Jump to content
Sign in to follow this  
jclay12345

PAYPAL IPN DUMMIES GUIDE

Recommended Posts

Hi everybody, I'm stupid. I don't know how to setup IPN. I don't know how to setup the variables. I signed up for and downloaded the API certificate. What do I do with it? What do I put in all of these variables? Help. Thanks a lot.

 

Your Private Key

 

Your Public Certificate

 

PayPals Public Certificate

 

Your PayPal Public Certificate ID

 

Working Directory

 

OpenSSL Location


JClay

Share this post


Link to post
Share on other sites
Hi everybody, I'm stupid.  I don't know how to setup IPN.  I don't know how to setup the variables.  I signed up for and downloaded the API certificate.  What do I do with it?  What do I put in all of these variables?  Help.  Thanks a lot.

 

Your Private Key

 

Your Public Certificate

 

PayPals Public Certificate

 

Your PayPal Public Certificate ID

 

Working Directory

 

OpenSSL Location

 

Well, all of these setting are to get encryption working between your site and PayPal. I suggest that if you don't have IPN working yet, then you should work on that first and worry about this stuff last. Just keep your "Enable Encrypted Web Payments" set to "False" until you have IPN working and are ready to start with the encryption stuff.

 

Anyway, once you have IPN working, you can move forward. This is what I did to get it going. First off, you need to know if openSSL is installed on your host server and what directory it resides in. If you're on a Unix server, then you can log in via SSH or telnet and use the following command to determine this:

 

whereis openssl

 

(sorry, I don't know the command if you're on a Windows server. I suggest you call your host and ask them.)

 

If openSSL is installed, the command should output the directory. For me, it was: /usr/bin/openssl So this would be what you input as the "Working Directory".

 

Next, I used openSSL to generate my own private key and self-signed certificate. If you got to www.openssl.org, there's plenty of information to help you. Specifically, go to http://www.openssl.org/docs/HOWTO/keys.txt to figure out how to create your own private key. And go to http://www.openssl.org/docs/HOWTO/certificates.txt to figure out how to create your own public certificate. In the meantime, the following commands sum it up. But remember to read the information at the above links. They profide some additional things you need to know. So once again, you'll need to be connected to your home directory on your webserver via SSH or telnet.

 

To generate a private key:

openssl genrsa -des3 -out privkey.pem 2048

 

To generate a public certificate:

openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095

 

Alright, from these two commands, you will have the following files:

 

Private key: privkey.pem

Public certificate: cacert.pem

 

Upload these files to some location in your webserver. Let's say, for example, create a directory in your document root called 'paypal'. Now you need to define the exact server path to your files(just the same as you did with the location of openSSL). You do not want to use a URL or a relative path from your document root. For example, on my site I used the following:

 

Your Private Key

/usr/home/yourusername/public_html/paypal/privkey.pem

 

Your Public Certificate

/usr/home/yourusername/public_html/paypal/cacert.pem

 

Alright, the next thing to do is get PayPals Public Certificate. Log into your sandbox account at PayPal. Click on the "Profile" tab and then click on "Encrypted Payment Settings". Click on the "Download" button to get PayPals Public Certificate. This will be named "paypal_cert_pem.txt". Upload this to your server to your newly created PayPal directory. Thus, the location will be something like the following:

 

PayPals Public Certificate

/usr/home/yourusername/public_html/paypal/paypal_cert_pem.txt

 

Last is to get Your PayPal Public Certificate ID. First download Your Public Certficate to your local computer(cacert.pem); this is the file that you created with openSSL and placed in your new "paypal" directory on your webserver. Then log into your sandbox account at PayPal. Click on the "Profile" tab and then click on "Encrypted Payment Settings". Click on the "Add" button under "Your Public Certificates". You will be taken to another page where there will be a "Browse" button to allow you to upload your public certificate to PayPal. Then click the "Add" button. You will be brought back to the "Encrypted Payment Settings" page, and you should see a box under the heading, "Your Public Certificates". If you look in the box, you will see your "Cert ID". This is the value you enter for Your PayPal Public Certificate ID.

 

So...we've done it!

 

Your Private Key

/usr/home/yourusername/public_html/paypal/privkey.pem

 

Your Public Certificate

/usr/home/yourusername/public_html/paypal/cacert.pem

 

PayPals Public Certificate

/usr/home/yourusername/public_html/paypal/paypal_cert_pem.txt

 

Your PayPal Public Certificate ID

GRYWK3YWT4QK4

 

Working Directory

/usr/bin/openssl

 

Of course, all of your values will be slightly different. But you should be able to figure out the rest. The only other thing to do is set "Enable Encrypted Web Payments" to "True." Good luck and let us know how it went.

Share this post


Link to post
Share on other sites
If openSSL is installed, the command should output the directory. For me, it was: /usr/bin/openssl So this would be what you input as the "Working Directory".

 

Sorry, but I had a brain fart. The above statement is wrong. /usr/bin/openssl is what you would set for OpenSSL Location.

 

Your Working directory is actually a location for the payment module to store temporary files. You will need to make a directory for these temp files. I made one called "temp". So that would mean my full server path to it is:

 

/usr/home/yourusername/public_html/temp/

(apparently the trailing slash is needed, but I've gotten it to work both ways.)

 

Furthermore, you need to set permissions on this new folder to 777.

 

So...here's the full list again with my correction:

 

Your Private Key

/usr/home/yourusername/public_html/paypal/privkey.pem

 

Your Public Certificate

/usr/home/yourusername/public_html/paypal/cacert.pem

 

PayPals Public Certificate

/usr/home/yourusername/public_html/paypal/paypal_cert_pem.txt

 

Your PayPal Public Certificate ID

GRYWK3YWT4QK4

 

Working Directory

/usr/home/yourusername/public_html/temp/

 

OpenSSL Location

/usr/bin/openssl

Share this post


Link to post
Share on other sites

thanks for the information.

 

so if the server does not have openSSl then am i right in thinking that the paypal pages cannot be encypted?

 

how unsafe is this?

 

is there a way round it or would you have to buy an ssl certificate or private ip?

Share this post


Link to post
Share on other sites
thanks for the information.

 

so if the server does not have openSSl then am i right in thinking that the paypal pages cannot be encypted?

 

how unsafe is this?

 

is there a way round it or would you have to buy an ssl certificate or private ip?

 

 

this is a really good question - I've posted this question at

 

http://forums.oscommerce.com/index.php?showtopic=173196

 

I can buy a certificate from my host, but they do not have OpenSSL so I don't know what to put

into the final field - so far no success.

 

zebedee

Share this post


Link to post
Share on other sites

Hi everyone,

 

I am working for a client using Yahoo Standard Web Host and PayPal Pro Direct Payment. They want me to integrate PayPal IPN into their OSCommerce website. After some research, I found out that Yahoo configured their web host to "share" their SSL certificate, by having webmaster to put all secure files under a root directory call "ssl". My question is, how can I go about generating the Private Key (.pem) and Public Certificate (.pem) files?

 

Yahoo tech wasn't very help after I ask them via email.

 

Thanks so much!

 

Chuo

Share this post


Link to post
Share on other sites

Hi eecstore,

 

you have 3 choices here; the first and probably the best if you have your own server is to install OpenSSL and administer your own SSL requirements. Failing that there are a number of vendors who will issue a certificate for a fairly hefty sum of cash. The other solution, and one that I had to surmount is where your ISP insists that you buy the certificate from them.

 

for a full discussion of this problem and solution go to

 

http://forums.oscommerce.com/index.php?showtopic=173196

 

hope this helps,

 

Zebedee

Share this post


Link to post
Share on other sites

I already have a full SSL cert on the server of my store and currently functioning with Auth.net. My client just wants to add Paypal.

 

Will our SSL replace this OpenSSL you mention? I'm not familiar with OpenSSL

 

thanks

Share this post


Link to post
Share on other sites
Hi eecstore,

 

you have 3 choices here; the first and probably the best if you have your own server is to install OpenSSL and administer your own SSL requirements. Failing that there are a number of vendors who will issue a certificate for a fairly hefty sum of cash. The other solution, and one that I had to surmount is where your ISP insists that you buy the certificate from them.

 

for a full discussion of this problem and solution go to

 

http://forums.oscommerce.com/index.php?showtopic=173196

 

hope this helps,

 

Zebedee

 

Hi Zebedee,

 

I had to cancel Yahoo host and go to JaguarPC (Linux) host. I followed zoeticlight's instruction, got all the files and put it in place, set the permission for Working Directory to 777, but then I got this error message:

Warning: openssl_pkcs7_sign(): error getting private key in /home/hisbount/public_html/includes/modules/payment/paypal_ipn.php on line 356

 

Warning: file_get_contents(/home/hisbount/public_html/temp//514187-2-signed.txt): failed to open stream: No such file or directory in /home/hisbount/public_html/includes/modules/payment/paypal_ipn.php on line 361

I don't know what is "failed to open stream". I run the env query and this is what I got:

$HTTP_HOST = hisbountyonline.com

$HTTPS_HOST =

getenv('SERVER_PORT') = 443

getenv('HTTPS') = on

getenv('HTTP_X_FORWARDED_SERVER') =

getenv('HTTP_X_FORWARDED_HOST') =

getenv('HTTP_X_FORWARDED_BY') =

$_SERVER['HTTPS'] = on

getenv('DOCUMENT_ROOT') = /home/hisbount/public_html

$DOCUMENT_ROOT = /home/hisbount/public_html

My Openssl should be located at /usr/bin/openssl but when I SSH to the host I got this:

openssl: /usr/bin/openssl /usr/share/man/man1/openssl.1ssl.gz

I have no clue how to proceed, please help. Thank you.

 

eecstore

Share this post


Link to post
Share on other sites
Hi Zebedee,

 

I had to cancel Yahoo host and go to JaguarPC (Linux) host. I followed zoeticlight's instruction, got all the files and put it in place, set the permission for Working Directory to 777, but then I got this error message:

 

I don't know what is "failed to open stream". I run the env query and this is what I got:

 

My Openssl should be located at /usr/bin/openssl but when I SSH to the host I got this:

 

I have no clue how to proceed, please help. Thank you.

 

eecstore

I followed the instructions at the top of this thread and get the same error. The problem appears to be related to the private key and it's also worth noting that the public key so far does not appear cause an issue. I am beginning to think that the underlying problem is with the method of key generation itself.

 

Consider the error:

 

"Warning: openssl_pkcs7_sign(): error getting private key in /home/virtual/sazunlimited.com/webroot/htdocs/secure.sazunlimited.com/catalog/includes/modules/payment/paypal_ipn.php on line 368

 

And the corresponding code from the Paypal IPN module:

 

LINE 367 if (function_exists('openssl_pkcs7_sign') && function_exists('openssl_pkcs7_encrypt')) {

 

LINE 368 openssl_pkcs7_sign(MODULE_PAYMENT_PAYPAL_IPN_EWP_WORKING_DIRECTORY . '/' . $random_string . 'data.txt', MODULE_PAYMENT_PAYPAL_IPN_EWP_WORKING_DIRECTORY . '/' . $random_string . 'signed.txt', file_get_contents(MODULE_PAYMENT_PAYPAL_IPN_EWP_PUBLIC_KEY), file_get_contents(MODULE_PAYMENT_PAYPAL_IPN_EWP_PRIVATE_KEY), array('From' => MODULE_PAYMENT_PAYPAL_IPN_ID), PKCS7_BINARY);

 

Now, if you generated your key with OPENSSL like I did with the RSA command you were asked to supply a 'pass phrase.' I think this might be the issue. There's no reference in the code to decrypt the private key with the pass phrase you used to have it generated, so perhaps it can't be read?

 

Maybe someone out there has figured this out and can confirm or set it straight...?

Share this post


Link to post
Share on other sites
I followed the instructions at the top of this thread and get the same error. The problem appears to be related to the private key and it's also worth noting that the public key so far does not appear cause an issue. I am beginning to think that the underlying problem is with the method of key generation itself.

 

I finally got my sandbox set-up to work. First I had to work through an additional error from Paypal, something about "email address for the business is not present in the encrypted blob. " Here's some of the changes I had to make to get oscommerce IPN to work with Paypal:

 

1. Certificate generation exactly according to PayPal instruction

- either API certificate, or openssl

->Private key: genrsa -out privkey.pem 1024 (I believe there is still a way to get the instructions at the top of this thread to work, but for me it will take a little more digging)

->Public key: req -new -key privkey.pem -509 -days 365 -out cacert.pem

- I believe the customer service email address specified in your paypal account needs to be used in the certificate generation

 

*IMPORTANT* To protect your private key you will need to store it in a non-browser accessible area of your server. You can actually put all the certs as well as the temp folder in a non-browser folder and it will still work.

 

2. After uploading the Public key make sure to copy your Paypal certificate id.

3. Update references in Oscommerce IPN admin (use the full path to your server/folder)

- ensure the same email as in the key is referenced

 

Good luck!

Share this post


Link to post
Share on other sites

SazB's thanks for the help. I was having the same problem with the "Warning: openssl_pkcs7_sign(): error getting private key"

 

I noticed there was a few typo's so I just wanted to recap for anyone googling the problem..

 

#1 on linux you can find where openssl is located by typing "which openssl"

 

#2 like you said gen your certs. I did this in my 'paypal' directory that I created. The first command gives you a passwordless keyfile which seems to be *pun* the key ;)

- openssl genrsa -out privkey.pem 1024

- openssl req -new -x509 -key privkey.pem -out cacert.pem -days 365

 

You had a slight typo in the last command. I copy and pasted from the top of the thread. If memory services me correctly the 365 days is the 'life' of the cert. You'll have to regen another one in 365 days..

 

I then uploaded cacert.pem to PayPal under Profile and Encrypted Payment Settings. It gave me back the CertID KCGZPBDRST385 which I then configured in osCommerce.

 

After that I gave it a whril and things worked like they should. Again thanks for the help.

Share this post


Link to post
Share on other sites

I'm quite certain there are MANY, MANY people out here looking for this useful info.... Thanks to whomever put it together because I, too, am clueless... :rolleyes:

Share this post


Link to post
Share on other sites

Hello everybody,

i just fixed my safemode problem,

but now is another, with the key files,

 

Warning: openssl_pkcs7_sign(): error getting private key in /var/www/html/data/shop/includes/modules/payment/paypal_ipn.php on line 415

Warning: file_get_contents(): Unable to access /tmp/699802-2-signed.txt in /var/www/html/data/shop/includes/modules/payment/paypal_ipn.php on line 420

Warning: file_get_contents(/tmp/699802-2-signed.txt): failed to open stream: No such file or directory in /var/www/html/data/shop/includes/modules/payment/paypal_ipn.php on line 420

 

i just found a site, where a step by step guide is,

where i can make those keys with the ssh commandline,

(http://www.openssl.org/docs/HOWTO/keys.txt)

 

 

but my problem is, i dont have a ssh connection.

 

is there any php way to generate this, or i must write my provider ?

 

big thanks in advantage !

 

 

greets safemode:)

Edited by safemode:(

Share this post


Link to post
Share on other sites

I set "Enable Encrypted Web Payments" to true.

 

The checkout_confirmation.php totally hanged (for minutes - it never came back - no errors - just blank oscommerce screen). Is there a log file somewhere??? (nothing to do with internet connection - definite php hang - probably calling openssl.exe)

 

I set "Enable Encrypted Web Payments" to false.

The whole process worked ok, the ssl part was only done at the paypal end.

 

 

It looks like the "enable encrypted web payments" just encrypts the info between the web server and paypal (e.g encrypts the item details, amount, email etc - not credit card details). i.e. I don't think you 100% need it.

Edited by jiv

Share this post


Link to post
Share on other sites
the ssl part was only done at the paypal end

 

 

not credit card details). i.e. I don't think you 100% need it.

 

 

that means the creditcarddetails are encrypted on paypal side,

not on mine, if i am right ?

 

thanks in advantage

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×