Skip to content

    NetaxeptChange log

    TLS Info

    Live

      Update

      Nets analysis shows that some merchants are still using weak TLS1.2 ciphers (like ECDHE-RSA-AES128-SHA256) when connecting to production endpoints. Those ciphers will soon be disabled in the Customer Test environment and will eventually be disabled in production.

      However, to give the affected merchants more time to upgrade to TLS1.3 we have enabled a second endpoint which uses the EC certificate and supports TLS1.2 ECDSA ciphers (Windows 2012 R2 channel library supports those as well).

      • ECDHE-ECDSA-AES128-GCM-SHA256
      • ECDHE-ECDSA-AES256-GCM-SHA384

      A similar endpoint will be created for the production environment soon. Still, the EC certificate will be renewed often. For that reason, merchants using certificate pinning (except the exact certificate) should not use this endpoint.

      TLS Changes

      Live

        Nets is continuously trying to improve the customer experience while at the same time maintaining an adequate level of security.

        It has been some time since any TLS version lower than 1.2 was disabled. At the same time, weaker but not blacklisted TLS 1.2 ciphers, like ECDHE-RSA-AES256-SHA384, have been supported due to the fact that the supported operation systems have remained dependent.

        However, Microsoft has announced an end-of-support for Windows 2012 and Windows 2012 R2. You can find out more about this here. This removes the need of supporting weaker ciphers. The change will be set into motion after October 10th, 2023.

        In order to follow these changes, Nets has prepared a plan for disabling the weaker ciphers and at the same time enabling support for the new TLS 1.3 protocol version.

        The change will happen gradually, starting from August 2023. The first changes will be made in the Customer TEST environment, and then the same changes will follow in PROD.

        Due to these changes, while using Netaxept APIs (WebService or REST), you should make sure that at least one of the following TLS 1.2 ciphers is enabled:

        • ECDHE-RSA-AES128-GCM-SHA256
        • ECDHE-RSA-AES256-GCM-SHA384

        If you don't manage to enable at least one of these ciphers, it will result in a complete transaction traffic stop.

        If you only register and process transactions via the Netaxept Admin Portal (Callcenter and LinkPayment pages), you also need to make sure that your web browser is regularly updated. If you are using older OSs, then you will have to use a web browser that is still supported by the OS you are using.

        There will be a very limited number of cardholders using the Internet Explorer browser on Windows 8.1 (or earlier) affected by the changes. To use Netaxept, you will have to use a different web browser or upgrade your Windows version.

        This is the summary of how Nets will support these transitions:

        • At the beginning of August, we will enable TLS 1.3 (with 2 ciphers: TLS_AES_256_GCM_SHA384 and TLS_AES_128_GCM_SHA256) and disable the TLS 1.2 weak ciphers in the customer-test environment.
        • During the month of September, we will enable TLS 1.3 (with 2 ciphers: TLS_AES_256_GCM_SHA384 and TLS_AES_128_GCM_SHA256) and disable weak TLS 1.2 ciphers that do not support the Forward Secrecy in PROD.
        • In October, we will disable the rest of the weak TLS 1.2 ciphers in PROD.

        Netaxept SSL Certificate Renewal

        Live

          In this release we inform you that the SSL Certificate will be renewed for Netaxept on the 15th of August 2023.

          Please note that this affects webshops and/or call centre merchants that have made technical API implementations towards Netaxept, and use certificate pinning as an additional security feature towards Netaxept. Therefore, if the necessary changes are not made, the payment traffic in your webshop and/or call centre service will stop. Please forward this notification to the integrator/party responsible for your technical API integration.

          Who does this not apply to?

          You are not affected by this certificate update if:

          • you are a call centre merchant using only Netaxept Admin user interface for making payments
          • you are using only Netaxept Admin user interface for making Link payments
          • you don't have certificate pinning in your Netaxept API integration

          If any of the statements above apply to you, no changes are required.

          Who does this apply to?

          If you are using certificate pinning towards Netaxept, please find below the relevant information:

          1. The new certificate thumbprint: b3563b466a17262fef73992279c5209a6ec23c75
          2. The new serial number: 063775dc415bc68f844b37524b7cc0f5
          3. In the following link you will find the new certificate + certificate chain (Intermediate and Root certificate) that belongs to this certificate: Download certificates
          4. If your web solution has local copies of the Netaxept certificates, please include the certificates included in this page as well in your local certificate store.
          5. To make sure that the payment traffic is not stopped during the exchange of certificates from the Netaxept side, it is recommended that you pin the current and the future certificates at the same time.
          6. The Netaxept test environment has a different SSL certificate, so you are not able to verify this in test beforehand.

          Further information

          Date of the change: 15 August 2023

          Time of the change: 17:00 CEST

          Deadline for the update: Any time before the 15th of August 2023, 17:00 CEST.

          Downtime: There is no expected downtime of the service because of these changes.

          We apologize for any inconvenience caused by this SSL certificate renewal.

          Contact

          In case you have any questions, please reach out to our integration specialists or eCom Support.

          Changes to Netaxept production environment as part of a migration to Azure Cloud

          Live
          • #announcement
          • #Netaxept

          To increase reliability, flexibility, and security on our platform, Netaxept application will be migrated from Nets On-premise to Microsoft Azure Cloud environment.

          This activity will be performed with a service break in the production Netaxept payment service. During the service break payment processing will not be possible through Netaxept production along with any action in Netaxept Admin.

          The service break will affect all eCommerce merchants and partners accepting payments in their web shops, mobile apps and/or call centre services via Netaxept.

          Please read below for more information regarding required changes in your integration before migration from you as a Merchant.

          What do you need to do?

          Production environment (required changes):

          1. If you have a direct connection to Netaxept you need to stop using this by removing any references to IP: 91.102.25.117 on your servers or hosting environment that is communicating with Netaxept.
          2. If you are using the Netaxept call-back service and have Netaxept IP: 91.102.25.117 whitelisted on your servers or hosting environment, you need to also whitelist the following Netaxept Azure IPs: 20.73.84.128/28
          3. If you whitelisted Netaxept static IPs (185.11.124.27, 192.230.64.27, 192.230.65.27, and 45.60.74.57) on your firewall to connect to Netaxept, then you need to also add this static IP: 137.117.170.23.
          4. The domains https://epayment.auriganet.eu/ and https://mpi.epayment.nets.eu will be decommissioned. If you are using any of the above domains in the integration, then you need to change it to https://epayment.nets.eu/.
          5. If you are using IP: 91.102.24.101 to connect to Netaxept endpoint, then you need to stop using direct access to this IP and instead use any of the Netaxept domain URL’s (https://epayment.nets.eu/, https://epayment.bbs.no/). This IP (91.102.24.101) will not be functioning once Netaxept will be migrated to Azure.

          Date & Time of change:

          Date of Change: 12-09-2022

          Time of Change: 01:00 – 06:00 CEST (During this period Netaxept production environment will not be available)

          When you need to make changes: Any time before the above-mentioned date/time.

          Additional information:

          What is Direct Connection: You are bypassing Netaxept’s DDoS protection service provider Imperva. Normally with an entry in your host file stating that IP 91.102.25.117 points to the Netaxept domain (epayment.nets.eu or epayment.bbs.no)

          What is Callback service: Netaxept offers a callback service that will notify the merchant’s system automatically when the status of the transaction changes. The Merchant enables the service and defines the Callback URL in the Admin Portal settings.

          Should you have any questions in this regard, please contact customer support.