Purpose of the article
To apply an important update
Who needs to take the action?
If you are using Authorize.net payment gateway along with any of the following Magento versions then it is a wakeup call for you:
Magento store owner using any of the below versions?
- Magento Commerce 1.X.X
- Magento Open Source 1.X.X
- Magento Commerce 2.X.X
- Magento Open Source 2.X.X
- Magento Commerce (Cloud) 2.X.X
- Authorize.Net Direct Post payment gateway
What raised the storm?
Authorize.net recently announced MD5 Hash End of Life & Signature Key Replacement!
After this latest announcement, the store owners will not be able to carry out secure payments using the Authorize.net Direct Post.
Authorize.Net is ushering out the MD5 based hash use for transaction response verification so as to pave the way for the SHA-512 based hash utilizing a Signature Key. It will stop the support for the MD5 based hash key use from March 14, 2019.
Please don’t get nervous, as Magento provides the security patch that merchants need to apply and replace the existing MD5 hash with a Signature Key (SHA-512) in the Magento Admin configuration settings.
Just apply a patch and be tension free!
How to really go about it?
- Apply the patch
- Get a new signature key
- Update admin configuration
Following the steps in detail
1. Applying the patch
Download the zip file for your desired Magento Version for the purpose of patch installation. You can also download these already Pre-Patched files from GitHub.
|Magento Version||Patch Files|
|Magento 1||Magento CE-22.214.171.124-CE-126.96.36.199|
|Magento 2||Magento CE-2.0.0-CE-2.3.0|
Note: If you use Magento Commerce Cloud, just apply the patch and deploy. For more information, please do visit Apply custom patches.
2. How to getting a new signature key?
- Just Follow the below mentioned steps so as to get a new signature key. To know more about the signature key, please do visit here.
- Log into the Merchant Interface at account.authorize.net
- Click Account from the main toolbar.
- Go to Settings in the main left-side menu.
- Click API Credentials & Keys.
- Select New Signature Key. Review the options available.
- Click Submit and continue.
- Request and enter the PIN for verification.
- Your new Signature Key will be shown to you which can be copied and added to your Magento Admin configuration.
3. How to updating Magento admin configuration?
- Log in to the admin panel.
- Go to Stores > Configuration.
- Click Sales > Payment Methods.
- Expand the Authorize.net Direct Post section.
- In the Signature Key enter the SHA-512 Signature Key.
- Click Save Config.
Where to enter the key in Magento 1:
Where to enter the key in Magento 2:
Benefits of applying the patch:
You will enjoy faster and more secure transactions backed up by the latest secure algorithms.
This is just a small and essential step towards a better, secure cyber environment.