cancel
Showing results for 
Search instead for 
Did you mean: 

CyberSource - Magento Extension ready for SHA2? Important

SOLVED

CyberSource - Magento Extension ready for SHA2? Important

Magento created this extension:

https://www.magentocommerce.com/magento-connect/cybersource-extension.html

 

Does anyone know if it has been tested for SHA2?

 

CyberSource released a notification on March 7th:

To ensure that your server-to-server communications withthe CyberSource platform maintain the highest levels of security, we are movingto eliminate the use of a SHA-1 based security certificate on the"ics2ws.ic3.com" transactional endpoint as of March 22nd, 2016. On this date, CyberSource will be upgrading this Productiontransaction-processing domain to use a SHA-2 based security certificate. 

 

All merchants using either the SOAP Toolkit or SimpleOrder API connection methods are advised to download the latest securitycertificates for the CyberSource transaction processing domain and to ensureyour payment application trusts them in order to ensure uninterruptedprocessing after March 22nd, 2016.

 

The latest security certificates can be obtained via ourKnowledgeBase site, at the following URL:

 

https://support.cybersource.com/cybskb/index?page=content&id=C1447&actp=search&viewlocale=en_US&sear...

 

As part of this change, any merchants using either the SOAPToolkit or a Simple Order API client as your connection method areadvised to attempt processing test transactions against our Test Environmentendpoint (https://ics2wstest.ic3.com/commerce/1.x/transactionProcessor/)to ensure uninterrupted processing.

 

If your version of the Simple Order API is not compatiblewith secure communications using a SHA-2 certificate, your transactionprocessing may cease to operate on March 22nd, 2016.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: CyberSource - Magento Extension ready for SHA2? Important

There hasn't been much talk about this so I figured I'd follow up with how to test.

Currently the extension provided by Magento is using the proper test url.

 

The endpoint URLs can be viewed in the file:

app/code/core/Mage/CybersOurce/Model/Soap.php

 

    const WSDL_URL_TEST = 'https://ics2wstest.ic3.com/commerce/1.x/transactionProcessor/CyberSourceTransaction_1.26.wsdl';
    const WSDL_URL_LIVE = 'https://ics2ws.ic3.com/commerce/1.x/transactionProcessor/CyberSourceTransaction_1.26.wsdl'

 

If you are using the CyberSource Extension provided by Magento and have not made any chances to the endpoint URLs you should be okay for SHA2.

 

Please make sure your SSL Certificate is SHA2 as well.

 

View solution in original post

1 REPLY 1

Re: CyberSource - Magento Extension ready for SHA2? Important

There hasn't been much talk about this so I figured I'd follow up with how to test.

Currently the extension provided by Magento is using the proper test url.

 

The endpoint URLs can be viewed in the file:

app/code/core/Mage/CybersOurce/Model/Soap.php

 

    const WSDL_URL_TEST = 'https://ics2wstest.ic3.com/commerce/1.x/transactionProcessor/CyberSourceTransaction_1.26.wsdl';
    const WSDL_URL_LIVE = 'https://ics2ws.ic3.com/commerce/1.x/transactionProcessor/CyberSourceTransaction_1.26.wsdl'

 

If you are using the CyberSource Extension provided by Magento and have not made any chances to the endpoint URLs you should be okay for SHA2.

 

Please make sure your SSL Certificate is SHA2 as well.