Reputation: 329
ColdFusion9: Can't connect to PayPal Sandbox (classic NVP)
Server: Windows Server 2012 Cold Fusion: 9,0,1,274733 Update-Level: hf901-00011.jar Running on java version: 1.7.0_79 Java home points to the right path.
All certificates (for live and sandbox) are imported into the keystore of this JDK 1.7.0_79. I've tested it and renaming the cacerts file results in an error when connecting to the live API.
Testing the cacerts file using the keytool shows that the apropriate certificates are properly imported.
A little order app provides payment using PayPal.
First step is a connection to PayPal using the method "setExpressCheckout". The connection to the live API using NVP at URL https://api-3t.paypal.com/nvp works and delivers the token URL-string. The connection to the sandbox API using NVP at URL https://api-3t.sandbox.paypal.com/nvp fails with the error response:
I/O Exception: peer not authenticated
Connection Failure
Unable to determine MIME type of file.
Connection Failure. Status code unavailable.
Calling the URL https://api-3t.sandbox.paypal.com/nvp from the server works.
Test 1
- imported the sandbox certificate for api-3t.sandbox.paypal.com
- restart CF service
- connection test failed with the same error
Test 2
- renamed the cacerts file to cacerts.bak
- copied the cacerts file from jre1.8.0_31\lib\security to the 1.7.0_79\lib\security
- there is no specific PayPal cert in the cacerts file
- restart the CF service
- connection to live API works
- connection to sandbox api fails with the same error
The weird thing is that the connection to the live api works without importing the specific certificate into the keystore when using the 1.8xx cacerts file.
I can't figure out why the connection to the sandbox fails. Maybe I can get new hints here? If there are more informations needed please let me know. Thank you in advance.
Upvotes: 0
Views: 330
Answers (1)
Reputation: 329
Problem solved!
Scott Jibben (see his comment above) mentioned that the PayPal sandbox may already decline TLS1 connections in order to the upcoming change to do so in the PayPal live API. This is absolutely right. But while in CF11 this isn't a problem because CF11 and its JRE are already using TLSv1.2, CF8-10 are using the default protocol of their JRE. If not, one can force CF to use TLSv1.2 with the JVM argument
-Dhttps.protocols=TLSv1.2
Short:
CF8-10 are using TLSv1 while running with JDK1.70_79 and below no matter what the JVM startup argument -Dhttps.protocols was set to. This is because the default protocol of these Java versions is TLSv1 and CF8-10 are simply ignoring the JVM startup argument -Dhttps.protocols and always use the JDK's default protocol. This has changed with CF11 therefore it works fine with it.
Read detailed informations in a post from Wil Genovese at: https://www.trunkful.com/index.cfm/2014/12/8/Preventing-SSLv3-Fallback-in-ColdFusion
What I did
I've installed the JDK1.8.0_144 and set up Cold Fusion 9 to use this one. Since then the connection to the PayPal sandbox API at api-3t.sandbox.paypal.com works pretty well.
Hope this may help others with this old and by now a little odd CF9.
Upvotes: 1
Related Questions
- NVP API does not work in Sandbox paypal environment
- Paypal sandbox always responds with "User authentication failed" (code: 1)
- PayPal API OAuth2 I/O Exception: peer not authenticated
- PAYPAL IPN postback returns INVALID
- Payflow Pro Gateway Java SDK on 64 Bit Server (ColdFusion)
- PayFlowPro Integration Problems with ColdFusion and Curl
- PayFlow sandbox integration issue
- Paypal integration in coldfusion
- New PayPal iOS SDK (beta) - Can't connect to sandbox
- Paypal sandbox doesn't work?