VPCart Realex Payment Gateway Important Service Announcement
If you are using Realex Payment Gateway with VPCart then, you would have received the reminder e-mail about discontinuation of SHA-1:
=========================
At Realex Payments, we are continually investing in our infrastructure to provide a constant, reliable and secure service to all our customers. In order to maintain our adherence to security best practice, we will be upgrading our security certificates in the coming months.
Security certificates are digitally signed with an encrypted hash to ensure that they have not been tampered with. Currently, we support certificates that have SHA-1 or SHA-2 cryptographic hash function.
However, weaknesses have been identified with SHA-1 that render it incompatible with security best practice. For this reason, we are discontinuing support for SHA-1. Following our upgrade, we will be supporting SHA-256 only.
This upgrade will take place on 1st November 2016. As this is consistent with a universal discontinuation of SHA-1 by the end of this year, extensions will not be available regarding this date. While we notified you of this requirement last year, as the discontinuation date is approaching, we wanted to ensure all necessary actions have been completed.
***Required Action***
We require you to check your systems to identify if you are targeting the following URLs:
• remote.payandshop.com (193.105.253.14)
• remote.sandbox.payandshop.com (193.105.253.166)
If you are targeting the above URLs, you must update to ensure your system can securely connect and process transactions against the below URLs:
• epage.payandshop.com (193.105.253.11)
• epage.sandbox.payandshop.com (193.105.253.147)
This must be completed in advance of 1st November 2016.
etc..
=========================
We at VPCart have fully reviewed and we can confirm that our existing Realex Payment Gateway module will not be affected by this update.
Realex will only update their web server certificate to not anymore support SHA-1, and this is not the algorithm we currently use to send the transaction (which is SHA-1).
Another confirmation is that, in our Realex payment gateway, we send the transaction to https://epage.payandshop.com which is the valid url and we do not use host url remote.payandshop.com which will be retired soon.
Therefore, if you continue to get the reminder e-mail from Realex, you can ignore it.
Cam Flanigan
VPCart Customer Care