cancel
Showing results for 
Search instead for 
Did you mean: 

DPM and HTTPS relay

Based on the documentation for DPM, it appears there is no issue with using an HTTPS address in "x_relay_url." I have DPM up and running with HTTP. When I switch my site over to HTTPS, which changes to the relay address to HTTPS, the relay does not compelete.

 

Any ideas where I could have gone wronog?

jasonmgeorge
Member
17 REPLIES 17

Was helping another user with a new test account.

I'm also getting

An error occurred while trying to report this transaction to the merchant. An e-mail has been sent to the merchant informing them of the error. The following is the result of the attempt to charge your credit card.

      This transaction has been approved.

It is advisable for you to contact the merchant to verify that you will receive the product or service.

On the new account.

But on the old test account I'm getting

(14) The referrer, relay response or receipt link URL is invalid. 

 So, if it possible, even if you didn't do for HTTP, just log-in to your merchant and add your HTTPS URL to the valid URL. So we can rule it out as the problem.

 

The SSL certificate is a single domain, standard SSL from GoDaddy.

 

I obtained a script to test for the cypher's my site supports here

http://superuser.com/questions/109213/is-there-a-tool-that-can-test-what-ssl-tls-cipher-suites-a-par...

 

Here are the results

Obtaining cipher list from OpenSSL 0.9.8o 01 Jun 2010.
Testing ADH-AES256-SHA...NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES256-SHA...YES
Testing DHE-DSS-AES256-SHA...NO (sslv3 alert handshake failure)
Testing AES256-SHA...YES
Testing ADH-AES128-SHA...NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES128-SHA...YES
Testing DHE-DSS-AES128-SHA...NO (sslv3 alert handshake failure)
Testing AES128-SHA...YES
Testing ADH-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing ADH-DES-CBC-SHA...NO (sslv3 alert handshake failure)
Testing EXP-ADH-DES-CBC-SHA...NO (sslv3 alert handshake failure)
Testing ADH-RC4-MD5...NO (sslv3 alert handshake failure)
Testing EXP-ADH-RC4-MD5...NO (sslv3 alert handshake failure)
Testing EDH-RSA-DES-CBC3-SHA...YES
Testing EDH-RSA-DES-CBC-SHA...YES
Testing EXP-EDH-RSA-DES-CBC-SHA...NO (sslv3 alert handshake failure)
Testing EDH-DSS-DES-CBC3-SHA...NO (sslv3 alert handshake failure)
Testing EDH-DSS-DES-CBC-SHA...NO (sslv3 alert handshake failure)
Testing EXP-EDH-DSS-DES-CBC-SHA...NO (sslv3 alert handshake failure)
Testing DES-CBC3-SHA...YES
Testing DES-CBC-SHA...YES
Testing EXP-DES-CBC-SHA...NO (sslv3 alert handshake failure)
Testing EXP-RC2-CBC-MD5...NO (sslv3 alert handshake failure)
Testing RC4-SHA...YES
Testing RC4-MD5...YES
Testing EXP-RC4-MD5...NO (sslv3 alert handshake failure)
Testing DES-CBC3-MD5...NO (no ciphers available)
Testing DES-CBC-MD5...NO (no ciphers available)
Testing EXP-RC2-CBC-MD5...NO (sslv3 alert handshake failure)
Testing RC2-CBC-MD5...NO (no ciphers available)
Testing EXP-RC4-MD5...NO (sslv3 alert handshake failure)
Testing RC4-MD5...YES
Testing NULL-SHA...NO (sslv3 alert handshake failure)
Testing NULL-MD5...NO (sslv3 alert handshake failure)

 

I see DES listed a couple times. Do you happen to know which is the one that I need to have?

 

Ok, I added a Default Relay Response URL, which still genrates the 

 

An error occurred while trying to report this transaction to the merchant. An e-mail has been sent to the merchant informing them of the error. The following is the result of the attempt to charge your credit card.

      This transaction has been approved.

It is advisable for you to contact the merchant to verify that you will receive the product or service.

I see DES listed a couple times. Do you happen to know which is the one that I need to have?

Have to wait for one of the Mod for that.

 

What kind of logic do you have on the relay response page?

How long do it ususaly take before you see the "An error occurred while trying to ...." error? 5 seconds? 10 seconds?

I'm getting a response in 2-3 seconds.

 

My processing logic looks up the transaction from the database to verify that the details are valid (I supposed I could pass this off to the order complete page). It then records the transaction response to a log file, generates the redirect url and calls Authorize.net back with

echo AuthorizeNetDPM::getRelayResponseSnippet($returnUrl);

 

Somewhat as a side note, I've also noticed that running my site in HTTP is generating the following now

3,2,14,(TESTMODE) The referrer, relay response or receipt link URL is invalid.,000000,P,0,,,10.00,,auth_capture,,,,,,,,,,,,,,,,,,,,,,,,,,B97E73F8AE4861BC774223E9C5B01D78,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Purchase

 I'm not sure what's going on here, since I can access that page directly from the web.

If it timeout that fast, it probably mean authorize.net can't connect to your HTTPS page for some reason.

 

The 3,2,14 error is because I ask you to add the HTTPS to your valid relay response url. Remove it from your account and it should go away.

The issue does seem to be that authorize.net can't connect to my HTTPS page. I'm not having much luck figuring out why, however.

 

As far as I can tell, the relay response from authorize.net isn't hitting my server.

 

Based on the link you pointed out, I tried updating my settings to

 

SSLEngine on
SSLProtocol TLSv1
SSLCipherSuite AES:DES-CBC3-SHA
CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

 

In the resulting ssl_request_log, I show that my checkout page is accessed through SSL, but the relay url request doesn't show up.

 

I can copy and past the x_relay_url from my checkout page in to the browser and it works just fine (and shows up in ssl_request_log).

 

Any ideas where I can go from here?

Actually, the error 14 that you are receiving doesn't indicate an error loading your relay response page, it is telling us that the relay response URL that you are submitting is not allowed for this account.  By default, Authorize.Net accounts will allow developers to submit any relay response URL, but the account settings also allow you to specify a default relay response URL along with a longer list of allowed Response/Receipt URLs.  Once you have configured these settings, it establishes a kind of whitelist of allowed relay response urls for the account.

 

The error that you are receiving indicates that at least one Response/Receipt URL has been specified in your account settings, and that it does not match what you are trying to use in your DPM request. There are two resolutions for this:

  1. Add your relay response URL to the list of Response/Receipt URLs in your account settings.
  2. Remove all of the URLs currently listed in your account settings so that once again any URL can be submitted. (This could cause a problem if some other software connecting to the account relies on the default URL being present.)