IMPORTANT: Action Required by all DAP users using Paypal before June 17, 2016
PayPal recently sent out their 2016-2017 Security Roadmap. If you use Paypal to process payment, it’s critical that you review the list below and work with your webhosting provider to ensure your servers support the new standards.
According to the dates released by Paypal, the only upgrade due in 2016 is “SSL certificate upgrade”. It’s due on June 17, 2016. You need to take action before June 17, 2016 to make sure you are not impacted by this update.
Per Paypal Info Center:
“PayPal is in the process of upgrading the SSL certificates used to secure our web sites and API endpoints. These new certificates will be signed using the SHA-256 algorithm and VeriSign’s 2048-bit G5 Root Certificate. You will need to ensure that your environment supports the use of the SHA-256 signing algorithm and discontinue the use of SSL connections that rely on the VeriSign G2 Root Certificate.”
Impact of Paypal’s Changes
IMPORTANT: There are no DAP updates required for this Paypal change. But this change can affect your server’s communication with Paypal and thus impact DAP.
What You Need To Do
If you use Paypal to process payments, and use SSL/https on your site, then please work with your webhosting provider on the following:
1. Check for compatibility with the new SHA-256 certificate technology.
If your webhost does not support SHA-256 currently, then they need to upgrade your servers to support the SHA-256 signing algorithm.
If you want to check if you server is SHA-256 complaint, you can visit this website. Enter your domain name there and look for Signature Algorithm. It should say “sha256WithRSAEncryption”. If yes, you should be all set. If not, your webhost needs to upgrade your severs to support SHA-256 signing algorithm.
In any case, please do confirm this with your Webhosting provider.
2. Check with your webhost to make sure that they do NOT use SSL connections that relies on the VeriSign G2 Root Certificate.
If your webhost completes these checks/updates, you should be all set. Your site won’t be impacted by this upcoming Paypal upgrade.
Again, no DAP updates are required to handle this new Paypal upgrade.
Please work with your webhosting provider directly to prepare for this upcoming Paypal upgrade.