I have received email from PayPal regarding a Update to the SHA-256 signing algorithm. This has something to do with Instant Payment Notification (IPN). We are using PayPal advanced gateway however I not sure if I need to address this issues. Can anyone advise?
Thanks,
You can always email Paypal support themselves to clarify your situation and I would recommend that, we looked at this a little while ago and they were quick to respond.
As far as we could tell for our setup using IPN 2 things need to be true:
Your server certificate keystore must have something other than Verisign G2 in it, G5 is what they request.
Your server must be set to accept SHA 256.
This doesn't mean your SSL certificate needs upgrading immediately if it is currently SHA1 (although it will soon anyway as Chrome will be discontinuing support for it soon), just that your server administrator needs to make sure the server software is SHA2 ready.
You shouldn't need to make code changes.
Of course that's just what we have concluded and may not be true - as I say do contact paypal direct to confirm for your installation.
As far as we could tell for our setup using IPN 2 things need to be true:
Your server certificate keystore must have something other than Verisign G2 in it, G5 is what they request.
Your server must be set to accept SHA 256.
This doesn't mean your SSL certificate needs upgrading immediately if it is currently SHA1 (although it will soon anyway as Chrome will be discontinuing support for it soon), just that your server administrator needs to make sure the server software is SHA2 ready.
You shouldn't need to make code changes.
Of course that's just what we have concluded and may not be true - as I say do contact paypal direct to confirm for your installation.
Who is online
Users browsing this forum: Bing [Bot] and 3 guests
