X-Cart: shopping cart software

X-Cart forums (https://forum.x-cart.com/index.php)
-   X-Payments issues & questions (https://forum.x-cart.com/forumdisplay.php?f=50)
-   -   X-Payments Account and SSL... (https://forum.x-cart.com/showthread.php?t=73853)

kevinrm 04-17-2016 06:41 PM
X-Payments Account and SSL...
 
Well, I just came across this issue that I wasn't even aware was an issue. I have my web account on my own dedicated server, X-Payments is installed in it's own directory and XC5 in the root. A tech told me the other day that this is not PCI compliant - X-Payments should not be on the same account as X-Cart. Great.

So I created a completely different account with a completely different IP address and copied X-Payments over to it. It was impossible to create an account with only an IP address - WHM demanded that I supply a domain name as well, so I used one of my many domain names for this. The XPAY successfully copied over and I can log into it but for some reason when I try to connect my XC5 to it I get communications problems. Perhaps I need to redo the configuration bundle.

Anyway, it needed SSL to work, so I created a self-signed certificate. Of course now I get browser warnings when I navigate to this version of XPAY on the different account because I have not purchased an SSL from a certificate authority.

Does anyone know - is it necessary to purchase a SSL certificate for this dedicated X-Payments account to be compliant?

cflsystems 04-17-2016 08:03 PM
Re: X-Payments Account and SSL...
 
To be PCI compliant the shopping cart has to use certified payment application for ONSITE CC processing. In this case the payment application must reside on its own hosting account. Its files and database must be separate from any other application on the server.
Since all personal and financial data must be accessed under secure protocol you do need to have SSL installed for the payment application as well.
You probably need to redeploy but you may want to first check if you changed the url under X-Payments Connector

kevinrm 04-17-2016 08:37 PM
Re: X-Payments Account and SSL...
 
I have SSL installed but it is self assigned from the server, I didn't buy one from a certificate authority. Is this adequate?

Yeah, I changed out the URL in X-Payments Connector, used configuration bundle, etc, but for some reason no communication….hmmm

cflsystems 04-17-2016 08:46 PM
Re: X-Payments Account and SSL...
 
self-assigned SSL is not good, even if it works it is not PCI compliant. You need to get a real one.


All times are GMT -8. The time now is 03:49 PM.

Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.