PayPal SSL Certificate Change
This document applies to those seeking information regarding an upcoming change in the PayPal SSL Certificate as outlined here: https://devblog.paypal.com/paypal-ssl-certificate-changes/
The redCOMPONENT PayPal payment plugins do not require any updates to work with this new certificate.
Important InformationIf you are using the standard PayPal payments plugin, you do not need to make any changes.
If you are using the PayPal Pro Payment Plugin (where the payments are processed within your site without redirecting to PayPal) you may need to make changes at your hosting level. If you find that there are issues please check the outlined steps provided by PayPal, pasted below:
- Save the VeriSign G5 Root Trust Anchor in your keystore.
- Upgrade your environment to support the SHA-256 signing algorithm.
- Perform end-to-end testing of the integration against the Sandbox / Payflow Pilot environment (including Instant Payment Notifications (IPN), Payment Data Transfer (PDT), and Silent Posts).
The first two steps relate to your hosting environment, and as such your hosting provider should be able to help you or point you in the right direction for support.
For performing tests, follow these steps as outlined by PayPal in the document:
Testing Your SSL Certificate Upgrade
Any tests that are currently run against PayPal Sandbox endpoints will require a VeriSign G5 root certificate, so you can test your upgrades by making requests against the Sandbox environment by using the following steps:
- Swap out the live API credentials / API endpoints on the merchant application with the Sandbox credentials / API endpoints.
- If you receive a handshake error (e.g. “No trusted certificate found”), check the merchant keystone to see if the PayPal VeriSign G5 root certification is present.
- If not, download the VeriSign Class 3 Public Primary Certification Authority – G5 root certificate, or download the endpoint-specific SSL certificates, and put these certificates in their keystore.