@Eminent Style: Yes, if your SSL Certificate is confirmed to be SHA-256 (also known as SHA-2), you should be all set.
> if your SSL Certificate is confirmed to be SHA-256 (also known as SHA-2), you should be all set.
Is SHA-256 = SHA-2 ? I read SHA-2 includes SHA-256 hash function ?
For my domain, shaaaaaaaaaaaaa.com just says "******** has a verifiable certificate chain signed with SHA-2. "
Does that mean that the certificate is confirmed to be SHA-256?
So if we don't use any ssl certificate in our store, we can't use IPN service on 30th september?
We have magento 1.7.0.2, and don't include any option to enable/disable IPN.
We can continue using paypal and receive only e-mails notifications or can I have other issues?
thank you.
@maxime_tanuki: SHA-256 is also known as SHA-2.
@Sergio Alfaro: You may need to contact PayPal to know if they will allow IPN without a SSL Certificate. This shouldn't affect anything that is not IPN related like the email notifications.
@JLHC wrote:
@Sergio Alfaro: You may need to contact PayPal to know if they will allow IPN without a SSL Certificate. This shouldn't affect anything that is not IPN related like the email notifications.
This is main thing we need to know. Currently magento does NOT use a secure (https) URL for the IPN so it wont even be using the SHA-256 cert (even if you have one). If PayPal will not longer accpet http:// URLs for the IPN then magento will need to be modified.
I ran into an issue on Sep 9th with my Magento store and paypal. Using Paypal payment advanced. Orders that go through are not setting the orders to procesing. When the PayFlowAdvancedcontroller.php is called it checks the order to see if its
Mage_Sales_Model_Order:TATE_PROCESSING or Mage_Sales_Model_Order:TATE_COMPLETE
Since the state wasn't updated the customer gets a "declined CC" message when their order actually went through. I can't seem to find the cause other then it must be related to this IPN service upgrade. Everything worked fine for the past couple years until last week.
When I check my SSL cert using the previous URL listed I get "has a verifiable certificate chain signed with SHA-2." my cert is from godaddy. Right now I'm having to manually handle all these order states and I don't know where to look to find out why the trasaction process isn't updating the orders to processing.
Has anyone seen this issue and know of a solution or a place to look.
-Eric
I hope this post helps.
http://civicrm.stackexchange.com/questions/6369/do-sites-without-ssl-now-need-one-for-paypal-ipn
Yes it does! Thanks for pointing it out.
Here's how I understand this:-
1. If you do not have a SSL Certificate, IPN will work as usual.
2. If you have a SSL Certificate with SHA-1, IPN will stop working.
3. If you have a SSL Certificate with SHA-256 (aka SHA-2), IPN will work as usual.
I can understand why PayPal is enforcing this though because having a SSL Certificate with SHA-1 may give users a false sense of security. This is not a "problem" with those without a SSL Certificate because users won't feel secure at all.
My problem is my SSL cert is SHA-256 and my magento paypal integration isn't talking anymore to paypal after the 9th.
PKCS #1 SHA-256 With RSA Encryption
There is a silent post/capture that is now not working when they place an order and the non secure IPN listener is working when I setup paypals IPN notification.
For example the communication through the links below no longer work which leaves the order at pending payment.
[silentpost] => TRUE [silentposturl] => https://www.mydomainname.com/paypal/payflowadvanced/silentPost [returnurl] => https://www.mydomainname.com/paypal/payflowadvanced/returnUrl
- domain name edited out
However I have the IPN messaging enabled (at paypal) turned on which sends IPN to http://www.mydomain.com/paypal/ipn This message goes through and magento finishes up the order based on that messaging.
The problem is with payflowadvanced that first transaction IPN needs to go through to keep the user from seeing a "Declined credit card" message.
Can anyone point me to a test script I can execute to try to determine why paypal isn't talking over SSL. As always thank you for any input you can provide.
-Eric