[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Self-Signed Certificates For PayPal And HTTPAPI

From: Anthony_Wilson@xxxxxxxxxxxxxxx
To: "HTTPAPI and FTPAPI Projects" <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Self-Signed Certificates For PayPal And HTTPAPI
Date: Tue, 13 Jul 2010 19:11:57 -0400
Mike,

Aha!  This precisely what I am trying to do!  Our proof of concept coding used the signature.  Works fine.  But Paypal is saying we are required to use the cert method so we are trying to load their "PayPal generated unique digital certificate file" into DCM.

I have pushed back to them and requested either (1) allow us to continue to use the signature or (2) provide us with a CA issued cert.

Scott?  What Mike and I relayed here, does that push this discussion squarely into scenario #2?  Or perhaps I have misunderstood and I should search the archives for this scenario?  

Thanks again everyone!!!


----- Original Message -----
From: Mike Krebs [mkrebs@xxxxxxxxxxxxxxxxxx]
Sent: 07/13/2010 05:12 PM EST
To: HTTPAPI and FTPAPI Projects <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Cc: "ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx" <ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx>
Subject: RE: Self-Signed Certificates For PayPal And HTTPAPI



Holy rutabagas. What a quandary we are left with. Is this what you are looking for (part of the Security for PayPal SOAP API)?

"API Certificate Mutually exclusive with API Signature. A PayPal-generated unique digital certificate file that
you download from the PayPal website and use on the client computer to encrypt the HTTPS
requests of your API calls to PayPal's API server."

I believe you can load a certificate from someone else on the IBM i. This wouldn't be a self-signed certificate but one generated for your use. Scott has described this before so search the archives.

Mike Krebs

> -----Original Message-----
> From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx [mailto:ftpapi-
> bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of
> Anthony_Wilson@xxxxxxxxxxxxxxx
> Sent: Tuesday, July 13, 2010 3:58 PM
> To: HTTPAPI and FTPAPI Projects
> Cc: HTTPAPI and FTPAPI Projects; ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
> Subject: Re: Self-Signed Certificates For PayPal And HTTPAPI
> 
> Scott,
> 
> Thank you for your quick response.  I believe we are trying to do
> option
> #2.  Sweet biscuits - this is not good news!
> 
> We were poking around the IBM website and found this link on self-
> signed
> certificates.  Is there something in this that might assist me?  I
> think
> this is Java work here, which may keep us from being able to use
> HTTPAPI.
> 
> http://publib.boulder.ibm.com/infocenter/iseries/v5r3/index.jsp?topic=/
> rzahh/sslcert.htm
> 
> Thanks again.
> 
> Anthony Wilson
> Direct To Consumer Analyst
> Abercrombie & Fitch
> Direct:  614.765.4807
> Email:  anthony_wilson@xxxxxxxxxxxxxxx
> 
> 
> 
> 
>   From:       Scott Klement <sk@xxxxxxxxxxxxxxxx>
> 
>   To:         HTTPAPI and FTPAPI Projects
> <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
> 
>   Date:       07/13/2010 04:40 PM
> 
>   Subject:    Re: Self-Signed Certificates For PayPal And HTTPAPI
> 
> 
> 
> 
> 
> 
> Hi Anthony,
> 
> Self-signed certificate can mean two different things:
> 
> 1) Creating certificates where you act as your own CA.  You sign the
> certificates yourself, so you refer to it as "self-signed".
> 
> 2) A certificate what lists itself as it's own CA.  Thus the
> certificate
> is signed by itself, or "self-signed".
> 
> AFIAK, IBM i does not support option #2.  And please understand that
> HTTPAPI doesn't know anything about certificates -- it lets IBM i (aka
> OS/400) handle all of that stuff.  So if IBM i doesn't support them,
> HTTPAPI won't work with them.
> 
> Option #1 should work just fine, though.  In fact, the system comes
> with
> a "Local CA" built in to the DCM to make it easy to create these sorts
> of certs.  (Easier, in fact, than it is on any other platform I've
> worked with!)
> 
> If you're working with option #1 and you're stuck, please let us know
> where you're stuck.
> 
> 
> On 7/13/2010 3:12 PM, Anthony_Wilson@xxxxxxxxxxxxxxx wrote:
> >
> > We are attempting to connect directly with PayPal using their SOAP
> APIs.
> > The coding is working when we provide a username / password based
> call
> but
> > we have been asked for our final product to utilize a self-signed
> > certificate
> >
> > We could use a little help / direction on how this is accomplished.
> Do
> we
> > still load the self-signed certificate into the digital certificate
> > manager?  We are having problems doing this.  Does anyone have a link
> to
> > instructions or perhaps notes where you have done this yourself?
> >
> > Thanks everyone for any assistance.
> >
> > Anthony Wilson
> -----------------------------------------------------------------------
> This is the FTPAPI mailing list.  To unsubscribe, please go to:
> http://www.scottklement.com/mailman/listinfo/ftpapi
> -----------------------------------------------------------------------
> 
> 
> 
> -----------------------------------------------------------------------
> This is the FTPAPI mailing list.  To unsubscribe, please go to:
> http://www.scottklement.com/mailman/listinfo/ftpapi
> -----------------------------------------------------------------------
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------
Prev by Date: Re: Self-Signed Certificates For PayPal And HTTPAPI
Next by Date: Installing HTTPAPI
Previous by thread: Re: Self-Signed Certificates For PayPal And HTTPAPI
Next by thread: Installing HTTPAPI
Index(es):
- Date
- Thread