I'm receiving warning emails from PayPal that they are making root certificate changes for SSL connections for Instant Payment Notifications (IPN).
They are making a number of changes including changing from Verisign G2 (1024-bit) to G5 (2048-bit) certificates and changing from an SHA-1 to SHA-256 hashes.
I'm not sure what actions are necessary by me to remain compatible with PayPal integration.
-
do I need to contact my hosting provider to explore what changes might be needed in my environment, including possible PHP versions and trusted certificate stores?
-
since it appears that PayPal integration for Magento is 'built-in' (not an extension) will there be necessary patches to remain compatible with PayPal?
Thanks!
Best Answer
There seem to be quite a some confusion as a result of the email by PayPal.
What they basically means is that PayPal IPN will only work with websites with SSL Certificates that are using 2048-bit and also SHA-256.
2048-bit should now be standardized for all SSL Certificates so it shouldn't be a problem.
SHA-256 is something that you need to take note of as your SSL Certificate may still be running the older SHA-1 cryptographic hash algorithm.
You can check if your SSL Certificate is using SHA-1 or SHA-256 at this website: https://shaaaaaaaaaaaaa.com/
If you are still using SHA-1, you will need to contact your SSL Certificate issuer (not your hosting provider) to reissue the SSL Certificate into SHA-256 and install it in your server to replace the SHA-1 SSL Certificate.