App reviews, troubleshooting, and recommendations
Hi everyone,
i just created an payment app and granted required permission for OAuth token:
Solved! Go to the solution
This is an accepted solution.
Issue solved.
This issue is due to the SSL certificate we used. It's issued with an intermediary certificate (that we did not send), so on Shopify side they are not able to find the trusted root issuer because the SSL is missing the "middle part".
The solution is include the intermediate certificate in the certificate file.
Were you able to resolve this?
I have the same issue, Shopify assistance didn't help me. Did you solve it?
This is an accepted solution.
Issue solved.
This issue is due to the SSL certificate we used. It's issued with an intermediary certificate (that we did not send), so on Shopify side they are not able to find the trusted root issuer because the SSL is missing the "middle part".
The solution is include the intermediate certificate in the certificate file.
Thank You @Justin9987 , I would understant better the solution you applied.
To perform payment session Shopify needs to call /cart endpoint on my backend, in this step Shopify acts as a client and the connection between Shopify and my app backend must be "MTLS".
For my backend I can create a pair of private and public key, which I will call: RootCA.key and RootCA.pem
openssl genrsa -out RootCA.key 4096
openssl req -new -x509 -days 3650 -key RootCA.key -out RootCA.pem
What I'm not understanding is what should I do with the two certificate in Shopify MTLS page, which are:
Shopify's Payments Platform Root CA
-----BEGIN CERTIFICATE-----
MIICQTCCAeigAwIBAgIUe+t5Y8PXvczEIT25w+VFTeKQUn4wCgYIKoZIzj0EAwIw
bTELMAkGA1UEBhMCQ0ExEDAOBgNVBAgTB09udGFyaW8xDzANBgNVBAcTBk90dGF3
YTEQMA4GA1UEChMHU2hvcGlmeTEpMCcGA1UEAxMgU2hvcGlmeSBQYXltZW50IFBs
YXRmb3JtIFJvb3QgQ0EwHhcNMjEwMjI1MTk0OTQ5WhcNMjkwMjIzMTk1MDE5WjBt
MQswCQYDVQQGEwJDQTEQMA4GA1UECBMHT250YXJpbzEPMA0GA1UEBxMGT3R0YXdh
MRAwDgYDVQQKEwdTaG9waWZ5MSkwJwYDVQQDEyBTaG9waWZ5IFBheW1lbnQgUGxh
dGZvcm0gUm9vdCBDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABE2tRNrL28gM
eD6cVH1Evn40gTzoy+aH47QnAhs6oHBZ+pgN1iCK9G6u/Va1BdWqsbmmZMZfZkY4
x+kqHRjw29GjZjBkMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgED
MB0GA1UdDgQWBBRVqavxvOa9K9SKEuHz4ZmXcCyy5DAfBgNVHSMEGDAWgBRVqavx
vOa9K9SKEuHz4ZmXcCyy5DAKBggqhkjOPQQDAgNHADBEAiB+pPrzREg+NpenROMY
n5IH3OrORXERggd0+YLI5HhL/wIgcAo70tOV/0Vv9oGFjNbI9TpkeFUgb8Rc5Gh6
65LHwoQ=
-----END CERTIFICATE-----
Shopify's Payments Platform Secondary CA Production
-----BEGIN CERTIFICATE-----
MIICUjCCAfigAwIBAgIUXLkjZ6s/S+FzEbQABn9FmC3vCD8wCgYIKoZIzj0EAwIw
bTELMAkGA1UEBhMCQ0ExEDAOBgNVBAgTB09udGFyaW8xDzANBgNVBAcTBk90dGF3
YTEQMA4GA1UEChMHU2hvcGlmeTEpMCcGA1UEAxMgU2hvcGlmeSBQYXltZW50IFBs
YXRmb3JtIFJvb3QgQ0EwHhcNMjEwMjI1MTk0OTU1WhcNMjQwMjI1MTk1MDI1WjB9
MQswCQYDVQQGEwJDQTEQMA4GA1UECBMHT250YXJpbzEPMA0GA1UEBxMGT3R0YXdh
MRAwDgYDVQQKEwdTaG9waWZ5MTkwNwYDVQQDEzBTaG9waWZ5IFBheW1lbnQgUGxh
dGZvcm0gU2Vjb25kYXJ5IENBIFByb2R1Y3Rpb24wWTATBgcqhkjOPQIBBggqhkjO
PQMBBwNCAASB/PJiqXjVxmdKWsAjg8ljtdB6th71ZuiSjyMIHfUqe1zUGkNlGfhc
Wdxb/XSY1RiO0uZZJUTGsr37Aj42mPgDo2YwZDAOBgNVHQ8BAf8EBAMCAQYwEgYD
VR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4EFgQU9PLeHDNrctw7CkA6UhSNOZU8uVEw
HwYDVR0jBBgwFoAUVamr8bzmvSvUihLh8+GZl3AssuQwCgYIKoZIzj0EAwIDSAAw
RQIhAJkeNxYqCCPo115sgd20SN/87olMagNZqlJa8GZbo4oDAiB9S88ga4jsZCvA
ciExpaKrSSFdl4TTxpfLiNZX0OFU5w==
-----END CERTIFICATE-----
I'm following this guide to implement this integration on AWS:
https://aws.amazon.com/it/blogs/compute/introducing-mutual-tls-authentication-for-amazon-api-gateway...
But of course the problem is not only on aws.
i did not use the 2 certificate mentioned in Shopify side but still able to proceed.
My suggestion for you is make sure your endpoint is certified and valid for any client such as postman/browser.
If there is nothing wrong with above method then it might be permission or SSL issue which we did not know.
I believe that you need to get required permission from Shopify in order to build payment application on Shopify. You may check this out by reaching them with the method you had done.
This is not the first time we had encountered this checkout looping and the reason for this issue is after we purchase SSL from 3rd party.
I bought all my SSL certificates on AWS Certificate Manager.
@Justin9987 so you didn't implemented a specific MTLS connection but you make a normal SSL connection?
Reading Shopify documentation it seems MTLS is mandatory. Very strange.
We were accepted as payment provider and we have approved and enabled one app extension.
What we didn't do is listing, because we didn't test yet.
There are other Shopify verification to request?
Hi @gmarino
Did you solve the issue? We're facing the same issue with Goddady cert now. Try multiple ways but still not solved yet 😞
Did you setup MTLS? what web server are you using.
I've setup MTLS on a public Nginx server with Shopify's certs using Lets Encrypt cert for the server, and the call never reaches the configured URL(Draft mode), the logs shows no hits from Shopify.
Also for testing MTLS I've setup a Postman POST call with a client certificate which I've already added to the nginx MTLS config, and all the calls hit the url.
We setup MTLS per instruction of Shopify but got no luck 😞
We are not able to debug the request from Shopify to the APP API endpoint; thus no way to know what's happening and really struggling with this.
It's not something that works out of the box with the documentation/instruction.
Just in case it helps, this is the Nginx config for the site I have setup
In the file /etc/nginx/client_certs/mtlscerts.crt , I have concatenated Shopify's certs from the docs and also a client certificate I generated to make sure config MTLS is working.
For DNS I am using Cloudflare with no proxy
Hi Justin9987
I am also facing the same issue in payment app. I have apache installed on server, SSL certificate from Lets Encrypt and also put Shopify CA
but still in testing same error..
Please help
We appreciate the diverse ways you participate in and engage with the Shopify Communi...
By JasonH Sep 9, 2024Thanks to everyone who participated in our AMA with 2H Media: Marketing Your Shopify St...
By Jacqui Sep 6, 2024The Hydrogen Visual Editor is now available to merchants in Shopify Editions | Summer '...
By JasonH Sep 2, 2024