Everything is setup and I have .well-known folder in my root directory with file.
My Stripe account is activated and my domain is added under Apple Pay tab.
Now when I enable Stripe, I get this notification:
Apple Pay domain verification failed. Please check the log to see the
issue.
When I check the error log, I see:
Error: Unable to verify domain - Forbidden
My hosting is on OVH.
Got the solution and now its working :)
Stripe no longer supports API requests made with TLS 1.0. Please update HTTPS connections with TLS 1.2 or later.
Hosting server is using TLS older version which is not supported anymore
due to security
The upgrade process will be seamless for most users. At the application layer, SHA-2 and TLS 1.2 behave identically to their older versions. You won’t need to change your code, but might need to upgrade your operating system or packages.
for ref:https://stripe.com/blog/upgrading-tls
Hope it will help!!
Have you added Domain Verification file into the .well-known/ folder.
If not please find it in your Stripe dashboard download it or here and upload to .well-known/ folder.
Make sure that you need to access your verification file by your URL https://example.com/.well-known/apple-developer-merchantid-domain-association
In my Case i was using WHMCS on a subdomain, and had to insert the apple merchant file on the root path ./well-known of my domain
subdomain.domain.com/.well˜
domain.com/.well˜
Solved my problem
Related
I am working on some 3rd party integration project.
Created RootCA and SubCA from their official documentation website and after importing in windows server, we created key using openssl and got signed certificate from 3rd party integration Support team
We have configured in ldp.exe client and it got connected and fetched the dataset.
Now we are implementing in PHP code level.
We have:
IIS server 10
PHP 7.2
PHP Code is working in IIS
Added ldap.conf file created c:/openldap/sysconf/ldap.conf
TLS_REQCERT allow
#TLS_CACERT c:\openldap\sysconf\RootCaSha1.der
TLS_CACERT c:\openldap\sysconf\SubCaSha1.der
#TLS_CACERTDIR c:\openldap\sysconf
We have tried various paths and noted all evidence via wireshark tool
It says TLSv1.2 Alert (Level: Fatal, Description: Handshake Failure) so it means some certificate in ldap.conf are not as per requirement.
Looking forward to help in this regard so we can get connect.
Thanks in advance
As far as I know, the TLS handshake failure error commonly occurred when the server’s certificate is configured improperly. this should be configured on the IIS server-side. Please check the below items.
The account running the website is supposed to own the right of accessing the private key of the certificate. Firstly import the certificate to the Local machine Certification Store, under the property page of the certificate, grant the account access to the private key of the certificate.
Subsequently, we specify the certificate in the IIS site binding module.
Besides, Please note that the communication between the client-side and the server-side is established based on the fact that the client trusts the server certificate. this means that when we visit the website, the browser address bar has the sign of security lock. In this way, the public key of the certificate can be exchanged. The specific operation is to add the server root certificate to the Trusted Root Certificate Authority certification store of the client-side.
I am trying to set up webhooks for Stripe. The webhook connects to https://authdomain.subd.com which then forwards the request (after adding a validation token) to http://www.workdomain.com
Both these urls are hosted on the same server.
Payment Intents generated from http://www.workdomain.com successfully go into Stripe.
(Update: I can also query run successful Stripe commands like \Stripe\Charge::all() from authdomain, which verifies that TLS 1.2 supported)
However the webhook returns a TLS error when trying to connect to https://authdomain.subd.com.
I have whitelisted Stripe's IP as listed here enter link description here
This process is working fine when I test it locally using a CLI, so I know I don't have to install Stripe on my auth layer project.
But for some reason when I try this on my live server it doesn't work on my live server.
Is there any reason this is happening?
Thanks for the help
This can be caused by any number of things, but the most common is an incomplete certificate chain. I'd recommend using Qualys' SSL Labs tool to check your server's TLS configuration. For example, to check the domain you shared:
https://www.ssllabs.com/ssltest/analyze.html?d=https://authdomain.subd.com&hideResults=on
If any of the intermediate chain certificates are marked as "missing" in this report, it can cause Stripe to refuse to connect to your webhook (as Stripe can't tie your TLS certificate back to a known global CA). Usually the fix is to download any missing certificates (the tool tells you which one) and add them to your production TLS configuration / bundle. You may need the help of your hosting company to configure this.
To test your repair, re-run the SSL Labs check after deploying the new certificate bundle and see if it's now resolved. Beyond that, if the problems persist I'd recommend writing Stripe support!
I have a problem connecting to the Fusio interface (api-manager). I installed it in ftp on a shared server. Until then everything is fine, the database is well updated and I have access to the fusio graphical interface. It is when I have to connect to the GUI that it is blocked. I enter my credentials and just after, an alert tells me: "Your connection to this site is not private".
Image of the second connection request
A little more details follow the comment #Luca Stucchi
I want to perform an installation using the mode: "installation script" (as explained in the documentation).
The API Manager is installed on a shared server, I can not use command lines.
This installation mode allows us to install via an ihm. During the installation, everything goes well. The database is well created and I have access to a login page.
But the problem starts now. When I enter my login information a pop-up appears, the message "Your connection to this site is not private" appears.
And I do not know how to avoid this popup blocking.
Why do you see the error
The error message "Your Connection is Not Private" is displayed for various reasons:
Invalid or non-trusted SSL certificate.
Time is not synchronized between the server and the client.
Issues related to browser cache.
AntiVirus/Proxy service blocking or interfering traffic.
Wrong DNS settings.
How to overcome
if it's a non-trusted SSL certificate: try to install it to your Trusted Root store.
invalid SSL certificate: if possible - re-create the SSL certificate on the server.
make sure that the SSL certificate it not already expired or that its validity starts in the future.
Sync your Clock on both sides (server and client).
Clear SSL state: open Internet Explorer -> Internet Options -> Content tab -> Certificates -> Clear SSL state button.
Clear browser cache (Cached images,Files, and Data)
Turn off (temporarly) your AntiVirus/Proxy.
Use some public DNS like google's (8.8.8.8 or 8.8.4.4).
source for most of the ideas.
P.S.
I'd suggest adding a code sample to get more precise answers...
I'm in the midst of integrating PayPal into my website. At this stage, I am using the PayPal Sandbox along with the Instant Payment Notification (IPN) simulator. For the listener itself, I'm using Micah Carrick's code. When sending an IPN through the sandbox, I received the follow error:
cURL error: [77] Problem with the SSL CA cert (path? access rights?)
I originally thought the problem was that my website lacked a SSL certificate, so I purchased one and installed it. Unfortunately, that did not solve my problem. After doing some more research I am under the impression that I am missing a certificate file from PayPal or from cURL. I downloaded one of the developer bundles (pp_php_soap_sdk_1) from PayPal and copied the api_cert_chain file into the directory of my ipn code, but that was unsuccessful. When looking at the certificate, it appears to be expired, so perhaps that is the problem. Any ideas?
Feel like an idiot, but the problem stemmed from the location I was storing the SSL CA cert.
The file ipn_listener.php points to a file called "api_cert_chain.crt". You're most likely missing it. You can download it from: https://cms.paypal.com/cms_content/US/en_US/files/developer/PP_PHP_SOAP_SDK.zip
Download and extract the zip. The file "api_cert_chain.crt" is located in the folder: PP_PHP_SOAP_SDK/php-sdk/lib/PayPal/cert. Upload the file to the directory /cert/ on your server (might need to create the folder).
I came across the solution from this website (last post): Webmaster World.
In the "ipn_listener.php" file there is code that points to the api_cert_chain.crt
dirname(__FILE__)."/api_cert_chain.crt");
You need to make sure that the path to that .crt is actually pointing to where the .crt is on your webserver.
I have just developed a credit-card processing form using Drupal, the form communicates with the Payway API (a payment processing API provided by my bank).
I have purchased an SSL certificate with my host, and I know have an HTTPS server on my hosting account. What do I do to make all my forms run through HTTPS? Sorry I am new to SSL and am completely clueless in this matter.
I've tried copying my drupal site into my httpsdocs folder but it runs extremely slow when I access it through https://
Any help or direct would be much appreciated.
One of the easiest ways to force HTTPS on a web server is through a .htaccess file on the root of your web server. Then you can apply HTTPS only to the folders you need.
If you are using Drupal, there is likely already a .htaccess file on the root of your website that you can edit. Here's a simple guide on what needs to be added to the file:
http://www.besthostratings.com/articles/force-ssl-htaccess.html