Page 1 of 2 12 LastLast
Results 1 to 10 of 17
  1. #1
    Join Date
    May 2010
    Posts
    74
    Plugin Contributions
    0

    Default SSL certificate problem: Verify Failed

    Hello Zen Cart Experts,

    We have just upgraded from 1.3.9h to 1.5.3, and both store front and admin work fine. When testing our first order in the updated store, we get this error message on the checkout page:

    "We apologize for the inconvenience, but we are presently unable to contact the Credit Card company for authorization. Please contact the Store Owner for payment alternatives."

    In the log, we find this:

    Result: proved>FAILURE</r_approved><r_error>Could not connect.</r_error>

    Communication Result: 60 - SSL certificate problem, verify that the CA cert is OK. Details:
    error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
    -----------------

    We have the admin config file set fully for https, and the store front set for https and http, and see no problem there. Port 1129 is verified open by the hosting company.

    Can you tell us how to proceed from here to find/fix the problem?

    Regards,
    Shannon

  2. #2
    Join Date
    Feb 2012
    Location
    mostly harmless
    Posts
    1,809
    Plugin Contributions
    8

    Default Re: SSL certificate problem: Verify Failed

    The error message is telling you PHP / CURL could not verify the SSL Certificate from the remote location (Credit Card company) was valid.

    The usual cause is CURL on the server not configured to use an up-to-date CA (Certificate Authority) bundle. May want to check with your hosting provider.


    NOTE 1: In some rare occasions the issue may be an invalid certificate at the remote location.

    NOTE 2: See the "Similar Threads" for instructions on updating the bundle by hand if you are testing in a local development environment.
    The glass is not half full. The glass is not half empty. The glass is simply too big!
    Where are the Zen Cart Debug Logs? Where are the HTTP 500 / Server Error Logs?
    Zen Cart related projects maintained by lhûngîl : Plugin / Module Tracker

  3. #3
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: SSL certificate problem: Verify Failed

    EDIT: I was typing at the same time as lhungil was posting. I echo his comments, and add the following:

    That suggests that your site's SSL certificate may not be properly configured on the server.

    Or, your server's CURL configuration might not be properly set up to recognize modern SSL CA certificate Authorities. Your hosting company will have to fix the server's CA records.
    You can give them the URL to your /extras/curltester.php file to see the error and know whether it is fixed, without having to run payments for testing it.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  4. #4
    Join Date
    May 2010
    Posts
    74
    Plugin Contributions
    0

    Default Re: SSL certificate problem: Verify Failed

    Thanks to you both for such a quick reply. This community is wonderful!

    We copied the original file from our 1.3.9h installation: /includes/modules/payment/linkpoint_api/class.linkpoint_api.php over the new one from the 1.5.3 installation, and we were then able to process a transaction without error.

    We are relieved that the error is gone, but wondering if this gives you more useful information to know what might have been wrong. Do you think it will be alright to leave the payment module this way, or should we take some additional steps?

    Best,
    Shannon

  5. #5
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: SSL certificate problem: Verify Failed

    Quote Originally Posted by srlaird View Post
    Thanks to you both for such a quick reply. This community is wonderful!

    We copied the original file from our 1.3.9h installation: /includes/modules/payment/linkpoint_api/class.linkpoint_api.php over the new one from the 1.5.3 installation, and we were then able to process a transaction without error.

    We are relieved that the error is gone, but wondering if this gives you more useful information to know what might have been wrong. Do you think it will be alright to leave the payment module this way, or should we take some additional steps?

    Best,
    Shannon
    Well, doing that has just opened you up to a security hole that was closed in the newer version, specifically around the CURL SSL settings.
    You NEED to fix the server problem that was causing that error, instead of only using the old module.

    Get your hosting company to use the script I mentioned, and fix the server. After they fix it, be sure to use the newer linkpoint file instead of the old insecure one you changed to.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  6. #6
    Join Date
    May 2010
    Posts
    74
    Plugin Contributions
    0

    Default Re: SSL certificate problem: Verify Failed

    Quote Originally Posted by DrByte View Post
    Well, doing that has just opened you up to a security hole that was closed in the newer version, specifically around the CURL SSL settings.
    You NEED to fix the server problem that was causing that error, instead of only using the old module.

    Get your hosting company to use the script I mentioned, and fix the server. After they fix it, be sure to use the newer linkpoint file instead of the old insecure one you changed to.
    Thanks, Dr. Byte,

    Will do. That's exactly why I asked your advice. I knew it was too easy!

    lhungil mentioned previously:
    "In some rare occasions the issue may be an invalid certificate at the remote location. See the "Similar Threads" for instructions on updating the bundle by hand if you are testing in a local development environment."

    We just migrated our site to a new hosting company. The certificate was purchased through the previous host. Could that have anything to do with it? -- Trying to get the right things to say to the hosting company. I don't know about curl. Do you have a link?

    Best,
    Shannon

  7. #7
    Join Date
    Feb 2012
    Location
    mostly harmless
    Posts
    1,809
    Plugin Contributions
    8

    Default Re: SSL certificate problem: Verify Failed

    Quote Originally Posted by srlaird View Post
    ... Trying to get the right things to say to the hosting company. ...
    You may find the information in the following post useful: Using the Communications Response Testing Tool for CURL. I know the thread is for "PayPal" testing, but the same instructions apply for linkpoint.

    In particular /extras/curltester.php?linkpoint=1 will provide additional troubleshooting information for the hosting provider if a "success" message is not reported.

    Quote Originally Posted by DrByte
    Get your hosting company to use the script I mentioned, and fix the server.
    Best advice would be to move forward one step at a time. First we need to make sure the above script is reporting "success" (and get the hosting provider involved if the script is not reporting success).
    The glass is not half full. The glass is not half empty. The glass is simply too big!
    Where are the Zen Cart Debug Logs? Where are the HTTP 500 / Server Error Logs?
    Zen Cart related projects maintained by lhûngîl : Plugin / Module Tracker

  8. #8
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: SSL certificate problem: Verify Failed

    He beat me again! (just one thing I'd add: doesn't need the ?linkpoint=1 parameter since v1.5.3 anymore)

    Quote Originally Posted by srlaird View Post
    lhungil mentioned previously:
    "In some rare occasions the issue may be an invalid certificate at the remote location. See the "Similar Threads" for instructions on updating the bundle by hand if you are testing in a local development environment."
    By "remote location" in your case he would be meaning the linkpoint servers. In which case hundreds of thousands of people would be complaining.
    By "local development environment" he's referring to running a webserver on your own PC for testing changes you're making or programming alterations you're experimenting with but not on your live site.
    So, neither of those apply to you.

    Quote Originally Posted by srlaird View Post
    We just migrated our site to a new hosting company. The certificate was purchased through the previous host. Could that have anything to do with it?
    Only if you didn't give "all" the certificate files to the new hosting company to install on the server. If the certificate came with a bunch of .pem files or "cross root" or "CA Bundle" files, those need to be installed on the new server along with the .key and .cert files that make up your certificate. You could contact whoever issued the certificate to get them to provide those files if needed (your "previous host" had to buy the certificate from someone ... it's that "someone" whom I'm referring to as "whoever issued the certificate").
    Your new host can tell very quickly what's wrong if they have any clue about hosting and SSL. There are lots of SSL Certificate verifier websites out there where you can put in your URL and they'll tell you what's wrong with your certificate setup. Your host can fix any problems those might report.

    Quote Originally Posted by srlaird View Post
    Trying to get the right things to say to the hosting company. I don't know about curl.
    You shouldn't need to know much about what to say. They're the experts.

    Tell them:
    1. Here's a URL which shows the error on my site:
    2. http://your_site.com/extras/curltester.php (test the link before you give it to them)
    3. Please fix the server so that the curltester script no longer shows any errors.
    4. Hint: It looks like a certificate authority problem with the server's CURL SSL Certificate Chain
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  9. #9
    Join Date
    Feb 2012
    Location
    mostly harmless
    Posts
    1,809
    Plugin Contributions
    8

    Default Re: SSL certificate problem: Verify Failed

    Quote Originally Posted by DrByte View Post
    ... just one thing I'd add: doesn't need the ?linkpoint=1 parameter since v1.5.3 anymore ...
    Awesome! And thank you for clarifying (my response was a bit short - probably why it managed to slip in first)
    The glass is not half full. The glass is not half empty. The glass is simply too big!
    Where are the Zen Cart Debug Logs? Where are the HTTP 500 / Server Error Logs?
    Zen Cart related projects maintained by lhûngîl : Plugin / Module Tracker

  10. #10
    Join Date
    May 2010
    Posts
    74
    Plugin Contributions
    0

    Default Re: SSL certificate problem: Verify Failed

    Thanks again lhungil & Dr. Byte.

    We put back the 1.5.3 version of the file: /includes/modules/payment/linkpoint_api/class.linkpoint_api.php, to run the curltester, and every test came back Good, even Linkpoint (port 1129). We still got the error message on the checkout page though.

    You said,
    "Only if you didn't give "all" the certificate files to the new hosting company to install on the server. If the certificate came with a bunch of .pem files or "cross root" or "CA Bundle" files, those need to be installed on the new server along with the .key and .cert files that make up your certificate. You could contact whoever issued the certificate to get them to provide those files if needed (your "previous host" had to buy the certificate from someone ... it's that "someone" whom I'm referring to as "whoever issued the certificate").

    Your new host can tell very quickly what's wrong if they have any clue about hosting and SSL. There are lots of SSL Certificate verifier websites out there where you can put in your URL and they'll tell you what's wrong with your certificate setup. Your host can fix any problems those might report."

    Our site move was a straight cpanel migration. We didn't ask for anything from the old hosting company. The new hosting company did know we needed SSL, and set us up on a dedicated IP address. Do you think the SSL certificate files were not transferred during the migration, and maybe that's the problem?

    Best,
    Shannon

 

 
Page 1 of 2 12 LastLast

Similar Threads

  1. v154 (60) SSL certificate problem: unable to get local issuer certificate
    By jokkah in forum PayPal Express Checkout support
    Replies: 34
    Last Post: 23 Jan 2017, 11:01 AM
  2. Windows 2012 server - 60 => SSL certificate problem: self signed certificate in chain
    By QuickBooksDev in forum Installing on a Windows Server
    Replies: 7
    Last Post: 21 Sep 2015, 03:43 PM
  3. (60) SSL certificate problem: unable to get local issuer certificate
    By advancing in forum PayPal Website Payments Pro support
    Replies: 5
    Last Post: 6 Jul 2015, 02:10 PM
  4. Replies: 22
    Last Post: 27 Jan 2015, 03:00 AM
  5. SSL Certificate Problem
    By gaffettape in forum General Questions
    Replies: 9
    Last Post: 3 Dec 2009, 04:07 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR