I've found a few threads that skimmed this question, but no direct question and answer.
Is there a way to develop and test an Accept.js integration on my local machine with the sandbox without an SSL certificate?
Solved! Go to Solution.
02-09-2017 10:13 AM
Hi @dustin1,
I can confirm that the page calling the Accept.js script does need to be served from a server supporting a secure connection. If you're testing locally, that means that the server you're running on your machine needs to support https, although you don't have to have a domain certificate to do that (as Lilith points out).
The Accept.js documentation does list the error message:
E_WC_02 | A HTTPS connection is required. | The page on which you’re including Accept.js must be served over an HTTPS connection. |
However, it's not explicit in the documentation that you'll get that error message anytime that page is served insecurely, so it's not clear to the reader if this error message is listed as just a possible thing you might see depending on situation.
I'm making a note to put an explicit mention of the requirement on this page to avoid future confusion. Hope that helps!
02-10-2017 12:22 PM
@dustin1 You do not need a certificate for your domain, unless you're accepting inbound connections that need to be secure.
Using Accept.js, you'd be connecting outbound, to our servers, which have a full TLS 1.2 setup, and you don't need a domain certificate for that.
Make sure your platform adequately supports creating outbound TLS 1.2 connections, and you should be fine.
02-10-2017 07:45 AM
Ah, sorry. I assumed everything was web based when I posted my comment.
What I'm asking is whether I can develop and test locally without enabling my apache web server to use ssl certificates, so I can test with a http://localhost/ domain.
It sounds like you are saying that is not possible, and I need to set up https:// on my local machine for testing Accept.js.
Thanks,
-Dustin
02-10-2017 10:42 AM
Oops, I don't know if I need to include @Lilith to make sure you received my response. :)
02-10-2017 10:43 AM
@dustin1 Sorry if my response wasn't clear. Let me try rephrasing a bit.
You would only need HTTPS for securing inbound connections for your server.
Since you're making outbound connections to us via HTTPS, you don't need a domain certificate. Those outbound connections depend on our domain certificate, and doesn't depend on you having one.
Domain certificates are used so connections can validate who they're connecting to. They aren't used to confirm where the connection is coming from.
Does that help?
As for @ replies, it's not required, but it's helpful. :)
02-10-2017 10:50 AM
@Lilith Thanks. Almost there!
You said, "Since you're making outbound connections to us via HTTPS, you don't need a domain certificate."
My question: How do I test and develop without HTTPS?
Thanks,
-Dustin
02-10-2017 10:58 AM
@dustin1 You have to use HTTPS to secure the connection. However, you don't need to set up a domain certificate.
Using HTTPS for an API call doesn't require your site to have a domain certificate, or a working "https://" URL. There is absolutely no requirement that you secure inbound connections to your site.
It does require your server to have CA certificates and the setup necessary to validate our domain certificate, as the outbound API connection needs to be secured.
If you're using a Windows-based server with .NET methods, you'd use SChannel, just like IE does, to make the connection. (Disclaimer, I'm not a .NET developer, but the methods to create HTTPS connections should be baked-in.)
If you're using *NIX, you would need to use a SSL/TLS library like OpenSSL, so your solution could connect to secure URLs.
Java has its own SSL/TLS methods baked into the JRE.
02-10-2017 11:11 AM
Hi,
I don't think that is correct. Here's an example I'm using:
https://hastebin.com/rehusoluji.xml
When I press Pay.
I get this error in my console
AcceptCore.js:1 An HTTPs connection is required to secure delivery of payment information.
e @ AcceptCore.js:1
(index):33 ADN Error :: E_WC_02:A HTTPS connection is required.
02-10-2017 11:18 AM - edited 02-10-2017 11:19 AM
I'll note, when I use https://localhost/ it works and when I use http://localhost/ it fails.
Therefore, I don't think there's a way to test and develop locally without https.
02-10-2017 11:21 AM
Can you connect to any secure sites from your server?
02-10-2017 11:27 AM