IMPORTANT: Action Required by all DAP users using Paypal
PayPal is upgrading the certificate for www.paypal.com to SHA-256. This upgrade is scheduled for 9/30/2015.
Here’s a quote from Paypal’s recent, official bulletin…
PayPal service upgrades
As we have previously communicated to you, PayPal is upgrading the certificate for www.paypal.com to SHA-256. This endpoint is also used by merchants using the Instant Payment Notification (IPN) product.
This upgrade is scheduled for 9/30/2015; however, we may need to change this date on short notice to you to align to the industry security standard.
You’re receiving this notification because you’ve been identified as a merchant who has used IPN endpoints within the past year. If you have not made the necessary changes, we urge you to do so right away to avoid a disruption of your service!
Impact of Paypal’s Changes
IMPORTANT: There are no DAP updates required for this Paypal change. But this change can affect your server’s communication with Paypal and thus impact DAP.
What You Need To Do
If you use Paypal to process payments, and use SSL/https on your site, then please talk to your Webhosting support and send them this checklist:
1. Check for compatibility with the new SHA-256 certificate technology.
If your webhost does not support SHA-256 currently, then make sure they upgrade your servers to support the SHA-256 signing algorithm as soon as possible.
If you want to check if you server is SHA-256 complaint, you can visit this website. Enter your domain name there and look for Signature Algorithm. It should say “sha256WithRSAEncryption”. If yes, you are set. If not, your webhost needs to upgrade your severs to support SHA-256 signing algorithm.
2. Your webhost needs to save the VeriSign G5 Root Trust Anchor in your SSL Keystore as well (if it’s not already there).
If your webhost completes these updates, you should be all set. Your site won’t be impacted by this Paypal upgrade.
You can also test your site using Paypal Sandbox (as Paypal has already upgraded their sandbox account) and see if everything works.
Again, no DAP updates are required to handle this new Paypal upgrade.
Please work with your webhost directly (send them the checklist) to prepare for this upcoming Paypal upgrade.
Hope this helps!
Veena Prashanth & Ravi Jayagopal