HTTPS connection enabling
Creating certificate
Trusted SSL Certificate can be bought from trusted authorities, for example, VeriSign. An unsigned certificate can be generated by hand, using OpenSSL on a Linux box. To do it issue following commands in the shell:openssl genrsa -des3 -out server.key 1024 openssl req -new -key server.key -out server.csr openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crtTwo important things:
- Enter the same pass phrase always when asked for "Enter pass phrase for server.key" (Should be 4 times);
- Enter your server's domain name, when asked for "Common Name (eg, YOUR name) []". This is important, because otherwise some browsers may refuse your certificate. For example, if the User Manager server's address is http://userman.mt.lv/userman, then "userman.mt.lv" must be specified as Common Name for the certificate.
- server.crt - Certificate, must be uploaded to router;
- server.key - Private key, must be uploaded to router;
- server.csr - Signature request, can/should be deleted;
Importing certificate
Certificate file can be then uploaded to the router and imported with command/certificate import file-name=...The command should return
certificates-imported: 1
private-keys-imported: 1
files-imported: 1
decryption-failures: 0
keys-with-no-certificate: 0
If it doesn't, could happen that the file contains private key and
certificate sections in incorrect order. In this situation the output
should be
certificates-imported: 1
private-keys-imported: 0
files-imported: 1
decryption-failures: 0
keys-with-no-certificate: 1
Just repeat the same command
/certificate import file-name=...once again and the output should be this time
certificates-imported: 0
private-keys-imported: 1
files-imported: 1
decryption-failures: 0
keys-with-no-certificate: 0
Now certificate is imported correctly and ready for use;
Enabling WWW SSL
SSL connections for WWW server can be enabled with command/ip service set www-ssl disabled=no certificate=cert1where cert1 must be replaced by a correct certificate name (from /certificate section)
Troubleshooting
1. Authorize.net requires that time time on the server be within 15 minutes of UTC or you will get a failed transaction, use NTP client.2. Your user manager must be accessible from the internet on port 443, make sure you have DNS setup properly or use the IP address for all of your references. Don't forget to open your firewall for port 443 and use NAT to get to your user manager if behind a firewall.
3. You must put the URL of your UserManager instance in your Authorize.net control panel. For example: Response Reason Code: 14
Response Reason Text: The Referrer or Relay Response URL is invalid.
Notes: Applicable only to SIM and WebLink APIs. The Relay Response or Referrer URL does not match the merchant?s configured value(s) or is absent.
To add a valid Response/Receipt URL, please follow these steps: 1: Login to your Merchant Interface at https://account.authorize.net. 2: Click Settings in the main left side menu. 3: Click Response/Receipt URLs. 4: Click Add URL. 5: Enter your Response URL. 6: Click Submit.4. When inputting the above URL, use only the base URL, not /userman or it won't work.
No comments:
Post a Comment