Paypal SHA-256 Upgrade

3 posts / 0 new
Last post
#1 Fri, 09/18/2015 - 08:56
amityweb

Paypal SHA-256 Upgrade

Hi

I am a bit confused by what is needed for the pending Paypal SHA-256 upgrade coming end of this month. See https://www.paypal-knowledge.com/infocenter/index?page=content&id=FAQ176....

What I am confused about is do we need to upgrade our software (e.g. eCommerce websites) or do we need to upgrade the server.

If its the server, then I wondered iof anyone knows how we test to see if we comply or not, because we often update all our servers, and some time ago I changes some SSL settings to be PCI compliant. So I would like to test to see if we already comply with this.

If its a software issue, I need to contact the developers of all the software we use (e.g. Zencart, Joomla, Expression Engine, Craft, Cartthrob, BrilliantRetail, Wordpress, WooCommerce, and more!).

Thanks

Fri, 09/18/2015 - 09:17
andreychek

Howdy,

What they're suggesting is to make sure that you're SSL certificate is generated using SHA-256. That's the default for all SSL certificates in Virtualmin now.

You can run a command like this to test which algorithm you're using:

openssl s_client -connect domain.tld:443 < /dev/null 2>/dev/null | openssl x509 -text -in /dev/stdin | grep "Signature Algorithm"

Mon, 09/21/2015 - 03:43
amityweb

Ah OK. Thanks for that, will test all sites now.

Topic locked