Error with Payware Connect - The remote certificate is invalid according to the validation procedure

Error with Payware Connect - The remote certificate is invalid according to the validation procedure

Release Date: 12/15/2017

QWe started getting the following error on certain workstations yesterday when trying to pre-authorize a credit card with Payware Connect. Originally it was on the remote server, where some users worked and some didn't. We rebooted that server last night but some users are still having issues. We also had a local user here who started having the same issue this morning. I have attached a sample of the error in the XML2PWC.LOG file (in M:\Elliott7\LOG\01 folder): 

2017/12/13 11:55:50.207 Connect : https://prod1.ipcharge.net/ipchapi/rh.aspx
2017/12/13 11:55:50.207 Request : <TRANSACTION><FUNCTION_TYPE>PAYMENT</FUNCTION_TYPE><PAYMENT_TYPE>CREDIT</PAYMENT_TYPE><COMMAND>PRE_AUTH</COMMAND><USER_ID>********</USER_ID><USER_PW>********</USER_PW><CLIENT_ID>************</CLIENT_ID><MERCHANTKEY>*****************</MERCHANTKEY><TRANS_AMOUNT>107.47</TRANS_AMOUNT><CARDHOLDER>************</CARDHOLDER><INVOICE>405205</INVOICE><TICKET_NUM>405205</TICKET_NUM><ACCT_NUM>430023*******3657</ACCT_NUM><EXP_MONTH>**</EXP_MONTH><EXP_YEAR>**</EXP_YEAR><CVV2>***</CVV2><CUSTOMER_STREET>********</CUSTOMER_STREET><CUSTOMER_ZIP>*****</CUSTOMER_ZIP></TRANSACTION>
2017/12/13 11:55:51.488 Error : System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
  at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
  at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
  at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
  at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
  at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
  at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
  at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
  at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
  at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
  at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
  at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
  at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
  at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
  at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
  at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
  at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
  at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
  at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
  at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
  at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
  at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
  at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
  at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
  at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
  at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
  at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
  at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
  at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
  at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
  at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
  at System.Net.TlsStream.CallProcessAuthentication(Object state)
  at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
  at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
  at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
  at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
  at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
  at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
  at System.Net.ConnectStream.WriteHeaders(Boolean async)
  --- End of inner exception stack trace ---
  at System.Net.HttpWebRequest.GetResponse()
  at El7Net.EL8PWPNT.SendXMLToPWC(String _XMLString, String url) in G:\NSI.SRC\nw81\EL8PWPNT\ELPWCPNT\EL8PWPNT.vb:line 1685


A - As far as I can see, some of your workstations failed to use secure communication (SSL/TLS) with Payware Connect servers. Payware Connect requires TLS 1.2 to function. The message says “The remote certificate is invalid according to the validation procedure.” That seems to indicate there is a certificate issue. From the workstation that has problem, use IE to connect to https://prod1.ipcharge.net/ipchapi/rh.aspx. You should see a response “Bad Request." Then you can click on the “lock” icon on the toolbar to show the certificates. See sample screen below:



From there, refer to the instructions of the following article for more details:
               

As a comparison, it will also be helpful to perform the same procedure from a workstation that does not have this problem.

Follow-Up on this Incident
As a follow-up to this support incident, the user who had this error provided the following information to confirm how the problem was solved.  This may not be the same issue for you if you should encouter a certificate error.  We are providing it here simply as an example:

So apparently this was a firewall setting issue. I have a list of websites that are in an SSL Exemption area on our Barracuda Firewall. Ipcharge.net and ipcharge2.net were in the listing since the firewall was put into place last year. I recently removed them when troubleshooting an issue with ipcharge.com with an inhouse client, thinking that they updated their URL and .net was no longer needed. I have since reapplied those two to the SSL Exemption area and all seems to be well in the world.

The SSL Exemption area of the firewall allows the true SSL cert to be passed on directly to the client making the call. We have SSL inspection enabled on our firewall, which basically replaces the SSL cert with a Barracuda SSL cert so we can inspect those encrypted packets. Certain websites hate that and I have to add them to the exemption list. So long story short, oops it was my fault.



EMK



    • Related Articles

    • The Remote Certificate Is Invalid According to the Validation Procedure

      Q - In Elliott V8, I configure my mail server by using the internal NETBIOS name, which is "ts3" in this case. I choose to validate and enable the SSL. See sample screen screen below. Then I click on the "Test" button to see if this configuration ...
    • Payware Connect Communication Error

      Q - We are using Payware Connect for credit card processing. We have seen the below credit card processing error message a few times today. We do not recall seeing this particular error message before. See sample screen below. What caused it? A - ...
    • What Does Error Code 2029999 Mean in Payware Connect SIMEvent.Log File?

      Revised: 01/02/2021 Version: 7.5 & Up Q - We are receiving the following messages when processing credit cards with Payware Connect: ERROR NOT_AUTHORIZED See sample screen below: Since this message is very vague, I looked into the SIMEvent.Log file ...
    • Payware PC Server Actively Refuses Credit Card Transaction

      Q: When I process a credit card transaction in Elliott, I receive a message indicating the server is actively refusing the network traffic connection. As a result, the credit card processing fails. But if I go to the Payware PC credit card server, I ...
    • Procedure to Process Credit Card by Reference ID

      There is a feature in Elliott's Credit Card solution to process credit card transactions by using a reference ID. This is a great alternative because then you don't have to store credit card numbers locally, which will make PCI compliance a lot ...