IPN Verification Postback to HTTPS - PayPal

[joannem]

I'm using Zencart 1.5.5e (so proud to say that after upgrading from 1.3.8 ) lol
PHP version is 5.4
Paypal Website Payments Standard
Using SSL for admin and catalogue

Had an email from Paypal today saying IPN Verification Postback to HTTPS needs to be updated, so I went into Paypal and changed the return url link to https. Then they go on to say:

The ipnpb.paypal.com and ipnpb.sandbox.paypal.com endpoints accept only HTTPS connections. If you currently use www.paypal.com, you should move to ipnpb.paypal.com when you update your code to use HTTPS.

What files in the Paypal payment module do I have to change to the ipnpb.paypal.com link instead of just using www.paypal.com?

Appreciate your time and effort in helping on this one!!

Joanne

http://www.joannes-digital-designs.com

[swguy]

Login to Paypal
Profile->Profile and Settings
My selling tools
instant payment notifications->Update
set the IPN url to HTTPS (not HTTP).

You will see the correct HTTPS URL (assuming you have an SSL cert for your site) under Admin->Modules->Payment-> Paypal

[joannem]

I do have Paypal set to https now, but when I go into my admin payment modules it's showing (attached) Should it still be just showing http and not https? Yes I'm using SSL - full https in admin and https on log in and out in the store.

[lat9]

Check /YOUR_ADMIN/includes/configure.php and make sure that the ENABLE_SSL_CATALOG value is set to 'true' instead of ''.

[joannem]

Yes!! That did it Thank you so much!!

[WiccanWitch420]

Sorry I am using 1.5.5D

Paypal express check out. getting this message from Paypal , where do i change mine?

Reminder: REQUIRED to avoid service interruptions you need to complete important security upgrades.



Jamie Goff,



Every day, hundreds of millions of people use PayPal to manage and move money online or on a mobile device. That’s why one of our top priorities is to ensure our customers have a safe, secure experience when transacting with PayPal.

This year, we’ve made a number of upgrades to the PayPal system enabling us to continue providing the highest level of security available for customers. Throughout 2018, we will continue to upgrade our security protocols to the highest levels of protection available, which includes moving all of our systems to TLS 1.2, an enhanced security protocol that encrypts customer data over the Internet. We also announced several new security requirements for merchants who use PayPal, to ensure they do their part to protect sensitive customer data, as well.

Our records indicate that you still need to make critical security upgrades to your systems. If you see a “YES” next to a security change, your integration must be updated to accept these new security measures as soon as possible.


Change Change Required?
Merchant API Certificate Credential Upgrade No
TLS 1.2 and HTTP/1.1 Upgrade No
IPN Verification Postback to HTTPS Yes
Discontinue Use of GET Method of Classic NVP/SOAP No


If you have not made the necessary changes by the date specified, you won’t be able to accept payments with PayPal until you do so. But most importantly, failure to make these upgrades will put your customers’ sensitive personal and financial data at risk.

How do I make these changes?

More information on the required changes and how to implement them can be found on our Merchant Security Road Microsite:

• 2016-2017 Merchant Security Roadmap
• TLS1.2 and HTTP/1.1 Upgrade Roadmap
• IPN Verification Postback to HTTPS
• Discontinue Use of GET Method for Classic NVP/SOAP API’s
• Merchant API Certificate Credentials Upgrade

If you need additional support with these changes, we encourage you to contact your web hosting company, ecommerce software provider, in-house web programmer or system administrator.

As a leading payment provider, we’re committed to continually building and investing in the strongest protections possible. Thank you for your support and for helping us maintain the highest security standards for all of our shared global customers.

If you have any questions or concerns, please contact your account manager.

[mc12345678]

Sorry I am using 1.5.5D

Paypal express check out. getting this message from Paypal , where do i change mine?

Reminder: REQUIRED to avoid service interruptions you need to complete important security upgrades.



Jamie Goff,



Every day, hundreds of millions of people use PayPal to manage and move money online or on a mobile device. That’s why one of our top priorities is to ensure our customers have a safe, secure experience when transacting with PayPal.

This year, we’ve made a number of upgrades to the PayPal system enabling us to continue providing the highest level of security available for customers. Throughout 2018, we will continue to upgrade our security protocols to the highest levels of protection available, which includes moving all of our systems to TLS 1.2, an enhanced security protocol that encrypts customer data over the Internet. We also announced several new security requirements for merchants who use PayPal, to ensure they do their part to protect sensitive customer data, as well.

Our records indicate that you still need to make critical security upgrades to your systems. If you see a “YES” next to a security change, your integration must be updated to accept these new security measures as soon as possible.


Change Change Required?
Merchant API Certificate Credential Upgrade No
TLS 1.2 and HTTP/1.1 Upgrade No
IPN Verification Postback to HTTPS Yes
Discontinue Use of GET Method of Classic NVP/SOAP No


If you have not made the necessary changes by the date specified, you won’t be able to accept payments with PayPal until you do so. But most importantly, failure to make these upgrades will put your customers’ sensitive personal and financial data at risk.

How do I make these changes?

More information on the required changes and how to implement them can be found on our Merchant Security Road Microsite:

• 2016-2017 Merchant Security Roadmap
• TLS1.2 and HTTP/1.1 Upgrade Roadmap
• IPN Verification Postback to HTTPS
• Discontinue Use of GET Method for Classic NVP/SOAP API’s
• Merchant API Certificate Credentials Upgrade

If you need additional support with these changes, we encourage you to contact your web hosting company, ecommerce software provider, in-house web programmer or system administrator.

As a leading payment provider, we’re committed to continually building and investing in the strongest protections possible. Thank you for your support and for helping us maintain the highest security standards for all of our shared global customers.

If you have any questions or concerns, please contact your account manager.

See post #2 above: https://www.zen-cart.com/showthread....46#post1339446. Report appears to be saying that paypal needs to try to communicate back to the site using https:

[swguy]

I must say, it's quite awesome that Paypal chose 4 days before Christmas to send this email. :)

[joannem]

I must say, it's quite awesome that Paypal chose 4 days before Christmas to send this email. :)

LOL at least they gave us till June to fix it lol

[lat9]

Yes!! That did it Thank you so much!!

You're very welcome!