Rapid Web News

Rapid Web have recently launched a series of new websites for our client ATG Training. The sites showcase the broad range of training courses and apprenticeships that this highly-experienced training provider has to offer. These sites have all been built with Rapid Web’s own bespoke content management system to allow ATG Training to make edits and updates as necessary. A custom course booking module designed specifically for ATG’s needs has also been incorporated. Check out the new sites – ATG Training, Cycle Training and UK Apprenticeships

We recently announced one of our most recent client websites launches, Kids T-shirts. Despite only being released a few weeks ago the site is already seeing a steady increase in orders and visitor traffic. The site utilises our in house, custom developed e-commerce solution, modified to suit the needs of the client and its users.

With Halloween fast approaching the range of t shirts offered by kids t-shirts has expanded to accommodate all things spooky and scary in preparation for the Halloween festivities. Some of the most prominent and bestselling items in the new collection are the new glow in the dark t shirts. They feature many a spooky design perfect for trick or treating or any planned Halloween party.

Some of the new glow in the dark range are shown below, the first being the classic Banksy’s Grim Reaper design, followed by a series of flying cartoon bats.

This is a technical post provided as advice to server administrators having issues with the HSBC payment gateway system.

HSBC have recently updated the SSL certificates on their payment gateway system. However it seems they did not provide the intermediate certificates for the certificate authority they used. This leaves the job of updating the CA bundles up to HSBC’s clients. The following advice refers to resolving the issue on a Linux server.

Step 1 – Check the problem is definitely related to an SSL Certificate mismatch

To do this, it is best to simply request the main secure-epayment API via curl. Running the following command will suffice.

curl https://www.secure-epayments.apixml.hsbc.com

If this issue is present, you will likely see a message such as the one below. If you do not see this message or one similar, the issue is likely to be unrelated and we recommend you contact HSBC’s epayments support line to resolve the issue.

 curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
 error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
 More details here: http://curl.haxx.se/docs/sslcerts.html

 curl performs SSL certificate verification by default, using a "bundle"
  of Certificate Authority (CA) public keys (CA certs). The default
  bundle is named curl-ca-bundle.crt; you can specify an alternate file
  using the --cacert option.
 If this HTTPS server uses a certificate signed by a CA represented in
  the bundle, the certificate verification probably failed due to a
  problem with the certificate (it might be expired, or the name might
  not match the domain name in the URL).
 If you'd like to turn off curl's verification of the certificate, use
  the -k (or --insecure) option.

Step 2 – Update the CA bundle on your server

Obviously it is possible to remove the verification of the SSL certificate, but this is heavily not recommended due to potential negative security implications. To update the CA bundle file from the curl website, use the following commands. Note that may have to adjust to certs path mentioned to conform to the distribution and configuration of your operating system. Also, it is recommend to back up any existing ca-bundle file and any related configuration.

 cd /etc/pki/tls/certs/
 wget http://curl.haxx.se/ca/cacert.pem
 mv cacert.pem ca-bundle.crt

The file available from the CURL site shown above is generated weekly from the latest Mozilla certs, so should be reasonably up to date with all existing certificate authorities.

Step 3 – Test the CA bundle update has resolved the issue

This is merely a case of rerunning the curl command from step 1 mentioned previously. If the update has been successful you should now see the following response from HSBC (or similar) indicating a secure connection has been established.

 <?xml version="1.0" encoding="UTF-8"?>
 <EngineDocList>
  <EngineDoc>
   <MessageList>
    <MaxSev DataType="S32">6</MaxSev>
    <Message>
     <AdvisedAction DataType="S32">16</AdvisedAction>
     <Audience DataType="String">Merchant</Audience>
     <Component DataType="String">CcxXmlInput.A</Component>
     <ContextId DataType="String">CcxXmlInput</ContextId>
     <DataState DataType="S32">1</DataState>
     <FileLine DataType="S32">793</FileLine>
     <FileName DataType="String">CcxXmlInstance.cpp</FileName>
     <FileTime DataType="String">13:30:24Jul 14 2009</FileTime>
     <ResourceId DataType="S32">8</ResourceId>
     <Sev DataType="S32">6</Sev>
     <Text DataType="String">The HTTP method received is not valid.  Only POST is accepted.</Text>
    </Message>
   </MessageList>
  </EngineDoc>
 </EngineDocList>

Step 4 – Restart any dependant services

This step may or may not be required depending on your software and/or configuration. You may need to restart any services which are dependent on the updated CA bundle.

For example, the following commands are commonly used to restart the Apache 2 webserver.

/etc/init.d/apache2 restart

/etc/init.d/apache restart

/etc/init.d/httpd restart

I hope this article aids any server administrators currently experiencing issues due to the recent HSBC epayments SSL certificate update.

Feel free to discuss this issue further in the comments section below.

Google have paid special attention today to users of Google Chrome who have difficulties keeping up with their web browser’s general speed. To aid in this they have released a finger exercise program dubbed the ‘Chromercise’ routine. They have released a instructional video to demonstrate the required exercise structure and all relevant safety precautions requires to perform Chromercise exercises prior to the user of the Chrome web browser.

Although we are not offering dedicated Chromercise instruction here at Rapid Web, we are beginning to enforce these as part of our regular health and safety routine. If you would like further advice on these procedures, please see the relevant Chromercise documentation.

It’s April Fools’ day today. It has come around quickly and I remember writing last year’s April Fools’ post regarding the crazy things large web companies has done.

In other completely unrelated news, Google have released a new motion control system, akin to the Wii’s controllers, Xbox connect and the PlayStation Move system. It is called ‘Google Motion’ and as per the majority of new Google products, it is currently considered beta. Take a look at the awesome video demonstrating Google Motion beta and its advanced universal gesture recognition system below.

Looks very impressive. We’ve already started making use of the new system for our internal development meetings. It both increases productivity and also gives us all a decent workout.

If you have any awesome April Fools’ jokes you’ve played this year on your website or in your workplace, feel free to put them in the comments. I’d be interested to hear what pranks have been played!

In terms of today’s customer service, as always, feel free to contact us. If you’d like to get yourself in on the April Fools’ day jokes and give your website an unexpected face-lift, feel free to give us a call.