OK, I accept

This site uses cookies. By using this site, you acknowledge and accept this.

Your basket is empty
Login not logged in

Full Knowledgebase Listing

Paypal IPN sha-256 root cert update for 30 Sep 2015

[#61] Last update 12 Sep 2015

If your site uses Paypal, you will almost certainly by now have received a notification from them regarding an important update that will take place on 30th September 2015. The subject line of the most recent email includes IMMEDIATE ATTENTION REQUIRED, indicating how important it is.

We won't go into the technical details of why these changes are being made, Paypal have explained that in detail here: Paypal Developer Blog. Instead we'll focus on what checks and potentially updates you need to do.

The first thing to make clear is that this is not a Kartris issue; no changes whatever are needed in Kartris or could be made to Kartris to address this Paypal update. The SSL certificate support is provided by Windows and the web server, and so would be the same regardless of which package you use on your web site.

Secondly, if you are hosted on one of our servers, then your server is fine. We have confirmed that all our servers have the newer G5 root certificate.

If your site is hosted on a shared server, then you should contact your web host to confirm that it has the newer root certificate.

If you run your own server, you will need to check that it has the new Verisign root certificate. To do this, go to the start search box and type 'mmc.exe', then run the program/command that should be found.

Go to 'File > Add or Remove Snap-ins' and choose 'Certificates'. Choose 'Computer account' and 'Local computer', then 'Finish'. Then 'OK'. Expand the 'Certificates' folder and navigate to the 'Trusted Root Certification Authorities' and then 'Certificates'. You will see a list of root certificates. Within this, you should see the Verisign G5 certificate, as below:

G5 Verisign root cert

If you don't have this, you need to download and install it to your server. The certificate itself is here: VeriSign Class 3 Public Primary Certification Authority - G5 root certificate

To install this certificate, follow the instructions here for Adding certificates to the Trusted Root Certification Authorities store for a local computer

One quick way to test if your site will work is to use the Paypal sandbox. This is already running the new G5 certificate. So you can change your Paypal settings within Kartris to 'test' mode, and the process URL to https://www.sandbox.paypal.com/cgi-bin/webscr, then run a test. If all works fine, then your server has the new G5 certificate and will work fine with the live Paypal payment page when that is upgraded at the end of September. Don't forget to set your site back to the live Paypal processing URL afterwards.

Powered by kartris