logo

iDEAL 3.3, SEPA and IBAN in cciDEAL Platform 2.8+

This article only applies to websites using a version of cciDEAL Platform before 2.8.x, and ING Advanced or Rabo Professional -> Rabobank Business Banking. In that case you are using “iDEAL 2”. Most accounts that where activated before 1 October 2012 use iDEAL 2, and accounts activated after 1 October 2012 use iDEAL 3.

Rabobank iDEAL Professional : https://www.rabobank.nl/bedrijven/betalen/klanten-laten-betalen/ideal-professional
ING Advanced : https://www.ing.nl/zakelijk/geld-ontvangen/ideal
Migration-> https://www.ing.nl/zakelijk/geld-ontvangen/het-nieuwe-ideal

Page contents:

Introduction

Background

Due to European regulations (SEPA) and improved security standards the banks have created a new version of iDEAL, called “iDEAL 3”. You have probably received information about this from your bank. If you are using iDEAL accounts ING Advanced or Rabobank Professional you will need to update to iDEAL 3, even if you implemented iDEAL years ago. You needed have completed this as of the summer of 2013, when iDEAL 2 was permanently disabled!

To support iDEAL 3 implemented the new code for this iDEAL version into cciDEAL Platform. This has been done in cciDEAL Platform 2.8.x, so customers using earlier versions of cciDEAL Platform with ING Advanced or Rabobank Professional need to update to cciDEAL Platform 2.8 or higher. This was not just a simple installation of the the new version, the configuration and certificates also needed to be updated. This manual explains all necessary steps.

Renewing your order

Did you order cciDEAL Virtuemart or cciDEAL Platform more than a year ago, and is your order now expired? You will need to renew your order to get access to cciDEAL Platform and of course support.

Joomla! 4

Presently: We have discontinued support for Joomla! 3.x . Support for Joomla! 4.x. is ongoing in cases of a ongoing active subscription.
We would have maintained support for Joomla! 3.10 for customers that can not migrate to Joomla! 4x yet, this however only under certain conditions and where/if possible. You should however realize that Joomla! 3x is no longer supported by the Joomla! project itself, and our own support for that version is also limited , in most cases until/to certain extend for which every case scenario will be first monitored carefully. Our extensions are compatible according to the general requirements. For cleaning up after the fact in cases during a migrate is all up to you as it is to be considered as very time consuming and costly. Migrate to Joomla! 4.x as soon as possible and consult all measurements that has to be taken beforehand.

PHP 8.1.x

Make sure your website is on a server with this version before you try to update!).
https://www.php.net/manual/en/openssl.requirements.php

Requirements :

  • In order to use the OpenSSL functions you need to install the » OpenSSL library. PHP 7.0 requires OpenSSL >= 0.9.8, < 1.2.
  • PHP 7.1-8.0 requires OpenSSL >= 1.0.1, < 3.0. PHP >= 8.1 requires OpenSSL >= 1.0.2, < 4.0.
  • Socket library enabled
  • No (server) firewall that blocks iDEAL communication
  • No security extensions that block iDEAL (Firewall in RSFirewall and sh404SEF)

Warning:
You are strongly encouraged to use a maintained OpenSSL version, otherwise your web server could be vulnerable to attack.
For the older versions no longer in support:
In Joomla! 1.5 you can view the PHP version under Help > System info > PHP information and in Joomla! 2.5 go to Site > System information > PHP information.

cciDEAL Platform itself supports PHP 5.3 and PHP5.4. Also make sure that OpenSSL is at least OpenSSL 1.0.1g or higher (also because of Heartbleed)

Requirements older versions :

  • PHP 5.3 or PHP 5.4 for SHA256 support
  • New certificates with a 2048 BIT key, valid for maximum of 5 years (1825 days)
  • Joomla! 1.5 or 2.5
  • OpenSSL 1.0.1g or higher (also because of Heartbleed)
  • Socket library enabled
  • No (server) firewall that blocks iDEAL communication
  • No security extensions that block iDEAL (Firewall in RSFirewall and sh404SEF)

Update steps

cciDEAL Platform has the ability to store configuration details and certificates for iDEAL versions in one website, so the downtime of iDEAL payments in your website will be minimal. You can setup in a demo location, and then switch to it when all changes have been made and you feel confident you updated correctly. When making transitions, prepare to make it in one go.

Some hosters do update servers to higher PHP versions, the possibility is there that then they do not update to OpenSSL 1.0.1g or higher (also because of Heartbleed).Please check FAQ 2 at the bottom of this page in cases of those hosters! When experiencing such issues, do contact your hoster.

Creating the backups

  1. Create a backup of the entire website (tip: Akeeba Backup)
  2. Go to Components > cciDEAL Platform > Configuration and copy all details to a text document
  3. In the configuration, also download the current certificates. Unzip the package and make sure both cert.cer and priv.pem are there.

Creating new certificates – method 2

  1. Remind yourself to check:
    1. the validity period
    2. you eventually need to use the generated certchain.cer instead of cert.cer
  2. Login to your production iDEAL dashboard for your bank
    1. ING
    2. Rabobank
  3. Upload the new certificate cert.cer or certchain.cer gateways there.
  4. Switch to the new certificate in the dashboard, and test if all well. then you can already test

Certificates 2021:
Remember we reminded you to write a reminder in your agenda (or tellyour customer) to create new certificates 4 years from now! So do write another  reminder in your agenda (or tell your customer) to create new certificates 4 years from now please.
For now do follow these steps:

Updating the cciDEAL configuration

  1. Download and install the latest version of cciDEAL Platform .
  2. Go to Components > cciDEAL Platform > Configuration, and under “iDEAL account” switch to version “iDEAL 3”.
  3. Upload the new certificates (cert.cer or certchain.cer and priv.pem).
  4. If you used a new and different private key for the iDEAL 3 certificates which was compared to the iDEAL 2 certificates (in Creating new certificates – method 1, step 2 or Creating new certificates – method 2), enter this private key in the cciDEAL configurtion in the “Private key” field.
  5. Make sure all other details in the configuration are still filled (Merchant ID etc)
  6. Save the configuration.

Making a test payment

  1. Now go to the site and make a real “test” payment.
  2. Make sure the order status is automatically updated in Components > cciDEAL Platform > Payments and your extension.
  3. If you encounter issues, please send a support email on our website with prefix [iDEAL3]. We will give these tickets a higher priority.

Frequently asked questions

If your error or problem is not described in the below FAQ’s, also view the general frequently asked questions.

1) Error: Value too short, Value too long or MerchantID unknown

Most of the time these errors indicate that cciDEAL Platform is not communicating to the bank in the correct iDEAL version “language”. If you get one of these errors, contact your bank and ask them to make sure your account already supports iDEAL . Also make sure you selected the correct  “iDEAL ” in drop down “iDEAL version” in Components > cciDEAL Platform > Configuration.

If the issue is not solved with the above tips, also view FAQ 8 in the general frequently asked questions.

2) Warning: openssl_sign() … Unknown signature algorithm … OR … Cannot sign message … 

The issue is probably due to the server. The server is using older PHP but OpenSSL (a PHP module required for iDEAL) was not updated and still using an older version. The version should be at least OpenSSL 1.0.1g or preferably higher (also because of Heartbleed). Please ask your hoster to update OpenSSL, and it should work then. We know that at least some hosters have servers with this issue, hopefully the corrected it over the time being.

On the below page use CTRL F to search for OpenSSL until you find the version:
  • In Joomla! 4.x go to System > System information > PHP information.

Reminder:
Joomla! 3.10 , 2.5x & Joomla! 1.5 are no longer supported. If you are still on them:

  • In Joomla! 3.x go to System > System information > PHP information.
  • In Joomla! 2.5 go to Site > System information > PHP information.
  • In Joomla! 1.5 you can view the OpenSSL version under Help > System info > PHP information.