Announcement

**pinbrook** · 02-Aug-2006, 02:45 PM

Actinic does not require a host that offers SSL.

you can choose to buy an SSL cert in addition to your hosting package, again not all hosts sell SSL certificates.

Nochex/Paypal and other PSPs do not require you to have an SSL cert, as all sensitive processing is done on their own secure servers

If you need info on hosts that Actinic recommend and therefore are fully compliant with the requirements of actinic there is a list on their website.

Cheap hosts often do not run all the services that Actinic requires, which is often the reason they are cheap, and often more suited to home users or business sites and aren't much more than html.

**petesouthwest** · 02-Aug-2006, 02:48 PM

Hi

So Nochex saying that the Actinic script needs SSL support to be able to respond to posts from HTTPS websites is a load of bull then? and yet another red hearing

Pete

**Duncan Rounding** · 02-Aug-2006, 02:49 PM

I'm using 1and1 Business Pro with multiple domains.
I have shared SSL but don't customise the Nochex checkout.

Actinic does not require SSL for Nochex - at least not with a non-customised checkout.

**Duncan Rounding** · 02-Aug-2006, 02:50 PM

Originally posted by petesouthwest

Hi

So Nochex saying that the Actinic script needs SSL support to be able to respond to posts from HTTPS websites is a load of bull then? and yet another red hearing

Pete

If you wish to have your logo in the Nochex checkout then I would expect that your logo would have to be saved on SSL or at least shared SSL space. (I've done this with Paypal)

**petesouthwest** · 02-Aug-2006, 03:20 PM

Originally posted by drounding

I'm using 1and1 Business Pro with multiple domains.
I have shared SSL but don't customise the Nochex checkout.

Actinic does not require SSL for Nochex - at least not with a non-customised checkout.

Thank you for replying

but why do you say SSL is not required? Its interetsing to me that you are one of the only people who say Nochex and Actinc works (and use it) and you have SSL support on your webserver.

I dont think Nochex are saying I need a secure site, just support for a SSL protocol. AFAIU the two are different.

Pete

**petesouthwest** · 02-Aug-2006, 03:29 PM

Originally posted by pinbrook

Nochex/Paypal and other PSPs do not require you to have an SSL cert, as all sensitive processing is done on their own secure servers

If you need info on hosts that Actinic recommend and therefore are fully compliant with the requirements of actinic there is a list on their website.

I thought it took several days to move a domain name to a new host, changing host is therfore not to be done lightly. It certainly takes several days for the domain to propogate to with the new DNS servers.

I didnt think SSL support and an SSL cert are the same thing? Nochex are not saying we need a secure site, only support for SSL protocol. I was under the impression that this was a simple Perl module.

Pete

**cdicken** · 02-Aug-2006, 04:45 PM

Does Actinic require a host that offeres SSL?

The answer is no. You don't need any SSL on your Actinic site in order to be able to link to a PSP.

**petesouthwest** · 02-Aug-2006, 05:43 PM

Originally posted by cdicken

The answer is no. You don't need any SSL on your Actinic site in order to be able to link to a PSP.

I hope your right, but can you explain why not?
this is why I ask:

What I know:

The APC Process:
AFAIU When a customer buys a product the Actinic page posts details to the
Nochex servers, those details include the URL of the Actinic script used by the shoping cart to respond. The Nochex servers then send simple HTTP POST requests to the Actinic script on my website�s server. The Actinic script then POSTs this data back, and NOCHEX authorises it. As part of the notification process, APC requires that your script post the data back to NOCHEX to confirm the integrity of the data received. Once that handshaking is complete, the actinic script has all the data it needs.

Nochex setting in Actinic:
In the OCCUpgrade\OCCUpgrade.ini file under [OCCProvider:52] it has an entry for ProviderURL='https://www.nochex.com/nochex.dll/checkout'
I'm not aware of any setting in Actinic for HTTP://www.nochex.com

Applying this to Actinic

As the entry in OCCUpgrade is for https://www.nochex.com/nochex.dll/checkout' I assume:
When a customer buys a product the Actinic page posts details to the
https://www.nochex.com/nochex.dll/checkout, those details include the URL of the Actinic script used by the shoping cart to respond, os0000x.pl (x=1 in my case). https://www.nochex.com/nochex.dll/checkout then send simple HTTP POST requests to the Actinic script on my website�s server. The Actinic script then POSTs this data back to https://www.nochex.com/nochex.dll/checkout, and NOCHEX authorises it. As part of the notification process.

So I beleive (and nobody seems to be able to explain why I'm wrong at the moment) that the scrpit has to post back to an HTTPS site as it only knows about an HTTPS site.

From what I have found at the moment everybody says in order for a perl script to post to an HTTPS site the webserver running the script needs to have SSL support. That does not mean it has to have an SSL cert or be a secure site.

AFAIU the initial link to the HTTPS site works as it is not a perl script initiating the post event, but an HTML one.

If there are errors in my thinking could you say where? I just want to understand

and to fix my problem of course

Pete

**Duncan Rounding** · 02-Aug-2006, 05:54 PM

I don't know that level of detail but why not try Actinic's test server with a completely new default site and see if your site works fom there instead of your host. That might prove whether it's on your host side or your setup in some way.

EDIT - This is not possible on the Actinic test servers.

**wjcampbe** · 02-Aug-2006, 06:08 PM

Duncan - I don't think the Actinic trial servers allow connection to PSP's.

Pete, my understanding of the process is different. I believe that when the PSP is selected, the Perl integration script, created by that PSP for use only with that PSP, takes over - and all communication is handled using the protocols controlled by that script until final Authorised return to your site.

Actinic is divorced from the process from the moment you select your PSP and click next, till you land back on the receipt page.

**petesouthwest** · 02-Aug-2006, 06:11 PM

Originally posted by drounding

I don't know that level of detail but why not try Actinic's test server with a completely new default site and see if your site works fom there instead of your host. That might prove whether it's on your host side or your setup in some way.

Excellent idea!

How do I do that though?
I used the trial area when I first looked at the evaluation download months ago. But how would I go about using it for my site now?

Also thinking about it. how would I know whether the test server has SSL support or not? Its not going to show up in the browser.

Also as the default site doesnt work, I'm fairly convinced it isnt my setup that is the problem.

Pete

**petesouthwest** · 02-Aug-2006, 06:30 PM

Originally posted by wjcampbe

Pete, my understanding of the process is different. I believe that when the PSP is selected, the Perl integration script, created by that PSP for use only with that PSP, takes over - and all communication is handled using the protocols controlled by that script until final Authorised return to your site.

Actinic is divorced from the process from the moment you select your PSP and click next, till you land back on the receipt page.

Hiya

But thats not how the Nochex documentaion says:

How does the Nochex APC work?

The Nochex APC system works by sending a confirmation POST to a URL on your server. The POST contains details about the transaction that has just taken place. Your server then sends the information it has just received back to a secure page on the Nochex server which responds to you with AUTHORISED or DECLINED.

http://help.nochex.com/esupport/inde...details&_i=104

and the PDF definatly shows handshaking going on:

Step 4: At the time the payment has been made, NOCHEX will post a confirmation to the responder URL you specified which includes the information about the transaction as well as the security key.

NOCHEX Server ->Your Server

Step 5a: When your server receives the APC confirmation, it should return all of the information posted to you including the security key to the NOCHEX APC authentication page (https://www.nochex.com/nochex.dll/apc/apc).

NOCHEX Server <-Your Server

Step 5b:The NOCHEX authentication page will then respond to you with an �AUTHORISED� or �DECLINED� message.

NOCHEX Server ->Your Server

Step 6: After your server has received the �AUTHORISED� response you should check the details to make sure the amount and the email addresses match up with a prior order. If a �DECLINED� response is received it should be treated as suspicious and investigated.

So the script on my server is the one distributed by Actinc. And Presumably os00001.pl

Sorry if I'm begining to sound argumentative, I'm just very tired, and extremly frustrated.

Its 7:30, another day is passing and I still havent heard anything about how to resolve this issue, except from Nochex, who say I need SSL support. Although this seems to make sence to me, the only option my host is suggesting is a �100/month package. Before I commit to that I would just like it confirmed and explained by Actinic.

I still think its interesting that the people who have raised this issue in the past have emailed me saying they never got it fixed and Duncan, who is the only person replying on this forum saying his setup works, has SSL on his site.

Pete

**Duncan Rounding** · 02-Aug-2006, 06:52 PM

Originally posted by petesouthwest

Excellent idea!

How do I do that though?
I used the trial area when I first looked at the evaluation download months ago. But how would I go about using it for my site now?...

As correctly pointed out by Bill the Actinic test server does not support PSP connections. Sorry for that.

**petesouthwest** · 02-Aug-2006, 07:04 PM

Originally posted by drounding

As correctly pointed out by Bill the Actinic test server does not support PSP connections. Sorry for that.

OK Duncan, thank you, it was a good idea though. I started looking for a free webhost last night in desperation. Didnt find one though

Wondering about setting up my own! rofl

Still waiting to hear from Actinic.

Pete

Announcement

Does Actinic require SSL support?

Does Actinic require SSL support?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment