Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

PayPal Changes for SHA-256 Certificates

Tags:

php

ssl

paypal

I've been getting emails from PayPal about the changes they're making about supporting SHA-256 certificates and warning me that I may have to update things on my website.

I use PayPal's IPN service, which I originally set up on my website (all custom PHP code that I wrote, no pre-built shopping carts) and that has been running quite happily since 2008.

My hosting is shared hosting as it's not a very large or busy website. The hosting platform us running PHP 5.2.17, Apache 2.2.3 (CentOS), and OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 (I got all of this info from PHP's phpinfo() function).

Am I correct in thinking that any changes that need to be made will have to be made by my web host since I can't update any software on the server?

When I originally set everything up back in 2008 I remember downloading a certificate from PayPal and using OpenSSL on my Windows PC to create something (another certificate? I don't know) which I then uploaded to my website and use for encrypting my payment requests to PayPal. Does the SHA-256 changes that PayPal are bring in affect this? Do I need to remake the certificate or something?

I did try using the IPN Simulator (after changing the end points that my IPN handler uses) but I can't get this to work as the IPN Simulator gives me a 502 Bad Gateway error and I've got no idea what that means or what the problem might be.

like image 494
user3792628 Avatar asked Sep 13 '15 09:09

user3792628

1 Answers

Even if you website is nowhere using HTTPS, you would still need to check the cert compatibility with this upgrade.

When your IPN script recieves PayPal messages and POST them back to PayPal for verification, this server to server connection has to be secured as the IPN endpoint of PayPal is with HTTPS, that means the default keystore/truststore on your webserver should contain the SHA-2 compatible certs to establish the SSL handshake.

OpenSSL 0.9.8 by default is supporting SHA-2, but still worth checking your server compatibility by simply pointing your IPN script endpoint from www.paypal.com to www.sandbox.paypal.com (because the sandbox environment has done the SHA-2 upgrade already), and send an IPN POST message to your listener (with IPN simulator)

OR SSH to your server and run the command:

openssl s_client -connect www.sandbox.paypal.com:443 -showcerts -CApath /etc/ssl/certs/
like image 117
pp_pduan Avatar answered Sep 21 '22 21:09

pp_pduan
Sign in to Comment

Related questions

How do you set up the database Queue driver for Laravel 5?
Using artisan serve after changing the public folder name
mysql_connect(): No such file or directory in /opt/lampp/htdocs/
Making use of the base path in Laravel 5 (Lumen)
Laravel 5 ignore Authentication specific route
MySQL SUM time(3) with milliseconds
Empty space at beginning of rsyslog log file
Select multiple not working
Where should I write my code so that Composer can autoload my PHP classes?
Images Fail to Load, net::ERR_CONTENT_LENGTH_MISMATCH
Multi-dimensional array, remove array where key and value match another array
Only can load one Zingchart
Php cannot read secure cookies
Debugging Codeigniter with XDebug using PHPStorm
gd-png cannot allocate image data
How much cost/rounds does Laravel use to hash with?
How to add Custom button and its functionality in Admin Silverstripe?
How to get the most favourited items, from another table?
Laravel with SQL server 2008 throw "Conversion of a varchar data type to a datetime data type resulted in an out-of-range value"
Where to safely store database credentials within a PHP website [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!