(60) SSL certificate problem: unable to get local issuer certificate

[RodG]

I
I just had an idea:

Does it matter that TCP port 30,000 is forwarded to one specific host on the LAN and not to the web server running the store?

No..... But, how, where, when does LAN even come into any of this anyway? If your store is hosted on your LAN (private IP) this opens up a whole new avenue of possible problems and causes. It could be something as simple as a local firewall blocking the traffic. (a "webserver running the store" could mean LAN or WAN).

Cheers
RodG

[RodG]

I have switched the paypal module to sandbox mode and tried to check out. I did not see anything in the payment methods (no radio buttons or icons at all) but still proceeded to checkout and it was listing paypal. When pressing 'check out' a new window popped up with the red rectangle above the invoice items stating:

We are sorry for the inconvenience. The PayPal account authentication settings are not yet set up, or the API security information is incorrect. We are unable to complete your transaction. Please notify the store owner so they can correct this problem. (10002) 10002 Security error - Security header is not valid

I guess this was due to the sandbox mode and is a red herring,

Correct (red herring). However, this does imply that you no longer have a 'local issuer certificate' problem.

as when I switched over to live mode, I could proceed further to Paypal login page, which is not letting me into the same account as the store owner, which is the only one I have. So I cannot myself test any further. Only one observation: when I am clicking on the big blue Paypal login button, Firefox throws a notification about "clickjacking".

OK, so to help out - I've just completed a PayPal order from your store - I had no problems at all - The payment went through

Transaction ID: 97882686VU595912W
Payment Type: PayPal Express Checkout (instant)
Timestamp: 2017-01-22T08:14:40Z
Payment Status: Completed
Amount: 2.25 CAD



It appears that your .pem update probably did fix the issue after all.

Please cancel this order and provide a refund.

Thanks
RodG

ps. Chrome didn't give any warnings about clickjacking, so I don't know what to make of that.

[one tall man]

Oh, so that was you! I should've guessed by Australian doing a store pick up! Someone already sent you a follow up email, you can ignore it. Doing the refund now.
You are right, everything in Paypal module is working fine, thanks a 10^6 for your help and patience with my questions!

[RodG]

Oh, so that was you! I should've guessed by Australian doing a store pick up!

I could have been visiting your area ;)

Someone already sent you a follow up email,

Yeah, apparently 'someone' didn't read the comment I made when I placed the order ;) I wasn't really impressed about that to be honest. What would have happened if I did select something other than local pickup? I suspect the unwanted order could be on its way to me already.

you can ignore it.

I already did.

Doing the refund now.

Got it. Thanks.

You are right, everything in Paypal module is working fine, thanks a 10^6 for your help and patience with my questions!

No problem. It was fortunate that you had some pretty cheap products. I was happy to 'risk' a couple of bucks to try to help out (and confirm my suspicions), but anything more than that you'd have been on your own waiting for a real order, which you could have lost if the problem still existed.

BTW, after doing that, I followed up initiating another order, but this time using firefox, and I still didn't get any warnings about 'clickjacking' - so that remains a mystery. I *suspect* it could be the result something related to how the page is/was rendered - for example, on a smaller screen it is possible that the 'checkout' button was overlapping one of the other buttons (which is basically what 'clickjacking' is all about) so this may still warrant further investigation 'cos it could cause a loss of sales.

I'd also suggest that you do something about the self-signed SSL which causes most/all browsers to produce a scary warning, which will cause lost sales. Personally I'd rather shop on a site with a self-signed certificate than one with a shared certificate (they are more trustworthy), so I had no qualms about clicking through and accepting the certificate - but most people won't. - You should either get the certificate signed by one of the CA's - OR (what I do) is set up to use 'Cloud flare', which will 'hide' the fact that it is self signed (or non existent). If this isn't an option, then don't use SSL at all. Most folk wan't notice or care, and even those that do see the 'not secure' that is displayed in the address bar these days, they are *still* more likely to proceed with the purchase than the scary popup and need to accept the self signed cert before they can continue.

Oh, another option - Most hosts these days provide a free SSL from "lets encrypt' (often without advertising it), so you may find that you can remove your self signed cert, and you will *still* have an SSL enabled site.


Cheers
Rod