evolvewh Posted August 19, 2015 Report Share Posted August 19, 2015 During checkout, you can enter anything you like for the CSR and it will accept it. I put 'asfas' in and it accepted it. Quote Link to comment Share on other sites More sharing options...
Tyson Posted August 21, 2015 Report Share Posted August 21, 2015 The only validation on the CSR field is that it is not blank. If a customer enters an invalid CSR, I don't think GoGetSSL will accept it when attempting to provision the service. Ideally, the CSR would be entered after the service is setup in Blesta. If there is a way to validate the CSR is correct for the domain at that point, then that would be the place to do it. Quote Link to comment Share on other sites More sharing options...
Michael Posted August 21, 2015 Report Share Posted August 21, 2015 The only validation on the CSR field is that it is not blank. If a customer enters an invalid CSR, I don't think GoGetSSL will accept it when attempting to provision the service. Ideally, the CSR would be entered after the service is setup in Blesta. If there is a way to validate the CSR is correct for the domain at that point, then that would be the place to do it. Is there a way to check if it starts and ends with that special bit like ----------- Start CSR -------- Quote Link to comment Share on other sites More sharing options...
Tyson Posted August 21, 2015 Report Share Posted August 21, 2015 You could, but that still doesn't mean it's a valid CSR if it passes that rule either. I'm not sure if GoGetSSL's API provides a method to validate the CSR, but creating a rule that checks that would be the best route to go. Michael 1 Quote Link to comment Share on other sites More sharing options...
Max Posted August 22, 2015 Report Share Posted August 22, 2015 I'm not sure if GoGetSSL's API provides a method to validate the CSR, but creating a rule that checks that would be the best route to go. I don't know if that's a problem with GoGetSSL, but our experience with a different provider in our current (custom) billing system is that the API methods offered to check CSRs often leaves to be desired. It only checked if the CSR is well formed. But did not check if the public key used is at least 2048 bit -which is a hard requirement nowadays- and the CSR still got rejected with a cryptic error message when the user actually proceeded with the order... So it's better to do some basic local checks yourself as well, among the lines of: $key = openssl_csr_get_public_key($csr); if (!$key) // print error csr is not valid $keyinfo = openssl_pkey_get_details($key);if ( $keyinfo['bits'] < 2048) // print error key is not 2048 bits Ideally, the CSR would be entered after the service is setup in Blesta In our current system, we prefer not to allow an order to be placed without one either. More or less a business decision to prevent extra support and administration for refunds, if they do not manage to create one. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.