Magento in PayPal 9/30/2015 IPN spremembe
3 naročniki
3 naročniki
Od PayPal sem prejel tole sporočilo:
As we have previously communicated to you, PayPal is upgrading the certificate for www.paypal.com to SHA-256. This endpoint is also used by merchants using the Instant Payment Notification (IPN) product.
This upgrade is scheduled for 9/30/2015; however, we may need to change this date on short notice to you to align to the industry security standard.
You’re receiving this notification because you’ve been identified as a merchant who has used IPN endpoints within the past year. If you have not made the necessary changes, we urge you to do so right away to avoid a disruption of your service!
Because these changes are technical in nature, we advise that you consult with your individuals responsible for your PayPal integration. They will be able to identify what, if any, changes are needed. Please share this email and the hyperlinks below with your technical contact for evaluation.
Testing in the Sandbox is one of the best ways to make sure your integration works. Sandbox endpoints have been upgraded to accept secure connections by the SHA-256 Certificates.
Full technical details can be found in our Merchant Security System Upgrade Guide. In addition, our 2015-2016 SSL Certificate Change microsite contains a schedule of our service upgrade plan.
Thanks for your patience as we continue to improve our services.
A kdo ve kaj to predstavlja za Magento trgovino, kaj je potrebno spremenit? Tukaj je nekaj na to temo, ampak še vedno nisem siguren ali prav razumem. To pomeni, da bom moral po novem na gostovanju zakupit tudi varnostni certifikat?
4 odgovori
Ne, na tvoji strani ne potrebuješ nobenih SSL certifikatov, ki bi jih moral kupovat.
Pri tej posodobitvi PayPalovega sistema za Instant Payment Notifications (IPN) gre predvsem za to, da PayPal ob vsakem prejetem plačilu tvojemu strežniku pošlje obvestilo o plačilu. Ko tvoj strežnik prejme to plačilo, se mora povezat nazaj na PayPalov strežnik, da potrdi, da je IPN zares prišel od njega in da ga ni poslala neka tretja oseba.
S 30. septembrom bo PayPal vpeljal nove certifikate na svoji strani, kar pomeni, da se bo tvoj strežnik moral znat povezat nazaj na njihov strežnik preko nove SHA-256 enkripcije. Če na tvojem strežniku slučajno teče kakšen zelo zastarel operacijski sistem, obstaja možnost, da nimaš podpore za SHA-256 enkripcijo in ti bo avtomatsko procesiranje plačil prenehalo delovat.
Primer iz prakse: Na enem od mojih strežnikov sem imel iz določenih razlogov nameščen zelo star operacijski sistem in sicer CentOS 4. Ta operacijski sistem je prenehal dobivat posodobitve marca 2009, varnostne popravke pa februarja 2012. Posledično je bil tako zastarel, da ni več podpiral SHA-256 enkripcije in so ob posodobitvi PayPalovega certifikata v Sandboxu moji testi začeli javljati napake.
Ko sem operacijski sistem posodobil na CentOS 6 (posodobitve do 2017, varnostni popravki do 2020), je moj strežnik dobil ustrezno podporo za SHA-256 enkripcijo in vse je spet pravilno delovalo.
Jaz sem vse skupaj malo drugače razumel. :)
http://magento.stackexchange.com/questions/82713/what-actions-are-necessary-for-paypals-announced-certificate-changes
Ima dunker prav. Na njihovi strani piše:
The clearest way to determine whether your system already supports the upcoming requirements is to have a web developer or system administrator run a test of your integration using the PayPal Sandbox. The development sandbox has already implemented all changes, so a successful test with the sandbox will indicate your system is ready. A failure in testing with the sandbox indicates you should review all the following information and upgrade your system’s environment.
Sem stestiral naročilo in je uspešno zaključilo s statusom Complete, čeprav na strani nimam SSL certifikata.