Community discussions

 
blackwp
just joined
Topic Author
Posts: 22
Joined: Wed Sep 03, 2014 6:53 am

Paypal about to update certificates again!!

Mon Sep 14, 2015 12:32 am

The below alert is from Paypal. They are about to update their certificates again. The last time this happened all Paypal transactions on Mikrotik failed until we received the 6.28 update.
Question is: Are we ready this time?

From Paypal....
As we have previously communicated to you, PayPal is upgrading the certificate for www.paypal.com to SHA-256. This endpoint is also used by merchants using the Instant Payment Notification (IPN) product.

This upgrade is scheduled for 9/30/2015; however, we may need to change this date on short notice to you to align to the industry security standard.

You’re receiving this notification because you’ve been identified as a merchant who has used IPN endpoints within the past year. If you have not made the necessary changes, we urge you to do so right away to avoid a disruption of your service!

Because these changes are technical in nature, we advise that you consult with your individuals responsible for your PayPal integration. They will be able to identify what, if any, changes are needed. Please share this email and the hyperlinks below with your technical contact for evaluation.

Testing in the Sandbox is one of the best ways to make sure your integration works. Sandbox endpoints have been upgraded to accept secure connections by the SHA-256 Certificates.

Full technical details can be found in our Merchant Security System Upgrade Guide. In addition, our 2015-2016 SSL Certificate Change microsite contains a schedule of our service upgrade plan.

Thanks for your patience as we continue to improve our services.
 
marrold
Member
Member
Posts: 406
Joined: Wed Sep 04, 2013 10:45 am

Re: Paypal about to update certificates again!!

Mon Sep 14, 2015 2:26 am

Bumping for visibility
I'm a SIP / VoIP engineer. Feel free to ask questions...
 
blackwp
just joined
Topic Author
Posts: 22
Joined: Wed Sep 03, 2014 6:53 am

Re: Paypal about to update certificates again!!

Mon Sep 14, 2015 5:33 am

Thank you
 
User avatar
bax
Member Candidate
Member Candidate
Posts: 269
Joined: Mon Dec 20, 2004 8:45 pm
Location: Croatia

Re: Paypal about to update certificates again!!

Mon Sep 14, 2015 11:35 am

I also receive this notification ... my userman ROS is v 6.28 ... is there will be problems ?
 
blackwp
just joined
Topic Author
Posts: 22
Joined: Wed Sep 03, 2014 6:53 am

Re: Paypal about to update certificates again!!

Tue Sep 15, 2015 1:18 am

Yes I see potential for a problem.
It can be tested by using Paypal 'sandbox' as the sandbox certificates have been updated already.
But I can't see how to use sandbox with mikrotik.

How can we alert Mikrotik to this upcoming issue do you think?
 
blackwp
just joined
Topic Author
Posts: 22
Joined: Wed Sep 03, 2014 6:53 am

Re: Paypal about to update certificates again!!

Tue Sep 22, 2015 7:11 am

I have now configured a rb951 with Paypal sandbox. (thanks to post http://forum.mikrotik.com/viewtopic.php?t=81153)
Sandbox already has the new ssl certificates installed that will be active come 1st October on the live site

I can confirm that paypal will fail come 1st October.
The log on the Mikrotik reads "WARNING: Potentially malicious payment response received!"
(I would attach a screenshot but I'm not sure how to)

Last year you helped me with Paypal not accepting payments.
This was due to ssl certificate changes.

v6.28rc18 fixed the issue.

Now on the 1st of October this will happen again.
I have tested with Sandbox and it will fail. Please help before 1st October

How can we alert Mikrotik to this? What channel is open to me to address this before it happens?
 
User avatar
emils
MikroTik Support
MikroTik Support
Posts: 507
Joined: Thu Dec 11, 2014 8:53 am

Re: Paypal about to update certificates again!!

Tue Sep 22, 2015 5:53 pm

I tested User Manager Paypal transactions with Sandbox and I can say it works well enough. Therefore, we should not have any problems with Paypal after this update.
The log on the Mikrotik reads "WARNING: Potentially malicious payment response received!"
As for this, you can probably solve this by adding static dns entry for http://www.paypal.com to sandbox.paypal.com.
/ip dns static add address=[:resolve sandbox.paypal.com] name=www.paypal.com
User Manager double checks transactions with Paypal after receiving Confirmed status. That double check should go to sandbox.paypal.com and not http://www.paypal.com.
 
blackwp
just joined
Topic Author
Posts: 22
Joined: Wed Sep 03, 2014 6:53 am

Re: Paypal about to update certificates again!!

Wed Sep 23, 2015 4:59 am

Ah great and thank you so much for testing this.

I will try as you suggest!!
 
blackwp
just joined
Topic Author
Posts: 22
Joined: Wed Sep 03, 2014 6:53 am

Re: Paypal about to update certificates again!!

Mon Sep 28, 2015 6:26 am

I tried the static DNS as suggested. I no longer get an error but my payment just remains on "Status: Pending" and doesn't complete.

I am happy to just assume that this will work on the 1st October. I will try it live on the first and send a post if there is any problem. I'm in NZ so can give you all a 10 hours head start :)
 
hairfarmer
Frequent Visitor
Frequent Visitor
Posts: 63
Joined: Thu Jan 31, 2008 1:11 am

Re: Paypal about to update certificates again!!

Mon Oct 05, 2015 8:16 pm

I'm not certain if it is a certificate issue - but we are on 6.28 and many transactions are timing out to PayPal. Didn't notice anything in the changelog to indicate userman updates for these issues.
 
blackwp
just joined
Topic Author
Posts: 22
Joined: Wed Sep 03, 2014 6:53 am

Re: Paypal about to update certificates again!!

Mon Oct 05, 2015 10:52 pm

Yes all our PayPal transactions are now failing on all the sites that we administer.
This started to happen on the 4th October.

This will be caused by changes at Paypal.
 
blackwp
just joined
Topic Author
Posts: 22
Joined: Wed Sep 03, 2014 6:53 am

Re: Paypal about to update certificates again!!

Tue Oct 06, 2015 12:45 am

UPDATE: This may have been a temporary glitch. We are testing payments now and they are working...

Who is online

Users browsing this forum: No registered users and 8 guests