Kraken Posted May 27, 2015 Report Share Posted May 27, 2015 (Cross posted from the Web Hosting forum, where it got no response.) PayPal sent me an email headlined "ACTION MAY BE REQUIRED: Important merchant integration upgrade information." It warns me "Because these changes are technical in nature, we advise that you consult with your partner, website vendor, or individuals responsible for your PayPal integration. They will be able to identify what, if any, changes are needed. If you do not have a technology team, we recommend you find one." I buy my SSL cert through MDD. I'm not technical enough to understand anything more than the fact that the tech requirements for SSL certs are changing. Specifically: Quote What security upgrades should I make to my integration in 2015-2016? Global security threats are constantly changing, and the security of our merchants continues to be our highest priority. To guard against current and future threats, we are encouraging our merchants to make the following upgrades to their integrations:Discontinue use of the VeriSign G2 Root Certificate. In accordance with industry standards, PayPal will no longer accept secure connections that are signed by the VeriSign G2 Root Certificate. Only secure connection requests that are expecting our certificate/trust chain to be signed by the G5 Root Certificate will result in successful secure connections. Update your integration to support certificates using the SHA-256 algorithm. PayPal is upgrading SSL certificates on all Live and Sandbox endpoints from SHA-1 to the stronger and more robust SHA-256 algorithm.For detailed information on these changes, please reference the Merchant Security System Upgrade Guide. For a basic introduction to internet security, we also recommend these short videos on and . My browser's certificate viewer gives me just enough info to be concerned -- I see "PKCS #1 SHA-1 With RSA Encryption" So for starters my questions are: (1) Is this a server-level thing or does it affect my private SSL cert? and (2) do I need to replace my cert before it expires in November? Quote Link to comment Share on other sites More sharing options...
ericr Posted May 27, 2015 Report Share Posted May 27, 2015 As long as you replace the certificate before December of 2015 you will not have any issues:http://www.symantec.com/page.jsp?id=sha2-transitionAll of our auto install certificates are by default SHA-2 at this time. If you are doing the certificate manually make sure to choose the appropriate options. If you desire a answer specific to your account, please open a ticket. Quote Link to comment Share on other sites More sharing options...
Kraken Posted June 3, 2015 Author Report Share Posted June 3, 2015 Thanks for the simple and clear answer. I look forward to using your autoinstaller for the first time when my cert comes up for renewal in November. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.