Magento Forums
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

2015-2016 SSL Certificate Change

SOLVED
Go to solution
‎06-04-2015 01:10 PM
‎06-04-2015 01:10 PM

2015-2016 SSL Certificate Change

I received an email from paypal, telling me about a change to their SSL certificates and what type of encryption they're going to be using.

 

It sends me to this site: https://ppmts.custhelp.com/app/answers/detail/a_id/1236

 

Which suggests reviewing/updating all my integrations as required.

Is there anything I actually have to do with this?

 

I'm on Magento 1.9.1.0 (plus the 5344 & 5994 patches).

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
‎06-10-2015 03:53 AM
‎06-10-2015 03:53 AM

Re: 2015-2016 SSL Certificate Change

PayPal statement is quite confusing so to simplify it for you, what they mean is they are discontinuing support for the older SSL Certificates (like everyone else is doing, starting with Google).

 

You need to confirm if the SSL Certificate installed in your server is based on SHA-256 (also known as SHA-2) instead of the older and insecure SHA-1. Check with your hosting provider and SSL vendor if you are unsure. 

 

If you are still using the SHA-1 SSL Certificate, most SSL vendors will allow you to reissue the SSL Certificate to SHA-2 without any extra charge. 

 

In short, this is mainly a server related change and has nothing to do with your application (Magento). 

James Lee | Moderator • Magento Master
Magento Hosting Recommended by Magento Master

View solution in original post

0 Kudos
3 REPLIES 3
‎06-10-2015 03:53 AM
‎06-10-2015 03:53 AM

Re: 2015-2016 SSL Certificate Change

PayPal statement is quite confusing so to simplify it for you, what they mean is they are discontinuing support for the older SSL Certificates (like everyone else is doing, starting with Google).

 

You need to confirm if the SSL Certificate installed in your server is based on SHA-256 (also known as SHA-2) instead of the older and insecure SHA-1. Check with your hosting provider and SSL vendor if you are unsure. 

 

If you are still using the SHA-1 SSL Certificate, most SSL vendors will allow you to reissue the SSL Certificate to SHA-2 without any extra charge. 

 

In short, this is mainly a server related change and has nothing to do with your application (Magento). 

James Lee | Moderator • Magento Master
Magento Hosting Recommended by Magento Master
0 Kudos
‎06-10-2015 06:18 AM
‎06-10-2015 06:18 AM

Re: 2015-2016 SSL Certificate Change

Thank you. That was my interpretation, and I needed someone to confirm. And I wanted to make sure I didn't miss any sort of gotcha in the fine print.

 

My fear was that there might be some sort of magento patch or update that would be required.

0 Kudos
‎06-10-2015 08:39 AM
‎06-10-2015 08:39 AM

Re: 2015-2016 SSL Certificate Change

You're welcome! 

 

No, there shouldn't be any patch or update required as PayPal's policy covers not just Magento but other shopping carts as well. 

James Lee | Moderator • Magento Master
Magento Hosting Recommended by Magento Master
0 Kudos