PayPal has begun to warn merchants that PayPal is changing their secure connection settings in stages during 2015. They are changing from Verisign G2 certificates to G5, and from the SHA-1 to the SHA-256 encryption algorithm.
Some key phrases and sentences from the PayPal information about this change--
In OpenCart, I changed both the PayPal Standard and PayPal Express payment methods to use PayPal's sandbox mode (the sandbox does not transfer any money, but does test the interaction between merchants and their customers, and PayPal). Neither OpenCart 2's PayPal Standard nor PayPal Express payment methods now work using the PayPal test-area sandbox, which has already been updated (in February) to use the new G5 certificates and SHA-256 algorithm, according to PayPal.In accordance with industry standards, PayPal will no longer accept secure connections to the API/IPN endpoints that are expecting our certificate/trust chain to be signed by the VeriSign G2 Root Certificate. Only secure connection requests that are expecting our certificate/trust chain to be signed by the G5 Root Certificate will result in successful secure connections.
We advise merchants and programmers to:Question-- How do I know if my integration is affected?
- Discontinue use of the VeriSign G2 Root Certificate
- Update your integration to support certificates using the SHA-256 algorithm
- To avoid service interruption, your clients must support SHA-256 by mid-2015.
Answer-- We are making changes to the Sandbox environments prior to any Live changes, so you can verify your integration against the Sandbox for any required testing. If you see these or similar error messages in the Sandbox environment, you will need to update your integration before we make changes to our Live environment (per the timeline above).
- “Unable to find valid certification path to requested target”
- “SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled”
- “alert handshake failure”
- “Problem with the SSL CA cert (path? access rights?)”
Are the OpenCart PayPal payment methods being worked on by the developers to accommodate these annoying changes by PayPal. PayPal is warning merchants that they may not be able to process payments as early as the end of this month (March, 2015) or possibly as late as September of this year.
---