Jump to content

Paypal moving to SHA-256 certificate


estratos

Recommended Posts

I recently received an e-mail from Paypal asking us to do the necessary changes in the webstore to become compliant with their new SHA-256 algorithm. They seem to be discontinuing the old VeriSign G2 Root Certificate method in fact.

 

Does the Paypal module already takes this into account? We have version 3.9.0 of this module.

 

Our version of Prestashop is 1.5.6.2

 

Thanks in advance for your help.

 

 

 

Link to comment
Share on other sites

Thats not entirely true.  PAYPAL is upgrading their SSL certificates, that means when your server connects to PAYPAL, it needs to do so using the newer encryption.  So depending on your module and version, it may or may not work...

What do you say ?
Certificates are available and sent ONLY if you communicate with a ssl protocol between your site and Paypal server
Link to comment
Share on other sites

Thats not entirely true.  PAYPAL is upgrading their SSL certificates, that means when your server connects to PAYPAL, it needs to do so using the newer encryption.  So depending on your module and version, it may or may not work...

Hello,
I installed version v3.10.2 module Paypal
Prestashop version 1.6.0.14
 
Not having installed SSL in my shop, I upgraded to the latest version module Paypal.
 
We hope well.
Link to comment
Share on other sites

PayPal is upgrading their SSL certificates. No action is required since official PayPal modules for PrestaShop (at least all the version we've ever seen) do not verify the certificate.

 

Technical details:

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
Some old PayPal modules use fsockopen() when curl library is not available and there is no certificate verification as well.

 

It means everyone is safe (in the meaning of the SSL upgrade - otherwise it is actually great idea to always verify the certificate).

Link to comment
Share on other sites

I received the same email and contacted our hosting providers. I have not received a reply yet but if they come up with anything useful I will post it here.

 

This is the reply from our hosting providers:

 

'We have been receiving a number of questions regarding this change by PayPal. The deprecation of SHA-1 has been occurring for some time and we have updated our servers accordingly. The most common issue we have encountered with this change is with customers that have older SSL certificates installed for their domains. In these cases, we are able to reissue these to the new SHA-256 algorithm (if you have purchased the certificates from us). Our server's are updated properly for Apache and OpenSSL. To know the status of your SSL certificate please reply to this email as a form of verification so that we can assist you further. If you have any queries, please get back to us.'

 

So, from the above reply, it seems that this might only affect sites that have SSL installed depending on the SSL certificate used. You might also like to check with your own hosting providers if their servers have been upgraded to be compatible to SHA-256.

  • Like 1
Link to comment
Share on other sites

What about website using prestashop cloud version? I have no host partner to contact for any update paypal require!

This topic is related only to paypal module and has nothing to do with main use of SSL on your server or not.

 

For Paypal Module and the mail they've sent to their customers please read topic #11. The Prestashop Paypal module bypasses the SSL, so it is not necessary to have SSL installed on the server for to use paypal, and you can ignore the mail.

Edited by selectshop.at (see edit history)
Link to comment
Share on other sites

ok so I sent a message to prestashop addons, got a message back saying to send a message to the developer, now I just received an email asking to open a support ticket which I did I will post here what they say when they get back to me.

 

am still worried about the IPN issue with this

Link to comment
Share on other sites

I have version 1.4.8.2 and paypal v3.8.0

 

Will I have a problem with the SHA-256 certificate?

 

ok so I sent a message to prestashop addons, got a message back saying to send a message to the developer, now I just received an email asking to open a support ticket which I did I will post here what they say when they get back to me.

 

am still worried about the IPN issue with this

 

But you read what is written or not ????
 
If your site is not in mod ssl, ignore this message.
 
Otherwise check with your hoster / webmaster validity of your certificate.
 
This is not a problem with the Paypal MODULE, okay?
  • Like 1
Link to comment
Share on other sites

Hi yes I did read it, This message worries me 

 

You’re receiving this notification because you’ve been identified as a merchant who has used IPN endpoints within the past year. If you have not made the necessary changes, we urge you to do so right away to avoid a disruption of your service!

 

 

while some of the posts are saying its to do with a SSL cert on your website paypal has said its also to do with IPN endpoints which apparently the module does use,

 

I understand partially what is going on, and that it is about a SSL cert on your website ahs to be 256bit but paypal mentions IPN also and I have an IPN.php in my module folder for paypal, also in a thread I started another user asked if I have IPN.php and I do, my IPN notifictions in paypal were never switched on since it was created so it can only come from the module itself.

 

I only use the paypal module as my only form of payment so you can understand that if I could not receive any payments then it would be a devastating blow to my business.

Link to comment
Share on other sites

  • 5 months later...

You will need to either:

  • install curl PHP extension (ask host support or adjust custom php.ini file if suPHP is there)
  • edit /modules/paypal/validation.php file (to make fsockopen() connection compatible with HTTP 1.1 and TLS).
Link to comment
Share on other sites

  • 2 weeks later...
Guest locen

Hi, my hosting told me that i should buy another hosting because the actual has not these certificate. is it possible?

Link to comment
Share on other sites

Hi, my hosting told me that i should buy another hosting because the actual has not these certificate. is it possible?

If your provider is answering so, than you should buy another hosting package, cause it does not include what needed.

 

BTW which is exactly your problem ? As told before, there is the possibility to adjust one file on the module. See here some post before: https://www.prestashop.com/forums/topic/468657-paypal-moving-to-sha-256-certificate/page-2?do=findComment&comment=2273181

Link to comment
Share on other sites

Guest locen

but if I install this i will have some problem? 

i contacted also paypal and they reply to me that it will release new paypal version to solve this but i don't know if my website supported this. 

I suppose that my hosting provider told me this to still spend some money

Link to comment
Share on other sites

Guest locen
Payments and Gateways

PayPal v3.8.1 - by PrestaShop -  Official

Accepts payments by credit cards (CB, Visa, MasterCard, Amex, Aurore, Cofinoga, 4 stars) with PayPal.


Link to comment
Share on other sites

In modules/paypal/ipn.php file

Find:

return Tools::file_get_contents($action_url.$request);

Replace with:
 

return Tools::file_get_contents($action_url.$request, false, @stream_context_create(array('http' => array('timeout' => 5, 'verify_peer' => false))));

That should resolve the problem.

In fact, this issue affects the entire PrestaShop. If you want to fix it globally:

In classes/Tools.php file:

Find:

$stream_context = @stream_context_create(array('http' => array('timeout' => $curl_timeout)));

Replace with:

$stream_context = @stream_context_create(array('http' => array('timeout' => $curl_timeout, 'verify_peer' => false)));

(applies to PrestaShop 1.6, for other PS versions the instructions may differ)

 

The problem you are having actually affects all users without curl enabled on their severs - we will report this to PS team.

Edited by inweb (see edit history)
Link to comment
Share on other sites

Guest locen
ok but if i will modify these lines will cause problems on safety? paypal told me that they will do the upgrade.

But my host told me that my site is not compatible with these certificates, with these changes will be compatible? I can take fines?

Link to comment
Share on other sites

You don't need to verify anything. Your website URL will not help to see whether certificates used by PHP to make a connection are installed.

 

Follow the instructions we've sent you and it starts to work. If you are in doubt, change your host (however, it will just cost you money & peer will not be verified anyway).

Link to comment
Share on other sites

  • 4 weeks later...
  • 5 weeks later...
Guest locen

Hello,

I'm switching old hosting to new to have SHA-256, G5 e TLS 1.2, HTTP/1.1. 

but someone told me that the cURL version must be updated to the latest version available but the provider told me that is only used with SSL ..

 

I use paypal europe

Could you help me understand?
Edited by locen (see edit history)
Link to comment
Share on other sites

Are you switching to the new host to get SHA-256 SSL certificate for your domain? It may or may not resolve the problem with PayPal module since it does not depend on each other.

 

cURL support SHA256 for a very long time already. This issue is about certificates installed along with cURL - see the previous posts including this post that come with a quick fix (no need to change host or carry out any complex tasks).

Link to comment
Share on other sites

Guest locen

Yes but in my actual server SHA256, TLS 1.2 and HTTP 1.1 are not available.

So I will discover it on June or now if I updated the new module i will discover if all security is ok?

Link to comment
Share on other sites

No doubts, using the SHA256 certificate for your domain is a great idea.

 

PayPal Europe v3.10.8 module uses cURL or fsockopen() function to connect to the PayPal server. It could resolve the problem because as far as I know fsockopen() does not verify the peer (can not guarantee it).

Link to comment
Share on other sites

Guest locen

so i will know if all will be ok when all website is transferred or i will know this on June?

 

another question..i need only to update paypal version, no need to make the changes that you written before?

Edited by locen (see edit history)
Link to comment
Share on other sites

Guest locen

tomorrow agency will transfer my website and i will test it after update.

 

Then i mean: if it is fully in line to the new standard security, I can see it immediately after trasnsfer or I should I wait 17 June for updates?

Link to comment
Share on other sites

You will find out whether it is working on new host as soon as your website is transferred. If it is gonna be transferred before June, you will need to wait until June 17 (or test via PayPal Sandbox that has already been updated to SHA-256).

Link to comment
Share on other sites

Guest locen

but if i test this i can't receive payment in these minutes.

Paypal account is connected at several ebay platforms and i can't set it off.

Link to comment
Share on other sites

Disable Paypal as a payment method on your store for a few minutes while you test.  Create a new customer group in Prestashop, assign your test customer to this group, and then configure Paypal to allow only this group.

 

Now you can configure the Paypal module to use the sandbox API settings, and perform your testing.

 

When you are finished with your testing, reconfigure the paypal module to use your live paypal account settings, and then add back all the appropriate customer groups to the module.

 

This testing will not affect your ability to accept Paypal payments on ebay or other stores

Link to comment
Share on other sites

Guest locen

and how can i set only one group for this payment? and with sandbox it pay really or it simulate?

thanks

Link to comment
Share on other sites

Guest locen

another question, after paypal upgrade sha-256, tls 1.2, http 1.1 i must activate IPN or can I keep this option disabled? NOW IPN is DISABLED and i have not SSL CERTIFICATE.

Can i keep this option disabled without ssl certificate?

 

help me please

Edited by locen (see edit history)
Link to comment
Share on other sites

Guest locen

so if don't activate IPN i don't have to install SSL certificate before Paypal Upgrading in 17June 2016,right?

and about G5 what is?

Edited by locen (see edit history)
Link to comment
Share on other sites

Guest locen

in live mode all works and i see payment accepted.

In sandbox mode when i make payment i see "waiting for paypal payment".

I made test in sandbox because i want to know if all ssl are ok before 17June 2016.

if in sandbox I receive this status, after 17june it will works, right?

Link to comment
Share on other sites

Guest locen

yes, i have all: sha-256, tls 1.2, http 1.1 and g5.

I don't see any error in paypal's module page.

Link to comment
Share on other sites

Guest locen

you speak about buy ssl certificate?

 

I spoke with paypal official (not module developer) and they told me that i can not install ssl certificate if i don't have IPN active. now IPN is not active.

Edited by locen (see edit history)
Link to comment
Share on other sites

you speak about buy ssl certificate?

 

I spoke with paypal official (not module developer) and they told me that i can not install ssl certificate if i don't have IPN active. now IPN is not active.

  • You can install a SSL certificate on your domain any time, no need PayPal.
  • IPN requires SSL certificate of your domain only in certain cases.
  • The reply from PayPal (if stated as above) is a non-sense.
Link to comment
Share on other sites

Guest locen

yes but i can not install SSL if i have not IPN. I don't want install SSL.

i have no IPN and it should be work in sandbox. 

Link to comment
Share on other sites

What is actually set in your PayPal account is not reflected - all the details are setup by the PrestaShop PayPal module.

 

@bellini13 already told you:
 

If you are talking about activating IPN in your Paypal account, then the answer is No.  You do not need to activate IPN in order for the module to work, the module will tell Paypal where to send the IPN

Link to comment
Share on other sites

Guest locen

I'm not talking to activate IPN, if ipn can stay disabled is better. My question is: if now i receive "waiting for paypal payment" can i will have problems? I missed to say that i use europe version. Tomorrow i will post all settings

Link to comment
Share on other sites

You are not listening to what you have been told already.

 

The module tells Paypal where to send the IPN.  Your account setting can be disabled, and still use IPN.  This only means that Paypal will send the IPN to the module, and it will not send it anywhere else.

 

So...

1) IPN is required

2) The paypal module will tell Paypal where to send the IPN

3) IPN should remain disabled in your Paypal profile account

 

With that information, you need to investigate why the IPN was not received when testing in the Sandbox.  It is time to go back to Paypal support with this information, and find out if SSL is required or not...

Link to comment
Share on other sites

Guest locen

i realized that account used for test was not customer but guest

and these are all paypal module configuration

post-1119372-0-83667500-1464159748_thumb.png
post-1119372-0-34152900-1464159757_thumb.png
post-1119372-0-16667400-1464159764_thumb.png
 
Paypal is europe version
Edited by locen (see edit history)
Link to comment
Share on other sites

@locen, in a different post you said you were trying to test this on your local pc, with a host name change. 

https://www.prestashop.com/forums/topic/268052-paypal-sandbox-prestashop-very-confusing-setup/?p=2333266

 

I replied to you that you cannot test the paypal module like that.  Paypal Europe uses IPN, and the IPN will not be able to reach your localhost pc.  You are also completely missing the point of this test, which is to confirm that your SERVER meets the new requirements, so why would you test this on your local pc...

Link to comment
Share on other sites

Guest locen

i'm not testin in my local pc. i chaned my files host to view new website but website is in the server.

Sorry but i'm not very expert and i make a lot of confusion

Link to comment
Share on other sites

Guest locen

sorry @bellini13 for my ignorance: my doubt is: i have to install SLL certificate? 

all payment are not in my website, thery are connected to paypal.

help me :(

Edited by locen (see edit history)
Link to comment
Share on other sites

To make that easier to understand, this big change has 2 little things on it.
The cert used to make the https connection, and the sha function to "hash" everything with the certs.

Now everything is moving to sha256, and your root certs have to be updated.

Old certs still works due to backward compatibility, but will end some day, so the better if you upgrade it now.

Also, your Paypal module should be updated to last, otherwise will still be using sha1 function.

Edited by wippa (see edit history)
Link to comment
Share on other sites

So I see a lot of "it's not the module" and "you don't need to do anything [ about the security upgrades, it's their SSL ]." However, the PayPal tech document specifies new URLs and deprecates others. When I checked the code of the most recent Prestashop PayPal module, it looked like URL changes were needed. Additionally, Prestashop has announced that they will be updating the module security in the 2nd quarter of 2016.

 

Do we need to change those URLs?

 

Where's the module update?

 

Thank you.

 

J

Link to comment
Share on other sites

Hi guys,

 

I've read through the posts, but still don't understand if my prestashop cloud page version 1.6.1.1. (domain from onlydomain) will work with the Paypal module:

 

PayPal Mexico v1.3.11 - by PrestaShop -  Official

 

For now it is the latest version of Paypal Mexico I've seen in my modules. 

When I try to activate the Sandbox Test format, it says:Your Paypal API crendentials are not valid, please double-check their values or contact PayPal.

And when I try to connect to the Sandbox Apis, it says some information is not correct.

I don't know if this means that the version is not compatible with the SHA upgrade or if it is another type of issue.

 

Could you clear me? Help :D

 

P.S. oh no, I'm getting this error now too from my checkout:

Unexpected payment error

Unfortunately, an error occured while communicating with PayPal.

Unfortunately, an error occured while communicating with PayPal.

Short Error Message: Security error
Detailed Error Message: Security header is not valid
Error Code: 10002
Please contact our Customer service and mention this error code to get this issue resolved.

 

uuuupsss... no wonder we've not had too much of orders!

Edited by La Tienda (see edit history)
Link to comment
Share on other sites

Hello Comrades  :)

 

I Use the official version "3.10.9 PayPal" with account in Bulgaria.

My question is: This module support SHA-256 ?

 

Already I wrote to the hosting provider, they told me that the server supports SHA-256 and I need to check if the module and it supports SHA-256!

 

Can I confirm the hosting provider that the module supports SHA-256 ?

Link to comment
Share on other sites

Guest locen

Hi guys,

 

I've read through the posts, but still don't understand if my prestashop cloud page version 1.6.1.1. (domain from onlydomain) will work with the Paypal module:

 

PayPal Mexico v1.3.11 - by PrestaShop -  Official

 

For now it is the latest version of Paypal Mexico I've seen in my modules. 

When I try to activate the Sandbox Test format, it says:Your Paypal API crendentials are not valid, please double-check their values or contact PayPal.

And when I try to connect to the Sandbox Apis, it says some information is not correct.

I don't know if this means that the version is not compatible with the SHA upgrade or if it is another type of issue.

 

Could you clear me? Help :D

 

P.S. oh no, I'm getting this error now too from my checkout:

Unexpected payment error

Unfortunately, an error occured while communicating with PayPal.

 

Unfortunately, an error occured while communicating with PayPal.

 

Short Error Message: Security error

Detailed Error Message: Security header is not valid

Error Code: 10002

Please contact our Customer service and mention this error code to get this issue resolved.

 

uuuupsss... no wonder we've not had too much of orders!

try to do this: 

Make sure you are in LIVE mode and NOT SANDBOX
- Make sure that the APIs that you specified are the LIVE mode, the Sandbox mode has different APIs
- Make sure that your PayPal account is unlocked and enabled to receive payments
- The 10002 error occurs when using the Express Checkout mode. Try to disable it and see if it solves the problem
Edited by locen (see edit history)
Link to comment
Share on other sites

Guest locen

 

Hello Comrades  :)
 
I Use the official version "3.10.9 PayPal" with account in Bulgaria.
My question is: This module support SHA-256 ?
 
Already I wrote to the hosting provider, they told me that the server supports SHA-256 and I need to check if the module and it supports SHA-256!
 
Can I confirm the hosting provider that the module supports SHA-256 ?

 

Hi, i use paypal europe and developer from this module told that this is the version support all new upgrades

Edited by locen (see edit history)
  • Like 1
Link to comment
Share on other sites

"you should only update your module in back office from your version to 3.10.9 "

 

Which PayPal module has that version? I see two modules in the marketplace and both are on 1.x versions.

 

The one I'm using:

http://addons.prestashop.com/en/8277-paypalusa.html

 

A paid module:

http://addons.prestashop.com/en/5314-paypal-direct-payments.html

 

It's the URL changes that concern me.

 

Best regards,

James

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...