Follow us on Twitter X-Cart on Facebook Wiki
Shopping cart software Solutions for online shops and malls

X-Payments Account and SSL...

 
Reply
   X-Cart forums > X-Payments > X-Payments issues & questions
 
Thread Tools
  #1  
Old 04-17-2016, 06:41 PM
 
kevinrm kevinrm is offline
 

X-Wizard
  
Join Date: Aug 2003
Posts: 1,003
 

Default X-Payments Account and SSL...

Well, I just came across this issue that I wasn't even aware was an issue. I have my web account on my own dedicated server, X-Payments is installed in it's own directory and XC5 in the root. A tech told me the other day that this is not PCI compliant - X-Payments should not be on the same account as X-Cart. Great.

So I created a completely different account with a completely different IP address and copied X-Payments over to it. It was impossible to create an account with only an IP address - WHM demanded that I supply a domain name as well, so I used one of my many domain names for this. The XPAY successfully copied over and I can log into it but for some reason when I try to connect my XC5 to it I get communications problems. Perhaps I need to redo the configuration bundle.

Anyway, it needed SSL to work, so I created a self-signed certificate. Of course now I get browser warnings when I navigate to this version of XPAY on the different account because I have not purchased an SSL from a certificate authority.

Does anyone know - is it necessary to purchase a SSL certificate for this dedicated X-Payments account to be compliant?
__________________
X-Cart 5.4.1.39 Live
PHP 7.4.33
5.5.5-10.3.38-MariaDB MariaDB
Apache 2.4
CENTOS 7.8 64Bit Single Quad-Core E3-1241v3 3.4Ghz 8M 1600 w/ HT
32GB RAM 2x 512GB Samsung 850 Pro SSD RAID 1
Reply With Quote
  #2  
Old 04-17-2016, 08:03 PM
  cflsystems's Avatar 
cflsystems cflsystems is offline
 

Veteran
  
Join Date: Apr 2007
Posts: 14,190
 

Default Re: X-Payments Account and SSL...

To be PCI compliant the shopping cart has to use certified payment application for ONSITE CC processing. In this case the payment application must reside on its own hosting account. Its files and database must be separate from any other application on the server.
Since all personal and financial data must be accessed under secure protocol you do need to have SSL installed for the payment application as well.
You probably need to redeploy but you may want to first check if you changed the url under X-Payments Connector
__________________
Steve Stoyanov
CFLSystems.com
Web Development
Reply With Quote

The following user thanks cflsystems for this useful post:
ambal (04-18-2016)
  #3  
Old 04-17-2016, 08:37 PM
 
kevinrm kevinrm is offline
 

X-Wizard
  
Join Date: Aug 2003
Posts: 1,003
 

Default Re: X-Payments Account and SSL...

I have SSL installed but it is self assigned from the server, I didn't buy one from a certificate authority. Is this adequate?

Yeah, I changed out the URL in X-Payments Connector, used configuration bundle, etc, but for some reason no communication….hmmm
__________________
X-Cart 5.4.1.39 Live
PHP 7.4.33
5.5.5-10.3.38-MariaDB MariaDB
Apache 2.4
CENTOS 7.8 64Bit Single Quad-Core E3-1241v3 3.4Ghz 8M 1600 w/ HT
32GB RAM 2x 512GB Samsung 850 Pro SSD RAID 1
Reply With Quote
  #4  
Old 04-17-2016, 08:46 PM
  cflsystems's Avatar 
cflsystems cflsystems is offline
 

Veteran
  
Join Date: Apr 2007
Posts: 14,190
 

Default Re: X-Payments Account and SSL...

self-assigned SSL is not good, even if it works it is not PCI compliant. You need to get a real one.
__________________
Steve Stoyanov
CFLSystems.com
Web Development
Reply With Quote

The following 2 users thank cflsystems for this useful post:
ambal (04-18-2016), kevinrm (04-18-2016)
Reply
   X-Cart forums > X-Payments > X-Payments issues & questions


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -8. The time now is 09:34 AM.

   

 
X-Cart forums © 2001-2020