Community discussions

MikroTik App
 
saburtwo
just joined
Topic Author
Posts: 6
Joined: Sun Aug 05, 2018 11:55 pm

SSL handshake error using PayPal starting 10th September

Sun Sep 13, 2020 9:33 pm

Hi

We have several hotspots using different SSL certificates from different vendors Comodo etc

Starting on the 10th of September 2020 none of them are processing PayPal payments and I am wondering if anybody else is effected.

error: PayPal - ssl connection error: handshake failed: unable to get local issuer certificate (6)

I'm not too sure if something has changed at PayPal but none of the router configurations have changed, all was working flawlessly before September the 10th as we were testing one in the field.
I don't think this is a configuration issue as I say nothing has changed and the SSL validates in a web browser when I access user manager from the outside world
We are using different certs on each user manager router so that rules the SSL cert out
The issue is present on different sw levels, both 6.47.1 and 6.45.9 effected

I have even gone as far as manually downloading the digicert certificates as recommended by PayPal and installing them, in fact I downloaded just about every one I could find but still getting the same error.

It wouldn't be too bad if I could simply change the status of the payment to [transaction-status=approved] but that doesnt appear to work:

[admin@Office] /tool user-manager payment> pr
12 user=testingac customer=admin price=50 currency="GBP" trans-start=sep/13/2020 18:46:01 trans-end=sep/13/2020 18:46:27 trans-status=error result-code=0
result-msg="PayPal - ssl connection error: handshake failed: unable to get local issuer certificate (6)" method=paypal

[admin@Office] /tool user-manager payment> set 12 trans-status=approved
failure: state change error
I suspect that this is because the return values from PayPal contain things like the purchased profile for example

However it worked the day before on the 9th of September:

[admin@Office] /tool user-manager payment> pr
0 user=Huawei customer=admin price=50 currency="GBP" trans-start=sep/09/2020 22:37:17 trans-end=sep/09/2020 22:37:43 trans-status=approved result-code=0 result-msg="Completed" method=paypal

Certificate status:
1 K T XXXXXXXXXXXXXXXXcrt_0 XXXXXXX DNS:XXXXXXXXXXXXX
2 L T USERTrustRSAAAACA.crt_0 USERTrust RSA Certification Authority
3 L T SectigoRSADomainValidationSecureServerCA.crt_1 Sectigo RSA Domain Validation Secure Server CA
4 L T AAACertificateServices.crt_2 AAA Certificate Services

Any ideas or anybody else effected?

Thanks
 
nzjimmy
newbie
Posts: 43
Joined: Tue Oct 03, 2017 11:47 pm

Re: SSL handshake error using PayPal starting 10th September

Mon Sep 14, 2020 1:04 am

I have the same issue. Never had an SSL cert to start with and was thinking maybe it was time to ad one but, you have one and the issue is still happening?

Anyone else having troubles?

Cheers, James
 
saburtwo
just joined
Topic Author
Posts: 6
Joined: Sun Aug 05, 2018 11:55 pm

Re: SSL handshake error using PayPal starting 10th September

Mon Sep 14, 2020 1:57 pm

Hi
MT support contacted me today and PayPal have updated their root certificate

The issue was fixed by upgrading to the beta version v6.48.beta38 which in turn updates the PayPal root cert

I have asked MT support why when I download the root certs myself from digicert for PayPal the router doesn't use them and I am awaiting a reply

Hope someone finds this helpful as it is a known issue

Thank you
James
 
saburtwo
just joined
Topic Author
Posts: 6
Joined: Sun Aug 05, 2018 11:55 pm

Re: SSL handshake error using PayPal starting 10th September

Mon Sep 14, 2020 3:01 pm

Hi

It turns out that the you can only update the root certificates by upgrading the router which has its own certificate store which is not visible to the users of winbox

This has been confirmed by mikrotik this morning so the only option is to update the router and user manager packages to the beta version mentioned above

Thank you
James
 
nzjimmy
newbie
Posts: 43
Joined: Tue Oct 03, 2017 11:47 pm

Re: SSL handshake error using PayPal starting 10th September

Tue Sep 15, 2020 6:45 am

Hi,

Thanks for the info - Did you mean beta38 or beta 35?

I've upgraded to beta 6.48.beta35 and still have the PayPal issue. Am I missing something?

Cheers. James
 
User avatar
emils
MikroTik Support
MikroTik Support
Posts: 653
Joined: Thu Dec 11, 2014 8:53 am

Re: SSL handshake error using PayPal starting 10th September

Tue Sep 15, 2020 3:20 pm

A fix is available in the latest build in testing release channel. It will also be available in the next stable and long-term builds of RouterOS.

What's new in 6.48beta40 (2020-Sep-14 13:34):

*) user-manager - updated PayPal's root certificate authorities;
 
nzjimmy
newbie
Posts: 43
Joined: Tue Oct 03, 2017 11:47 pm

Re: SSL handshake error using PayPal starting 10th September

Wed Sep 16, 2020 1:14 am

Thank you for such a quick fix, Mikrotik.

Who is online

Users browsing this forum: No registered users and 8 guests