Server certificate subject=C = US, ST = California, L = Foster City, O = Authorize.Net, CN = *.authorize.net

issuer=C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2012 Entrust, Inc. - for authorized use only", CN = Entrust Certification Authority - L1K

--- No client certificate CA names sent
--- SSL handshake has read 4298 bytes and written 641 bytes Verification: OK
--- New, TLSv1.2, Cipher is AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : AES256-GCM-SHA384
    Session-ID: A2982432F7DD99178A611C2F5D25409F91236B173AF83B08C0E479142EB590AF
    Session-ID-ctx:
    Master-Key: ECBB0DEAE245D006AA30D090D9D00B8C937DBECB2F8D1A19EC8B720A5B3A1A946B55FC00C20778E0FD89E6EF98A730E1
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1608845194
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: yes

And I don't see a self-signed cert in there? Or am I on the wrong trail...

The code is simple and you can try it at home to test yourself if you feel inclined.

include AuthorizeNet::API
trx = AuthorizeNet::API::Transaction.new('8Gxa...', '6LKh9...', gateway: :sandbox)
request = CreateCustomerProfileRequest.new
request.profile = CustomerProfileType.new
request.profile.merchantCustomerId = 'abc'
request.profile.description = 'name'
response = trx.create_customer_profile(request)

So I would like to know:

  • If this is a problem with my setup/environment, and how to fix it.
  • Or, to understand if this is a problem on the API's part, and what to do so I can still use the API.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@benlieb