Guest Posted August 19, 2005 Share Posted August 19, 2005 Hi everybody, I'm stupid. I don't know how to setup IPN. I don't know how to setup the variables. I signed up for and downloaded the API certificate. What do I do with it? What do I put in all of these variables? Help. Thanks a lot. Your Private Key Your Public Certificate PayPals Public Certificate Your PayPal Public Certificate ID Working Directory OpenSSL Location hooher tod 1 Quote Link to comment Share on other sites More sharing options...
zoeticlight Posted August 19, 2005 Share Posted August 19, 2005 Hi everybody, I'm stupid. I don't know how to setup IPN. I don't know how to setup the variables. I signed up for and downloaded the API certificate. What do I do with it? What do I put in all of these variables? Help. Thanks a lot. Your Private Key Your Public Certificate PayPals Public Certificate Your PayPal Public Certificate ID Working Directory OpenSSL Location <{POST_SNAPBACK}> Well, all of these setting are to get encryption working between your site and PayPal. I suggest that if you don't have IPN working yet, then you should work on that first and worry about this stuff last. Just keep your "Enable Encrypted Web Payments" set to "False" until you have IPN working and are ready to start with the encryption stuff. Anyway, once you have IPN working, you can move forward. This is what I did to get it going. First off, you need to know if openSSL is installed on your host server and what directory it resides in. If you're on a Unix server, then you can log in via SSH or telnet and use the following command to determine this: whereis openssl (sorry, I don't know the command if you're on a Windows server. I suggest you call your host and ask them.) If openSSL is installed, the command should output the directory. For me, it was: /usr/bin/openssl So this would be what you input as the "Working Directory". Next, I used openSSL to generate my own private key and self-signed certificate. If you got to www.openssl.org, there's plenty of information to help you. Specifically, go to http://www.openssl.org/docs/HOWTO/keys.txt to figure out how to create your own private key. And go to http://www.openssl.org/docs/HOWTO/certificates.txt to figure out how to create your own public certificate. In the meantime, the following commands sum it up. But remember to read the information at the above links. They profide some additional things you need to know. So once again, you'll need to be connected to your home directory on your webserver via SSH or telnet. To generate a private key: openssl genrsa -des3 -out privkey.pem 2048 To generate a public certificate: openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095 Alright, from these two commands, you will have the following files: Private key: privkey.pem Public certificate: cacert.pem Upload these files to some location in your webserver. Let's say, for example, create a directory in your document root called 'paypal'. Now you need to define the exact server path to your files(just the same as you did with the location of openSSL). You do not want to use a URL or a relative path from your document root. For example, on my site I used the following: Your Private Key /usr/home/yourusername/public_html/paypal/privkey.pem Your Public Certificate /usr/home/yourusername/public_html/paypal/cacert.pem Alright, the next thing to do is get PayPals Public Certificate. Log into your sandbox account at PayPal. Click on the "Profile" tab and then click on "Encrypted Payment Settings". Click on the "Download" button to get PayPals Public Certificate. This will be named "paypal_cert_pem.txt". Upload this to your server to your newly created PayPal directory. Thus, the location will be something like the following: PayPals Public Certificate /usr/home/yourusername/public_html/paypal/paypal_cert_pem.txt Last is to get Your PayPal Public Certificate ID. First download Your Public Certficate to your local computer(cacert.pem); this is the file that you created with openSSL and placed in your new "paypal" directory on your webserver. Then log into your sandbox account at PayPal. Click on the "Profile" tab and then click on "Encrypted Payment Settings". Click on the "Add" button under "Your Public Certificates". You will be taken to another page where there will be a "Browse" button to allow you to upload your public certificate to PayPal. Then click the "Add" button. You will be brought back to the "Encrypted Payment Settings" page, and you should see a box under the heading, "Your Public Certificates". If you look in the box, you will see your "Cert ID". This is the value you enter for Your PayPal Public Certificate ID. So...we've done it! Your Private Key /usr/home/yourusername/public_html/paypal/privkey.pem Your Public Certificate /usr/home/yourusername/public_html/paypal/cacert.pem PayPals Public Certificate /usr/home/yourusername/public_html/paypal/paypal_cert_pem.txt Your PayPal Public Certificate ID GRYWK3YWT4QK4 Working Directory /usr/bin/openssl Of course, all of your values will be slightly different. But you should be able to figure out the rest. The only other thing to do is set "Enable Encrypted Web Payments" to "True." Good luck and let us know how it went. Quote Link to comment Share on other sites More sharing options...
zoeticlight Posted August 19, 2005 Share Posted August 19, 2005 If openSSL is installed, the command should output the directory. For me, it was: /usr/bin/openssl So this would be what you input as the "Working Directory". Sorry, but I had a brain fart. The above statement is wrong. /usr/bin/openssl is what you would set for OpenSSL Location. Your Working directory is actually a location for the payment module to store temporary files. You will need to make a directory for these temp files. I made one called "temp". So that would mean my full server path to it is: /usr/home/yourusername/public_html/temp/ (apparently the trailing slash is needed, but I've gotten it to work both ways.) Furthermore, you need to set permissions on this new folder to 777. So...here's the full list again with my correction: Your Private Key /usr/home/yourusername/public_html/paypal/privkey.pem Your Public Certificate /usr/home/yourusername/public_html/paypal/cacert.pem PayPals Public Certificate /usr/home/yourusername/public_html/paypal/paypal_cert_pem.txt Your PayPal Public Certificate ID GRYWK3YWT4QK4 Working Directory /usr/home/yourusername/public_html/temp/ OpenSSL Location /usr/bin/openssl Quote Link to comment Share on other sites More sharing options...
Guest Posted August 19, 2005 Share Posted August 19, 2005 thank you very much. I will try it when I get home and let you know if it works. thanks again. Quote Link to comment Share on other sites More sharing options...
janice171 Posted October 17, 2005 Share Posted October 17, 2005 thanks for the information. so if the server does not have openSSl then am i right in thinking that the paypal pages cannot be encypted? how unsafe is this? is there a way round it or would you have to buy an ssl certificate or private ip? Quote Link to comment Share on other sites More sharing options...
Guest Posted October 21, 2005 Share Posted October 21, 2005 thanks for the information. so if the server does not have openSSl then am i right in thinking that the paypal pages cannot be encypted? how unsafe is this? is there a way round it or would you have to buy an ssl certificate or private ip? this is a really good question - I've posted this question at http://www.oscommerce.com/forums/index.php?showtopic=173196 I can buy a certificate from my host, but they do not have OpenSSL so I don't know what to put into the final field - so far no success. zebedee Quote Link to comment Share on other sites More sharing options...
Guest Posted December 6, 2005 Share Posted December 6, 2005 Hi everyone, I am working for a client using Yahoo Standard Web Host and PayPal Pro Direct Payment. They want me to integrate PayPal IPN into their OSCommerce website. After some research, I found out that Yahoo configured their web host to "share" their SSL certificate, by having webmaster to put all secure files under a root directory call "ssl". My question is, how can I go about generating the Private Key (.pem) and Public Certificate (.pem) files? Yahoo tech wasn't very help after I ask them via email. Thanks so much! Chuo Quote Link to comment Share on other sites More sharing options...
Guest Posted December 6, 2005 Share Posted December 6, 2005 Hi eecstore, you have 3 choices here; the first and probably the best if you have your own server is to install OpenSSL and administer your own SSL requirements. Failing that there are a number of vendors who will issue a certificate for a fairly hefty sum of cash. The other solution, and one that I had to surmount is where your ISP insists that you buy the certificate from them. for a full discussion of this problem and solution go to http://www.oscommerce.com/forums/index.php?showtopic=173196 hope this helps, Zebedee Quote Link to comment Share on other sites More sharing options...
dogpaw Posted December 8, 2005 Share Posted December 8, 2005 I already have a full SSL cert on the server of my store and currently functioning with Auth.net. My client just wants to add Paypal. Will our SSL replace this OpenSSL you mention? I'm not familiar with OpenSSL thanks Quote Link to comment Share on other sites More sharing options...
Guest Posted December 31, 2005 Share Posted December 31, 2005 Hi eecstore, you have 3 choices here; the first and probably the best if you have your own server is to install OpenSSL and administer your own SSL requirements. Failing that there are a number of vendors who will issue a certificate for a fairly hefty sum of cash. The other solution, and one that I had to surmount is where your ISP insists that you buy the certificate from them. for a full discussion of this problem and solution go to http://www.oscommerce.com/forums/index.php?showtopic=173196 hope this helps, Zebedee Hi Zebedee, I had to cancel Yahoo host and go to JaguarPC (Linux) host. I followed zoeticlight's instruction, got all the files and put it in place, set the permission for Working Directory to 777, but then I got this error message: Warning: openssl_pkcs7_sign(): error getting private key in /home/hisbount/public_html/includes/modules/payment/paypal_ipn.php on line 356 Warning: file_get_contents(/home/hisbount/public_html/temp//514187-2-signed.txt): failed to open stream: No such file or directory in /home/hisbount/public_html/includes/modules/payment/paypal_ipn.php on line 361 I don't know what is "failed to open stream". I run the env query and this is what I got: $HTTP_HOST = hisbountyonline.com$HTTPS_HOST = getenv('SERVER_PORT') = 443 getenv('HTTPS') = on getenv('HTTP_X_FORWARDED_SERVER') = getenv('HTTP_X_FORWARDED_HOST') = getenv('HTTP_X_FORWARDED_BY') = $_SERVER['HTTPS'] = on getenv('DOCUMENT_ROOT') = /home/hisbount/public_html $DOCUMENT_ROOT = /home/hisbount/public_html My Openssl should be located at /usr/bin/openssl but when I SSH to the host I got this: openssl: /usr/bin/openssl /usr/share/man/man1/openssl.1ssl.gz I have no clue how to proceed, please help. Thank you. eecstore Quote Link to comment Share on other sites More sharing options...
SazB Posted May 8, 2006 Share Posted May 8, 2006 Hi Zebedee, I had to cancel Yahoo host and go to JaguarPC (Linux) host. I followed zoeticlight's instruction, got all the files and put it in place, set the permission for Working Directory to 777, but then I got this error message: I don't know what is "failed to open stream". I run the env query and this is what I got: My Openssl should be located at /usr/bin/openssl but when I SSH to the host I got this: I have no clue how to proceed, please help. Thank you. eecstore I followed the instructions at the top of this thread and get the same error. The problem appears to be related to the private key and it's also worth noting that the public key so far does not appear cause an issue. I am beginning to think that the underlying problem is with the method of key generation itself. Consider the error: "Warning: openssl_pkcs7_sign(): error getting private key in /home/virtual/sazunlimited.com/webroot/htdocs/secure.sazunlimited.com/catalog/includes/modules/payment/paypal_ipn.php on line 368 And the corresponding code from the Paypal IPN module: LINE 367 if (function_exists('openssl_pkcs7_sign') && function_exists('openssl_pkcs7_encrypt')) { LINE 368 openssl_pkcs7_sign(MODULE_PAYMENT_PAYPAL_IPN_EWP_WORKING_DIRECTORY . '/' . $random_string . 'data.txt', MODULE_PAYMENT_PAYPAL_IPN_EWP_WORKING_DIRECTORY . '/' . $random_string . 'signed.txt', file_get_contents(MODULE_PAYMENT_PAYPAL_IPN_EWP_PUBLIC_KEY), file_get_contents(MODULE_PAYMENT_PAYPAL_IPN_EWP_PRIVATE_KEY), array('From' => MODULE_PAYMENT_PAYPAL_IPN_ID), PKCS7_BINARY); Now, if you generated your key with OPENSSL like I did with the RSA command you were asked to supply a 'pass phrase.' I think this might be the issue. There's no reference in the code to decrypt the private key with the pass phrase you used to have it generated, so perhaps it can't be read? Maybe someone out there has figured this out and can confirm or set it straight...? Quote Link to comment Share on other sites More sharing options...
SazB Posted May 9, 2006 Share Posted May 9, 2006 I followed the instructions at the top of this thread and get the same error. The problem appears to be related to the private key and it's also worth noting that the public key so far does not appear cause an issue. I am beginning to think that the underlying problem is with the method of key generation itself. I finally got my sandbox set-up to work. First I had to work through an additional error from Paypal, something about "email address for the business is not present in the encrypted blob. " Here's some of the changes I had to make to get oscommerce IPN to work with Paypal: 1. Certificate generation exactly according to PayPal instruction - either API certificate, or openssl ->Private key: genrsa -out privkey.pem 1024 (I believe there is still a way to get the instructions at the top of this thread to work, but for me it will take a little more digging) ->Public key: req -new -key privkey.pem -509 -days 365 -out cacert.pem - I believe the customer service email address specified in your paypal account needs to be used in the certificate generation *IMPORTANT* To protect your private key you will need to store it in a non-browser accessible area of your server. You can actually put all the certs as well as the temp folder in a non-browser folder and it will still work. 2. After uploading the Public key make sure to copy your Paypal certificate id. 3. Update references in Oscommerce IPN admin (use the full path to your server/folder) - ensure the same email as in the key is referenced Good luck! Quote Link to comment Share on other sites More sharing options...
typicalaimster Posted August 14, 2006 Share Posted August 14, 2006 SazB's thanks for the help. I was having the same problem with the "Warning: openssl_pkcs7_sign(): error getting private key" I noticed there was a few typo's so I just wanted to recap for anyone googling the problem.. #1 on linux you can find where openssl is located by typing "which openssl" #2 like you said gen your certs. I did this in my 'paypal' directory that I created. The first command gives you a passwordless keyfile which seems to be *pun* the key ;) - openssl genrsa -out privkey.pem 1024 - openssl req -new -x509 -key privkey.pem -out cacert.pem -days 365 You had a slight typo in the last command. I copy and pasted from the top of the thread. If memory services me correctly the 365 days is the 'life' of the cert. You'll have to regen another one in 365 days.. I then uploaded cacert.pem to PayPal under Profile and Encrypted Payment Settings. It gave me back the CertID KCGZPBDRST385 which I then configured in osCommerce. After that I gave it a whril and things worked like they should. Again thanks for the help. Quote Link to comment Share on other sites More sharing options...
skeeweeaka Posted October 6, 2006 Share Posted October 6, 2006 I'm quite certain there are MANY, MANY people out here looking for this useful info.... Thanks to whomever put it together because I, too, am clueless... :rolleyes: Quote Link to comment Share on other sites More sharing options...
safemode:( Posted December 14, 2006 Share Posted December 14, 2006 (edited) Hello everybody, i just fixed my safemode problem, but now is another, with the key files, Warning: openssl_pkcs7_sign(): error getting private key in /var/www/html/data/shop/includes/modules/payment/paypal_ipn.php on line 415 Warning: file_get_contents(): Unable to access /tmp/699802-2-signed.txt in /var/www/html/data/shop/includes/modules/payment/paypal_ipn.php on line 420 Warning: file_get_contents(/tmp/699802-2-signed.txt): failed to open stream: No such file or directory in /var/www/html/data/shop/includes/modules/payment/paypal_ipn.php on line 420 i just found a site, where a step by step guide is, where i can make those keys with the ssh commandline, (http://www.openssl.org/docs/HOWTO/keys.txt) but my problem is, i dont have a ssh connection. is there any php way to generate this, or i must write my provider ? big thanks in advantage ! greets safemode:) Edited December 14, 2006 by safemode:( Quote Link to comment Share on other sites More sharing options...
jiv Posted December 15, 2006 Share Posted December 15, 2006 (edited) I set "Enable Encrypted Web Payments" to true. The checkout_confirmation.php totally hanged (for minutes - it never came back - no errors - just blank oscommerce screen). Is there a log file somewhere??? (nothing to do with internet connection - definite php hang - probably calling openssl.exe) I set "Enable Encrypted Web Payments" to false. The whole process worked ok, the ssl part was only done at the paypal end. It looks like the "enable encrypted web payments" just encrypts the info between the web server and paypal (e.g encrypts the item details, amount, email etc - not credit card details). i.e. I don't think you 100% need it. Edited December 15, 2006 by jiv Quote Link to comment Share on other sites More sharing options...
safemode:( Posted January 15, 2007 Share Posted January 15, 2007 the ssl part was only done at the paypal end not credit card details). i.e. I don't think you 100% need it. that means the creditcarddetails are encrypted on paypal side, not on mine, if i am right ? thanks in advantage Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.