Google Checkout - Basic Question - Answer in Post Now

[jdpatterson74]

Hello all,

Question: When a payment is made by Google Checkout, does it show in the Orders page in my ADMIN section? I only see the order has been made on my merchant google checkout account.

********
Update:
Code shown on Google - Tools - Integration Console Section
Integration Issue Detail
Related order: 758812200141619
Time of occurrence: Jul 21, 2008 2:43:17 PM EDT
Error: We encountered an error trying to access your server at https://www.herfavoritegifts.com/Checko ... tener.ashx -- the error we got is: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target


This is my Google CallBack Url:
Callback URL:
https://www.herfavoritegifts.com/Checko ... tener.ashx

I have a SSL v3 and it's active on 7.0 FINAL, and have a google merchant ID and Key.


Thanks, Joshua

[Ian R]

Hi,

I think I'm hitting the same issue. I'm trying to set-up Google checkout using a google Sandbox account. I just applied a fix relating to currency (see other topic) and seemd to have the order working but this integration back to AbleCommerce was missing (my Admin show 0 orders). I can complete through the order process in Google but nothing syncronises back to AbleCommerce. Looking in the "Google - Tools - Integration Console Section" I see that each step has caused an error

We encountered an error trying to access your server at https://www.********.com/Checkout/Google/NotificationListener.ashx; the error we got is: java.net.SocketTimeoutException: Read timed out

Does this syncronisation normally work in Sandox mode (I have no SSL installed yet as still in testing).

Ian

[jdpatterson74]

Hey Ian,

This is more of a note than an answer, but make sure you get a SSL v3 and not v2 for google checkout. I do not know if v2 still exists, but google checkout will only accept v3.

This list contains all the SSL that google checkout accepts, looks like all the common ones....but just in case.

http://code.google.com/support/bin/answ ... opic=10423

We have the same problem, except I am not in a sandbox mode.

[AbleMods]

We encountered an error trying to access your server at https://www.********.com/Checkout/Google/NotificationListener.ashx; the error we got is: java.net.SocketTimeoutException: Read timed out

Does this syncronisation normally work in Sandox mode (I have no SSL installed yet as still in testing).

Ian

If you have no SSL installed, GoogleCheckout will never be able to hit the HTTPS url specified above for the listener service. Since GC requires HTTPS in the URL in your GC integration setup, you cannot sandbox it without an SSL cert.

[jdpatterson74]

Dont forget about me.

Any idea what could be the problem with my setup?

AC 7.0 Final
SSL v3 Enabled

Post security: checked
Callback URL: https://www.herfavoritegifts.com/Checko ... tener.ashx
Callback method: XML
Merchant ID: #############
Merchant Key: #############
Expiration Minutes: 30
Default Ship Rate: 0.00
Coupons: Enabled
Gift Certificates: Enabled
Use Basic Auth: Enabled
Gateway Environment: Production Environment
Debug Mode: Off

[jdpatterson74]

I have been talking with my hosting server and they are unable to figure out what is wrong with my google checkout not replying back with a notification of an order being processed.

I keep receiving this error on my merchant google checkout:
We encountered an error trying to access your server at https://www.herfavoritegifts.com/Checko ... tener.ashx -- the error we got is: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

The transcation goes to my bank, but I am not notified back on the web site.

On my google set up page (see above) is it set for XML call back, but on google help page it states this:
To receive Google notifications, specify an HTTPS callback URL secured by SSL v3 or TLS using a valid certificate from a major Certifying Authority. Only accept messages authenticated by HTTP Basic Authentication, using your Merchant ID and Merchant Key as the username and password.
Validate messages sent to your callback URL before processing them.

I am set on my google set up as a XML call back also.

Any ideas what could be wrong?


Thanks

[sohaib]

I heard something like this before. I can't remember exactly but I can recall that Google was selective about SSL certificates. It may not accept certificates from certain providers. Which CA have you got the SSL from? May be its not in Google's trusted CAs yet.

[AbleMods]

Looks like a permissions issue on the GoogleCheckout folder in the AC7 site. Clicking that link forces an IE security login dialog and it shouldn't so far as I know.

There's nothing in GC Setup that lets you specify a username and password for your site, so there's no way it can know how to authenticate past the login dialog. When I do the exact same thing on my site, it prompts for a certificate as it should.

[jdpatterson74]

Hey is what my hosting support stated:

If you browse https://www.herfavoritegifts.com/ and double click the lock logo, you should see the complete cert chain. Please verify it.

Also for https://www.herfavoritegifts.com/Checko ... tener.ashx, it is currently password protected. We are not sure whether it is secure to disable it. Maybe you should consult Google's support once more.

If I double click on the lock symbol, a little window appears with a question mark in the top left corner. That seems common, but it will not display a complete cert. If I click on the SSL Graphic, "Click to verify", that opens a window with my certificate, also looks good.


My currect permissions for the ~/checkout/google folder is:
IUSR_Machine_NAME -- RX
IUSR_USER_NAME -- RWXD
NETWORK -- RWX
NETWORK SERVICE -- RWXD

How do I did around the password protection, assuming that is my main problem?

Thanks,

Joshua

[AbleMods]

Ugh GoDaddy

Google Checkout online help shows they do support GoDaddy Level 2 SSL as a certificate authority. Here is the complete list of SSL they support: http://checkout.google.com/support/sell ... swer=57856

Don't quote me on this, but my understanding of the .ashx handler is this:
If you have basic authentication enabled, you must specifically set special permissions on the folder so Google Checkout can hit the URL with the order information.
If you do not have basic authentication enabled, the folder needs anonymous access enabled and should not be password-protected.

I had very weird things happen to my Google Checkout a few months ago - took Logan quite a while to figure it out, very bizarre stuff considering I built my own server, own my own hardware and had not touched permissions in the months before.

If you haven't already, get a ticket in with Able - I think this one is over my head at least.

[Logan Rhodehamel]

The error at the top looks like it was an SSL certificate that was not trusted by Google - this was a big problem at first but it seemed like they decided to trust a few more as time went by. Check the list that Joe provided above.

[jdpatterson74]

I called Godaddy SSL Tech support twice, they confirmed the SSL Cert. I have is a Version 3 and is on the Google approved list.

My hosting company followed the instructions on the help.ablecommerce:

http://help.ablecommerce.com/mergedProj ... eckout.htm

• Option B)
  For this option, both IIS and AbleCommerce are performing authentication checks. This provides a higher level of security.
  Open the Internet Information Services (IIS) Manager.
  Find the /Google/ folder and open the properties page.
  Click on the Directory Security tab.
  Click the EDIT... button.
  Un-check all authentication methods except for Basic authentication.
  Create a user on the server, using the merchant id as the username and the merchant key as the password.
  Assign the user to the /Google/ folder.

However, I have a merchant key with a "_" in it and the newly created user password can only have letters and numbers in it.

I asked google if I can be re-assigned a ID or Key and they said no.


So.....

I guess I can go with Option A:

• Option A)
  For this option, Google sends the basic authentication header properly and AbleCommerce can validate access. This provides the security of basic authentication with minimal server configuration.
  Open the Internet Information Services (IIS) Manager.
  Find the /Google/ folder and open the properties page.
  Click on the Directory Security tab.
  Click the EDIT... button.
  Un-check all the authentication methods except for "Enable anonymous access".

Is there any security concerns with using the less secure method?

[jdpatterson74]

My Certificate Hierarchy is:

• Builtin Object Token: Go Daddy Class 2 CA
  Go Daddy Secure Certification Authority
  http://www.websitename.com

[jdpatterson74]

I had my hosting company use Option B to enable basic auth for the google checkout:
Option B)

• For this option, both IIS and AbleCommerce are performing authentication checks. This provides a higher level of security.
  Open the Internet Information Services (IIS) Manager.
  Find the /Google/ folder and open the properties page.
  Click on the Directory Security tab.
  Click the EDIT... button.
  Un-check all authentication methods except for Basic authentication.
  Create a user on the server, using the merchant id as the username and the merchant key as the password.
  Assign the user to the /Google/ folder.

They responded with:
User "Merchant ID Number" is created and assigned with read permission to Google folder (D:~\Checkout\Google). They used my Merchant KEY as the password.

Yet, I am still receiving this error:
We encountered an error trying to access your server at https://www.herfavoritegifts.com/Checko ... tener.ashx -- the error we got is: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target


XML We Sent:

Code: Select all

<new-order-notification xmlns="http://checkout.google.com/schema/2" serial-number="SERIAL NUMBER">
  <timestamp>2008-08-01T18:05:47.393Z</timestamp>
  <shopping-cart>
    <items>
      <item>
        <item-name>Paradise by Alfred Sung</item-name>
        <item-description>The fragrance version of utopia, Paradise by Alfred Sung is an interpretation of what Paradise will smell like. Notes include tropical greens,tagete absolute, white peach, jasmine, gardenia buds, Rose de Mai petals, orchid vanille, sandalwood, and musk.</item-description>
        <quantity>1</quantity>
        <unit-price currency="USD">7.54</unit-price>
        <merchant-private-item-data>
          
          
          <basketItemId>20</basketItemId>
          
          
          <productId>352</productId>
          
          
          <orderItemType>Product</orderItemType>
          
          
          <shippable>Yes</shippable>
          
          
          <taxCodeId>1</taxCodeId>
          
          
          <weight>0</weight>
          
          
          <wrapStyleId>0</wrapStyleId>
          
          
          <optionList>597,0,0,0,0,0,0,0</optionList>
          
          
          <giftMessage>
          </giftMessage>
          
          
          <lineMessage>
          </lineMessage>
          
          
          <lastModifiedDate>8/1/2008 2:04:21 PM</lastModifiedDate>
          
          
          <orderBy>1</orderBy>
          
          
          <parentItemId>1524</parentItemId>
          
          
          <sku>403201</sku>
          
          
          <wishlistItemId>0</wishlistItemId>
          
        
        </merchant-private-item-data>
      </item>
    </items>
    <merchant-private-data>
      
      
      <BasketId>20</BasketId>
      
      
      <BasketContentHash>SOME RANDOM NUMBERS</BasketContentHash>
      
    
    </merchant-private-data>
    <cart-expiration>
      <good-until-date>2008-08-01T18:35:00.594Z</good-until-date>
    </cart-expiration>
  </shopping-cart>
  <order-adjustment>
    <merchant-calculation-successful>false</merchant-calculation-successful>
    <merchant-codes />
    <shipping>
      <merchant-calculated-shipping-adjustment>
        <shipping-name>Perfume Shipping</shipping-name>
        <shipping-cost currency="USD">PRICE</shipping-cost>
      </merchant-calculated-shipping-adjustment>
    </shipping>
    <total-tax currency="USD">0.0</total-tax>
    <adjustment-total currency="USD">PRICE</adjustment-total>
  </order-adjustment>
  <buyer-id>Some_Number#############</buyer-id>
  <google-order-number>Some_Number#############</google-order-number>
  <buyer-shipping-address>
    <email>EMAIL@gmail.com</email>
    <company-name></company-name>
    <contact-name>NAME</contact-name>
    <phone></phone>
    <fax></fax>
    <address1>Address</address1>
    <address2></address2>
    <country-code>US</country-code>
    <city>City</city>
    <region>State</region>
    <postal-code>Zip_Code</postal-code>
  </buyer-shipping-address>
  <buyer-billing-address>
    <email>EMAIL@gmail.com</email>
    <company-name></company-name>
    <contact-name>NAME</contact-name>
    <phone>PHONE</phone>
    <fax></fax>
    <address1>ADDRESS</address1>
    <address2></address2>
    <country-code>US</country-code>
    <city>CITY</city>
    <region>STATE</region>
    <postal-code>ZIP_CODE</postal-code>
  </buyer-billing-address>
  <buyer-marketing-preferences>
    <email-allowed>true</email-allowed>
  </buyer-marketing-preferences>
  <order-total currency="USD">PRICE</order-total>
  <fulfillment-order-state>NEW</fulfillment-order-state>
  <financial-order-state>REVIEWING</financial-order-state>
</new-order-notification>

[Logan Rhodehamel]

I don't believe you to the stage where the basic auth matters. The failure is occurring during the SSL handshake - the part where google and your server agree to talk over an encrypted link.

See: http://groups.google.com/group/google-c ... rtificates

This is a common problem spot for Google Checkout. It is having trouble establishing SSL communication with your server.

[jdpatterson74]

Logan,

At the bottom of that page (in link above), Solution #3, second "this thread" hyperlink will take you here:

**GoDaddy SSL cert not working in callback**
http://groups.google.com/group/google-c ... 2191?hl=en

OR here is the answer:

Code: Select all

It looks like you incorrectly installed your certificates. 

You can remove the following certificates: 


2 s:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification 
Authority 
   i:/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 
2 Policy Validation Authority/CN=http://www.valicert.com// 
emailAddress=i...@valicert.com 
-----BEGIN CERTIFICATE----- 

CODE

-----END CERTIFICATE----- 
 3 s:/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 
2 Policy Validation Authority/CN=http://www.valicert.com// 
emailAddress=i...@valicert.com 
   i:/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 
2 Policy Validation Authority/CN=http://www.valicert.com// 
emailAddress=i...@valicert.com 
-----BEGIN CERTIFICATE----- 

CODE

-----END CERTIFICATE----- 

I relayed that post to my hosting company and it solved my problem.