How To Verify That Your Server Meets PayPal SSL Requirements

Posted on by dpepper
Reading Time: < 1 minute

As part of an industry-wide effort to adopt strict security standards, PayPal is upgrading the SSL certificates it uses to secure its sites and API endpoints. By June 17, 2016, SSL certificates will need to be signed using the SHA-256 algorithm and VeriSign’s 2048-bit G5 Root Certificate.

At that time, PayPal’s service will discontinue the use of SSL connections that rely on the VeriSign G2 Root Certificate.

You can easily determine whether your server supports this new standard by logging into your server via SSH and running a single command:

openssl s_client -connect api-3t.sandbox.paypal.com:443 -showcerts | egrep -wi "G5|return"

If your server complies with the requirements, you will see a result similar to the following:

i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. – For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority – G5
Verify return code: 0 (ok)

In that output, you will want to note the presence of two specific items:

  • A Certification Authority containing “G5”. Note that you may see several CA lines in your output; as long as G5 is included, your server is compliant.
  • A Verify return code of “0 (ok)”.

If both are present, your server is compliant and no further action needs to be taken.

If neither is present, then your server will need to have the G5 certificate bundle installed. All Managed customers may feel free to contact Heroic Support® to have it installed.

NOTE: CentOS 5 (and earlier) is not capable of supporting the new standard. If your server runs CentOS 5 (or earlier), it will need to be upgraded. A member of Heroic Support® will be able to assist.

 

Avatar for dpepper

About the Author: dpepper

Latest Articles

What is LiteSpeed Web Server?

Read Article

Useful Features in cPanel for Your Sites

Read Article

How to Clone a Drupal Site to Another Domain

Read Article

Accessing Man Pages on Ubuntu 16.04 LTS

Read Article

What is VMware Fusion?

Read Article