Jump to content
MDDHosting Forums

PayPal and SSL technical changes


Recommended Posts

(Cross posted from the Web Hosting forum, where it got no response.)


PayPal sent me an email headlined "ACTION MAY BE REQUIRED: Important merchant integration upgrade information." It warns me "Because these changes are technical in nature, we advise that you consult with your partner, website vendor, or individuals responsible for your PayPal integration. They will be able to identify what, if any, changes are needed. If you do not have a technology team, we recommend you find one."


I buy my SSL cert through MDD. I'm not technical enough to understand anything more than the fact that the tech requirements for SSL certs are changing. Specifically:




What security upgrades should I make to my integration in 2015-2016?

Global security threats are constantly changing, and the security of our merchants continues to be our highest priority. To guard against current and future threats, we are encouraging our merchants to make the following upgrades to their integrations:

  1. Discontinue use of the VeriSign G2 Root Certificate. In accordance with industry standards, PayPal will no longer accept secure connections that are signed by the VeriSign G2 Root Certificate. Only secure connection requests that are expecting our certificate/trust chain to be signed by the G5 Root Certificate will result in successful secure connections.
  2. Update your integration to support certificates using the SHA-256 algorithm. PayPal is upgrading SSL certificates on all Live and Sandbox endpoints from SHA-1 to the stronger and more robust SHA-256 algorithm.

For detailed information on these changes, please reference the Merchant Security System Upgrade Guide. For a basic introduction to internet security, we also recommend these short videos on



My browser's certificate viewer gives me just enough info to be concerned -- I see "PKCS #1 SHA-1 With RSA Encryption"


So for starters my questions are: (1) Is this a server-level thing or does it affect my private SSL cert? and (2) do I need to replace my cert before it expires in November?

Link to comment
Share on other sites

As long as you replace the certificate before December of 2015 you will not have any issues:

All of our auto install certificates are by default SHA-2 at this time. If you are doing the certificate manually make sure to choose the appropriate options. If you desire a answer specific to your account, please open a ticket.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...