25th Anniversary Savings | 25% Off Dedicated Servers*Shop Now
25th Anniversary Savings | 25% Off VPS Hosting* †††Shop Now
Limited Inventory: High-Performance AMD-Powered Servers Now Available.* Shop Now >
Dedicated Hosting Deals | From $99/moShop Now
Earn hosting credits and a chance to win an Amazon gift card when you refer friends to Liquid Web!Read our promo rules

How To Verify That Your Server Meets PayPal SSL Requirements

Posted on by dpepper
Reading Time: < 1 minute

As part of an industry-wide effort to adopt strict security standards, PayPal is upgrading the SSL certificates it uses to secure its sites and API endpoints. By June 17, 2016, SSL certificates will need to be signed using the SHA-256 algorithm and VeriSign’s 2048-bit G5 Root Certificate.

At that time, PayPal’s service will discontinue the use of SSL connections that rely on the VeriSign G2 Root Certificate.

You can easily determine whether your server supports this new standard by logging into your server via SSH and running a single command:

openssl s_client -connect api-3t.sandbox.paypal.com:443 -showcerts | egrep -wi "G5|return"

If your server complies with the requirements, you will see a result similar to the following:

i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. – For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority – G5
Verify return code: 0 (ok)

In that output, you will want to note the presence of two specific items:

  • A Certification Authority containing “G5”. Note that you may see several CA lines in your output; as long as G5 is included, your server is compliant.
  • A Verify return code of “0 (ok)”.

If both are present, your server is compliant and no further action needs to be taken.

If neither is present, then your server will need to have the G5 certificate bundle installed. All Managed customers may feel free to contact Heroic Support® to have it installed.

NOTE: CentOS 5 (and earlier) is not capable of supporting the new standard. If your server runs CentOS 5 (or earlier), it will need to be upgraded. A member of Heroic Support® will be able to assist.

 

About the Author: dpepper

Latest Articles

How to Edit the PHP Memory for Your WordPress Site via WP Toolkit

Read Article

What is CGI-Bin and What Does it Do?

Read Article

Top 10 Password Security Standards

Read Article

Top 10 Password Security Standards

Read Article

How to Use the WP Toolkit to Secure and Update WordPress

Read Article