Showing results for 
Search instead for 
Did you mean: 

Do I understand the Paypal SSL changes correctly? Few questions below.

Do I understand the Paypal SSL changes correctly? Few questions below.


 Back last week when Paypal threw the switch on their SSL changes my paypal payment advanced on magento stopped communicating (somewhat) with paypal.  Only the non-secure POST order IPN process is saving me at the moment.  I had to hack the code to prevent customers from seeing the "credit card declined" message.  Orders seem to be going to paypal just fine and they get billed.  However magento never seems to hear back from paypal and the order sits as pending payment (even though the customer was charged).  Then a few seconds later the non secure IPN from paypal comes in and magento thankfully finishes up the order.


So My SSL cert is from GoDaddy and they call it a


Go Daddy Secure Certificate Authority - G2 (GoDaddy SHA-2)


Checking the website I get


KeyRSA 2048 bits (e 65537)
Weak key (Debian)No
IssuerGo Daddy Secure Certificate Authority - G2
Signature algorithmSHA256withRSA


I think this is the crux of the problem:


Paypal is rejecting this connection regardless of the SHA-2 because its listed as a G2 certificate.  I'm about to go out and buy new SSL certs (G5) from someone else at this point. Can someone jump in if I'm misunderstanding something here.


Or is this an issue where the apache server doesn't have a G5 verisign root certificate installed.  *confused*  and that's all that is needed regardless of my G2 SSL cert from godaddy.


Godaddy is being obtuse on the issue right now and I can't seem to find the core issue here.  Is anyone using GoDaddy's G2 certificates and communicating with Paypal through magento's Payment Advanced system without issue?





Tags (2)

Re: Do I understand the Paypal SSL changes correctly? Few questions below.

Hi, I was on chat with Godaddy a few minutes ago and they said that if you're ssl is updated to 256(which yours is based on the info you provided), there won't be any problems.  They didn't have any knowledge or insight on paypals specific update but said that the G2 in the CA name isn't related to the Verisign G5 update paypal is requesting.  So I hope that info is helpful and correct.  I'll find out tomorrow