PayPal’s SSL Upgrade Plan – How It Affects You

Posted May 27, 2015 by   in eCommerce Website, Internet Security


PayPal recently sent a notice to all of its merchants letting them know that they might have to take action. PayPal will be upgrading their own SSL certificates on their side. Throughout the rest of 2015 and into 2016, PayPal will be following a plan to replace and strengthen all of their SSL certificates across all of their sites.

PayPal explains:

This change involves upgrading Secure Sockets Layer (SSL) certificates over the course of 2015 and 2016.

Will this affect your website?

No, this change will likely not directly affect your website. If your website was built using WordPress, your site communicates with PayPal through the WP_Http class. This class is a part of the WordPress core code and is designed to support secure SSL communication between your site and PayPal. If your site was built using BigCommerce or Shopify, these are hosted cloud-based SaaS platforms, and any code changes will be made and applied globally across all of their merchant sites.

However, even though this change will not directly affect your website, it is still a great time to check your webserver for compatibility with the new SHA-256 certificate technology. If your site uses an SSL certificate, it will be required by most web services that you have a SHA-256 encrypted certificate in place by the end of 2015. If your website is currently hosted by Octavia Marketing or if you are currently on a Maintenance plan or above with Octavia Marketing, then we will take the necessary steps to ensure that your SSL certificate is upgraded by the end of 2015. If your site is being hosted elsewhere and you are not currently on a Maintenance plan, we suggest that you contact your hosting company to ask them if your server will support the new SHA-256 certificate technology. Although it is highly unlikely that your server will need to be updated, it is still a very good idea to check on this now in case your hosting provider does need to make any changes!

For the technically-interested:

PayPal’s update is occurring in 2 stages: A VeriSign G2-to-G5 Root Certificate Upgrade, and then a SHA-256 SSL certificate.

These changes have NO IMPACT on the PHP code used in WordPress. They may, however, affect underlying server technologies used on your webserver.

PayPal will discontinue use of the VeriSign G2 Root Certificate. In accordance with industry standards, PayPal will no longer accept secure connections that are signed by the VeriSign G2 Root Certificate. Only secure connection requests that are expecting our certificate/trust chain to be signed by the G5 Root Certificate will result in successful secure connections.

Update your integration/website to support certificates using the SHA-256 algorithm. PayPal is upgrading SSL certificates on all Live and Sandbox endpoints from SHA-1 to the stronger and more robust SHA-256 algorithm.

To read more information about PayPal’s planned SSL certificate upgrades, please visit the 2015-2016 SSL Certificate Change Microsite.