Test Gateway Rejecting Transactions

DaveFromNetComm
Contributor
Contributor
Posted on
‎Mar-14-2018 06:15 AM

Attempting to send test transactions to the test gateway URL https://pilot-payflowpro.paypal.com returns the error: "An error occurred in the secure channel support". Transactions from the LIVE Payflow gateway are working fine, and the test URLs to check TLS/HTTP compliance say that my server is indeed compliant. This is what I get back from PayPal:
Upon checking, the SSL ticket you are using is "GeoTrust SSL CA - G3" but PayPal only supports "Verisign G5 root certificate" so your SSL should be Verisign. Pilot is updated one and it will support only Verisign. Would you please check your pilot is also using Verisign?

Does this really mean that I have to buy new SSL from Verisign?  Anyone seeing an issue like this?

Login to Me Too
0 Kudos
Login to Reply or Kudo
4 REPLIES 4

MTS_joaquim
Moderator
Moderator
‎Mar-14-2018 08:47 AM

Hello,

 

In order to communicate with PayPal, PayPal requires you to use the latest root certificate on your server. 

Usually, root certificate is located under "/etc/ssl/certs" and/or "/etc/ssl/private" (it can also be localised on your website path locally).

When doing API requests, your server use the certificate of one of those locations to identify if PayPal certificate is a valid one.

 

Latest root certificate can be obtained here on Symantec verisign website :  https://knowledge.symantec.com/support/mpki-for-ssl-support/index?page=content&actp=CROSSLINK&id=SO5...

 

I invite you to check if your root certificate is up to date and update it if it is not the case.

 

 

Login to Me Too
0 Kudos
Login to Reply or Kudo

DaveFromNetComm
Contributor
Contributor
‎Mar-14-2018 09:27 AM

Thanks for responding! On my server, in the Trusted Root CA set of certificates, "Verisign Class 3 Public Primary Certification Authority - G5" certificate already exists. And, there doesn't seem to be any difference from this cert and the Symantec cert in the link you provided (same valid dates, same serial number). So, this certificate is up to date. Do I still need to update to the cert found at Symantec?

 

Note: does it make any difference that my web site uses a GeoTrust SSL certficate for https://? Is use of a Verisign SSL certificate required instead? Seems weird, and hope this isn't the case. Thanks!

Login to Me Too
0 Kudos
Login to Reply or Kudo

MTS_joaquim
Moderator
Moderator
‎Mar-15-2018 07:50 AM

The 2 are not linked. 

 

The root certificate will help your server to identify other parties your server communicate with as valid "certified by SSL" servers while the SSL certification of your server just mean that you are yourself certified. You therefore need the root certificate to make API request.

 

If you already have the latest root certificate. I would invite you to check if your script correctly reference it as it can be the source of your issue (some integration will automatically use it but some other will require manual configuration, such as add the cert in a catalog of cert or reference the path in the script itself).

 

Login to Me Too
0 Kudos
Login to Reply or Kudo

DaveFromNetComm
Contributor
Contributor
‎Mar-15-2018 07:58 AM

Hey joaquim. This integration is an older ASP classic integration, and there isn't much documentation available. Is there anything you can point me at which describes the method and syntax used to define the SSL path in the script logic? Thanks.

Login to Me Too
0 Kudos
Login to Reply or Kudo

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.