The below alert is from Paypal. They are about to update their certificates again. The last time this happened all Paypal transactions on Mikrotik failed until we received the 6.28 update.
Question is: Are we ready this time?
From Paypal…
As we have previously communicated to you, PayPal is upgrading the certificate for www.paypal.com to SHA-256. This endpoint is also used by merchants using the Instant Payment Notification (IPN) product.
This upgrade is scheduled for 9/30/2015; however, we may need to change this date on short notice to you to align to the industry security standard.
You’re receiving this notification because you’ve been identified as a merchant who has used IPN endpoints within the past year. If you have not made the necessary changes, we urge you to do so right away to avoid a disruption of your service!
Because these changes are technical in nature, we advise that you consult with your individuals responsible for your PayPal integration. They will be able to identify what, if any, changes are needed. Please share this email and the hyperlinks below with your technical contact for evaluation.
Testing in the Sandbox is one of the best ways to make sure your integration works. Sandbox endpoints have been upgraded to accept secure connections by the SHA-256 Certificates.
Full technical details can be found in our Merchant Security System Upgrade Guide. In addition, our 2015-2016 SSL Certificate Change microsite contains a schedule of our service upgrade plan.
Thanks for your patience as we continue to improve our services.
Yes I see potential for a problem.
It can be tested by using Paypal ‘sandbox’ as the sandbox certificates have been updated already.
But I can’t see how to use sandbox with mikrotik.
How can we alert Mikrotik to this upcoming issue do you think?
I can confirm that paypal will fail come 1st October.
The log on the Mikrotik reads “WARNING: Potentially malicious payment response received!”
(I would attach a screenshot but I’m not sure how to)
Last year you helped me with Paypal not accepting payments.
This was due to ssl certificate changes.
v6.28rc18 fixed the issue.
Now on the 1st of October this will happen again.
I have tested with Sandbox and it will fail. Please help before 1st October
How can we alert Mikrotik to this? What channel is open to me to address this before it happens?
I tested User Manager Paypal transactions with Sandbox and I can say it works well enough. Therefore, we should not have any problems with Paypal after this update.
/ip dns static add address=[:resolve sandbox.paypal.com] name=www.paypal.com
User Manager double checks transactions with Paypal after receiving Confirmed status. That double check should go to sandbox.paypal.com and not http://www.paypal.com.
I tried the static DNS as suggested. I no longer get an error but my payment just remains on “Status: Pending” and doesn’t complete.
I am happy to just assume that this will work on the 1st October. I will try it live on the first and send a post if there is any problem. I’m in NZ so can give you all a 10 hours head start
I’m not certain if it is a certificate issue - but we are on 6.28 and many transactions are timing out to PayPal. Didn’t notice anything in the changelog to indicate userman updates for these issues.
