I have received notification from PayPal that they are updating stuff. I copy is below. Will this have any impact on Quickfile’s integration? I have removed the hyperlink but if you need them I will send them. The email now follows …
As we have previously communicated to you, PayPal is upgrading the certificate for www.paypal.com to SHA-256. This endpoint is also used by merchants using the Instant Payment Notification (IPN) product.
This upgrade is scheduled for 30/9/2015; however, we may need to change this date on short notice to you to align to the industry security standard.
You’re receiving this notification because you’ve been identified as a merchant who has used IPN endpoints within the past year. If you have not made the necessary changes, we urge you to do so right away to avoid a disruption of your service!
Because these changes are technical in nature, we advise that you consult with your individuals responsible for your PayPal integration. They will be able to identify what, if any, changes are needed. Please share this email and the hyperlinks below with your technical contact for evaluation.
Testing in the Sandbox is one of the best ways to make sure your integrations work. Sandbox endpoints have been upgraded to accept secure connections by the SHA-256 Certificates.
Full technical details can be found in our Merchant Security System Upgrade Guide. In addition, our 2015-2016 SSL Certificate Change microsite contains a schedule of our service upgrade plan.
Thanks for your patience as we continue to improve our services.
This is so badly written I initially dismissed it as spam. The subject alone (IMMEDIATE ATTENTION REQUIRED: PayPal service upgrades) looked suspicious. Also when I read it on my phone it tried to download a file (which I now see is a PDF). Furthermore it appears to be written for system admins but seems to have been sent to general PayPal users.
We’ll keep an eye on this, I don’t think a change in their SSL certificate will warrant any changes our side but we’ll wait for more information to come out.
I initially thought this was a mistake on the part of PayPal as I have never used their IPN endpoint on the account they emailed me about so thought it may have gone out to everyone instead of the members of the developers group only.
I haven’t received it on all accounts though so something is fishy.
It does appear to be genuine. The change would appear to affect older operating systems like Windows Server 2003 or XP that don’t support SHA-256 certificates. We’re currently running on Server 2012.
If you are using www.paypal.com for Instant Payment Notification (IPN) and have a non SHA-256 compliant server/OS, please consider the following options to prevent an impact to your integration as soon as possible: