问题描述:

I've been receiving notifications from PayPal that I need to update my integration to use SHA256 certificates.

I use PayPal's Encrypted Website Payments, with the EWP Services Kit (which they no longer seem to offer for download). I encrypt the payment buttons myself, in PHP, rather than using PayPal's button creation facility. PayPal's documentation for this still specifies 1024-bit keys:

https://developer.paypal.com/docs/classic/paypal-payments-standard/integration-guide/encryptedwebpayments/#id08A3I0P0B30

Note the openssl commands in the above link:

openssl genrsa -out ps-prvkey.pem 1024

openssl req -new -key ps-prvkey.pem -x509 -days 365 -out ps-pubcert.pem

On the microsite describing the certificate change, it says this:

https://ppmts.custhelp.com/app/answers/detail/a_id/1236

Q. How do I know if my integration is affected?

We are making changes to the Sandbox environments prior to any Live changes, so you can verify your integration against the Sandbox. If you see these or similar error messages in the Sandbox environment, you will need to update your integration before we make changes to our Live environment (per the timeline above).

  • “Unable to find valid certification path to requested target”
  • “SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled”
  • “alert handshake failure”
  • “Problem with the SSL CA cert (path? access rights?)”


I tested my integration against the sandbox, and it went through fine - no error messages. So I'm wondering if that truly means EWP sites don't have to update their certificates or (more likely), PayPal has neglected to document this.

QUESTION: Do I have to update my certificates? If so, I need the following information:

(1) What is the updated version of the openssl commands? Do I just replace 1024 with 2048?

(2) Do I need an updated version of the PayPal certificates (live and sandbox)? If so, where do I get them?

(3) When will the change be made for EWP integrations (the date)?

I've been all over the PayPal site, and I can't find this information anywhere.

网友答案:

It sounds like you are using PayPal Website Payments Standard, regardless of whether you encrypt the buttons or not. PayPal Website Payments Standard is unaffected by the SSL Upgrade by PayPal so no action is necessary on your part. More info here: https://devblog.paypal.com/paypal-ssl-certificate-changes/

相关阅读:
Top