iDEAL 3.3, SEPA and IBAN in cciDEAL Platform 2.8+
This article only applies to websites using a version of cciDEAL Platform before 2.8.x, and ING Advanced or Rabobank Professional. In that case you are using “iDEAL 2”. Most accounts that where activated before 1 October 2012 use iDEAL 2, and accounts activated after 1 October 2012 use iDEAL 3.
Due to European regulations (SEPA) and improved security standards the banks have created a new version of iDEAL, called “iDEAL 3”. You have probably received information about this from your bank. If you are using iDEAL accounts ING Advanced or Rabobank Professional you will need to update to iDEAL 3, even if you implemented iDEAL years ago. You need to complete this update before the summer of 2013, when iDEAL 2 will be permanently disabled!
To support iDEAL 3 we needed to implement the new code for this iDEAL version into cciDEAL Platform. This has been done in cciDEAL Platform 2.8.x, so customers using earlier versions of cciDEAL Platform with ING Advanced or Rabobank Professional need to update to cciDEAL Platform 2.8 or higher. This is not just a simple installation of the the new version, the configuration and certificates also need to be updated. This manual explains all necessary steps.
Renewing your order
Did you order cciDEAL Virtuemart or cciDEAL Platform more than a year ago, and is your order now expired? You will need to renew your order to get access to cciDEAL Platform 2.8.x (and support).
We have maintained support for Joomla! 1.5 in cciDEAL Platform 2.8.x for customers that can not migrate to Joomla! 2.5 yet. You should however realise that Joomla! 1.5 is no longer supported by the Joomla! project, and our own support for that version is also limited. Update to Joomla! 2.5 or 3.x as soon as possible! Read more about Joomla! 1.5 support here andJoomla! 3.x support here.
iDEAL 3 requires PHP 5.3. Make sure your website is on a server with this version before you try to update! In Joomla! 1.5 you can view the PHP version under Help > System info > PHP information and in Joomla! 2.5 go to Site > System information > PHP information. cciDEAL Platform itself supports PHP 5.3 and PHP5.4. Also make sure that OpenSSL is at least OpenSSL 1.0.1g or higher (also because of Heartbleed).
- PHP 5.3 or PHP 5.4 for SHA256 support
- New certificates with a 2048 BIT key, valid for maximum of 5 years (1825 days)
- Joomla! 1.5 or 2.5
- OpenSSL 1.0.1g or higher (also because of Heartbleed)
- Socket library enabled
- No (server) firewall that blocks iDEAL communication
- No security extensions that block iDEAL (Firewall in RSFirewall and sh404SEF)
iDEAL 2 and iDEAL 3 will work alongside each other until the summer of 2013. cciDEAL Platform also has the ability to store configuration details and certificates for both versions in one website, so the downtime of iDEAL payments in your website will be minimal. You can setup iDEAL 3 in a demo location, and then switch to it when all changes have been made and you feel confident you updated correctly. Please do note: the banks have informed us that a certain period of time after you make your first iDEAL 3 payment, iDEAL 2 shall be disabled for your account! So when you make this transition, prepare to make it in one go. Also plan to do it at the beginning of the week, so we are available to support you. We are not in the office for support on weekends!
Creating the backups
- Create a backup of the entire website (tip: Akeeba Backup)
- Go to Components > cciDEAL Platform > Configuration and copy all details to a text document
- In the configuration, also download the current certificates. Unzip the package and make sure both cert.cer and priv.pem are there.
Creating new certificates – method 2
The ING bank also has a manual for creating the new certificates with the 2048 BIT key. The manual works with ING Advanced and Rabo Professional. Manual: Creating new certificates.
- There are a few errors in the manual (which we already communicated to the ING), please find the solutions below:
- the validity period should be 1825 days (5 years), not 10 years
- you eventually need to use the generated certchain.cer instead of cert.cer
- Login to your production iDEAL dashboard for your bank
- Upload the new certificate cert.cer or certchain.cer there.
- Write a reminder in your agenda (or tell your customer) to create new certificates 4 years from now!
Updating the cciDEAL configuration
- Download and install the latest version of cciDEAL Platform 2.8.x.
- Go to Components > cciDEAL Platform > Configuration, and under “iDEAL account” switch the version to “iDEAL 3”.
- Upload the new certificates (cert.cer or certchain.cer and priv.pem).
- If you used a new and different private key for the iDEAL 3 certificates compared to the iDEAL 2 certificates (in Creating new certificates – method 1, step 2 or Creating new certificates – method 2), enter this private key in the cciDEAL configurtion in the “Private key” field.
- Make sure all other details in the configuration are still filled (Merchant ID etc)
- Save the configuration.
Making a test payment
- Now go to the site and make a real “test” payment.
- Make sure the order status is automatically updated in Components > cciDEAL Platform > Payments and your extension.
- If you encounter issues, please send a support email on our website with prefix [iDEAL3]. We will give these tickets a higher priority.
Frequently asked questions
If your error or problem is not described in the below FAQ’s, also view the general frequently asked questions.
1) Error: Value too short, Value too long or MerchantID unknown
Most of the time these errors indicate that cciDEAL Platform is not communicating to the bank in the correct iDEAL version “language”. If you get one of these errors, contact the bank and ask them to make sure your account already supports iDEAL 3. Also make sure you selected “iDEAL 3” in drop down “iDEAL version” in Components > cciDEAL Platform > Configuration.
If the issue is not solved with the above tips, also view FAQ 8 in the general frequently asked questions.
2) Warning: openssl_sign() … Unknown signature algorithm … OR … Cannot sign message …
The issue is probably due to the server. The server is using PHP 5.3 but OpenSSL (a PHP module required for iDEAL) was not updated and still using an old version. The version should be at least OpenSSL 1.0.1g or higher (also because of Heartbleed). Please ask your hoster to update OpenSSL, and it should work then. We know that at least the following hosters have servers with this issue: Hosting2GO, Webreus.
- In Joomla! 1.5 you can view the OpenSSL version under Help > System info > PHP information.
- In Joomla! 2.5 go to Site > System information > PHP information.
- In Joomla! 3.x go to System > System information > PHP information.