douglaswalker Posted January 23, 2016 Posted January 23, 2016 Hi Guys, i am trying to work out the private & Public Cert part of the most recent PayPal app. Where do i generate the necessary certificates? where do I then put them? Working directories etc. it is all a bit confusing. Any help appreciated. Doug
MrPhil Posted January 23, 2016 Posted January 23, 2016 Private SSL certificates are sold by certain vendors (and maybe your host). Your host typically has to install them for you (for a fee). It enables you to use https://mystore.com/...Most hosts offer a free "public" certificate, but typically you have to give a domain something like https://server.host.com/~account/..., which scares some customers.
douglaswalker Posted January 24, 2016 Author Posted January 24, 2016 Thanks MrPhil I have a secure cert all set up no problem. but does that mean my info is sent to PayPal (using the latest app)and the ipn under SSL or do I need to set up all the private public certs fields in the app? Doug
MrPhil Posted January 24, 2016 Posted January 24, 2016 I'm not quite sure what you mean by a "private public cert" (you use either a private SSL certificate or a public/shared SSL certificate for your site), or what PayPal needs for configuration information. I suspect you would at least need to tell PayPal what page to return to, which could be an http: or https: page. And obviously, you need osC's two configure.php files to be set up properly to show SSL use for at least some pages, if not for all pages (using https: instead of http: all around). Unless PayPal says it needs to do some validation or verification of your security setup, I wouldn't think they'd need anything more than that. However, I won't claim to be an expert in this area, so someone else will have to step in with details for PayPal (which PayPal plan are you using -- that would strongly influence what information they need).
douglaswalker Posted January 25, 2016 Author Posted January 25, 2016 Hi there, I use the latest PayPal app made by Harold. In the set up it asks for a Your Private Key The location and filename of your Private Key to use for encrypting the parameters. (*.pem) and Your Public Certificate The location and filename of your Public Certificate to use for encrpyting the parameters. (*.pem) I have read through many posts and the documentation but I find it very hard to understand. My site has SSL and is set up correctly but it appears that info is sent to PayPal un-encrypted and under the new standard this will be unacceptable in the near future, so IPNs will fail etc Sorry I was not very clear before. Doug
MrPhil Posted January 25, 2016 Posted January 25, 2016 Ah, that's not the same as an SSL certificate. That's what I thought you were referring to. It sounds like a public/private key (RSA?) encryption separate from SSL, and I can't answer questions on that (sorry). Although, if the connection is already SSL-encrypted, I wonder what additional encryption they're trying to do... Is this encrypted data over a non-SSL (http://) connection? If so, why don't they just put everything under SSL (https://)?
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.