i've been receiving notifications paypal need update integration use sha256 certificates.
i use paypal's encrypted website payments, ewp services kit (which no longer seem offer download). encrypt payment buttons myself, in php, rather using paypal's button creation facility. paypal's documentation still specifies 1024-bit keys:
note openssl commands in above link:
openssl genrsa -out ps-prvkey.pem 1024 openssl req -new -key ps-prvkey.pem -x509 -days 365 -out ps-pubcert.pem
on microsite describing certificate change, says this:
https://ppmts.custhelp.com/app/answers/detail/a_id/1236
q. how know if integration affected?
we making changes sandbox environments prior live changes, can verify integration against sandbox. if see these or similar error messages in sandbox environment, need update integration before make changes our live environment (per timeline above).
- “unable find valid certification path requested target”
- “sslexception: no available certificate or key corresponds ssl cipher suites enabled”
- “alert handshake failure”
- “problem ssl ca cert (path? access rights?)”
i tested integration against sandbox, , went through fine - no error messages. i'm wondering if means ewp sites don't have update certificates or (more likely), paypal has neglected document this.
question: have update certificates? if so, need following information:
(1) updated version of openssl commands? replace 1024 2048?
(2) need updated version of paypal certificates (live , sandbox)? if so, them?
(3) when change made ewp integrations (the date)?
i've been on paypal site, , can't find information anywhere.
it sounds using paypal website payments standard, regardless of whether encrypt buttons or not. paypal website payments standard unaffected ssl upgrade paypal no action necessary on part. more info here: https://devblog.paypal.com/paypal-ssl-certificate-changes/
