cancel
Showing results for 
Search instead for 
Did you mean: 

2015-2016 SSL Certificate Change

SOLVED

2015-2016 SSL Certificate Change

I received an email from paypal, telling me about a change to their SSL certificates and what type of encryption they're going to be using.

 

It sends me to this site: https://ppmts.custhelp.com/app/answers/detail/a_id/1236

 

Which suggests reviewing/updating all my integrations as required.

Is there anything I actually have to do with this?

 

I'm on Magento 1.9.1.0 (plus the 5344 & 5994 patches).

1 ACCEPTED SOLUTION

Accepted Solutions

Re: 2015-2016 SSL Certificate Change

PayPal statement is quite confusing so to simplify it for you, what they mean is they are discontinuing support for the older SSL Certificates (like everyone else is doing, starting with Google).

 

You need to confirm if the SSL Certificate installed in your server is based on SHA-256 (also known as SHA-2) instead of the older and insecure SHA-1. Check with your hosting provider and SSL vendor if you are unsure. 

 

If you are still using the SHA-1 SSL Certificate, most SSL vendors will allow you to reissue the SSL Certificate to SHA-2 without any extra charge. 

 

In short, this is mainly a server related change and has nothing to do with your application (Magento). 

View solution in original post

3 REPLIES 3

Re: 2015-2016 SSL Certificate Change

PayPal statement is quite confusing so to simplify it for you, what they mean is they are discontinuing support for the older SSL Certificates (like everyone else is doing, starting with Google).

 

You need to confirm if the SSL Certificate installed in your server is based on SHA-256 (also known as SHA-2) instead of the older and insecure SHA-1. Check with your hosting provider and SSL vendor if you are unsure. 

 

If you are still using the SHA-1 SSL Certificate, most SSL vendors will allow you to reissue the SSL Certificate to SHA-2 without any extra charge. 

 

In short, this is mainly a server related change and has nothing to do with your application (Magento). 

Re: 2015-2016 SSL Certificate Change

Thank you. That was my interpretation, and I needed someone to confirm. And I wanted to make sure I didn't miss any sort of gotcha in the fine print.

 

My fear was that there might be some sort of magento patch or update that would be required.

Re: 2015-2016 SSL Certificate Change

You're welcome! 

 

No, there shouldn't be any patch or update required as PayPal's policy covers not just Magento but other shopping carts as well.