Jump to content

Paypal Upgrade to SHA-256

ttremain

By ttremain
in Using WHMCS

 Share

Recommended Posts

ttremain Junior Member

ttremain

Posted
Posted

I noticed this about a week ago. My Apache logs show that PayPal is sending the IPN, but suddenly (with no config changes) my invoices are no longer marked with a payment.

 

173.0.81.1 - - [10/Sep/2015:13:55:26 -0700] "POST / HTTP/1.0" 200 14911 "-" "PayPal IPN ( https://www.paypal.com/ipn )"

 

I've checked the IPN config, as well as API signature and login. All look good.

 

Please advise.

0
Link to comment
Share on other sites
elkiwigrande Junior Member

elkiwigrande

Posted
Posted

I got this email this afternoon from Paypal:

--------------------------------------------------------------------------------------

As we have previously communicated to you, PayPal is upgrading the certificate for http://www.paypal.com to SHA-256. This endpoint is also used by merchants using the Instant Payment Notification (IPN) product.

 

This upgrade is scheduled for 9/30/2015; however, we may need to change this date on short notice to you to align to the industry security standard.

 

You’re receiving this notification because you’ve been identified as a merchant who has used IPN endpoints within the past year. If you have not made the necessary changes, we urge you to do so right away to avoid a disruption of your service!

 

Because these changes are technical in nature, we advise that you consult with your individuals responsible for your PayPal integration. They will be able to identify what, if any, changes are needed. Please share this email and the hyperlinks below with your technical contact for evaluation.

 

Testing in the Sandbox is one of the best ways to make sure your integration works. Sandbox endpoints have been upgraded to accept secure connections by the SHA-256 Certificates.

 

Full technical details can be found in our Merchant Security System Upgrade Guide. In addition, our 2015-2016 SSL Certificate Change microsite contains a schedule of our service upgrade plan.

--------------------------------------------------------------------------------------

 

Do I need to do anything on my end to ensure continuity with Paypal?

 

Thanks,

 

Chris

0
Link to comment
Share on other sites
ttremain Junior Member

ttremain

Posted
  • Author
Posted
Check Gateway Log: Admin Area -> Billing -> Gateway Log, is there any issues there?

 

Nothing since the 4th. But at that time, it says an Invalid Receiver Email. I have addressed that, and resent the IPN. Apache says it received the IPN, but there is nothing in the gateway log, and the invoice is still unpaid.

0
Link to comment
Share on other sites
nimonogi Senior Member

nimonogi

Posted
Posted

I've got this email today from paypal. Is there anything we need to do about this?

 

"As we have previously communicated to you, PayPal is upgrading the certificate for http://www.paypal.com to SHA-256. This endpoint is also used by merchants using the Instant Payment Notification (IPN) product.

 

This upgrade is scheduled for 9/30/2015; however, we may need to change this date on short notice to you to align to the industry security standard.

 

You’re receiving this notification because you’ve been identified as a merchant who has used IPN endpoints within the past year. If you have not made the necessary changes, we urge you to do so right away to avoid a disruption of your service!

 

Because these changes are technical in nature, we advise that you consult with your individuals responsible for your PayPal integration. They will be able to identify what, if any, changes are needed. Please share this email and the hyperlinks below with your technical contact for evaluation.

 

Testing in the Sandbox is one of the best ways to make sure your integration works. Sandbox endpoints have been upgraded to accept secure connections by the SHA-256 Certificates.

 

Full technical details can be found in our Merchant Security System Upgrade Guide. In addition, our 2015-2016 SSL Certificate Change microsite contains a schedule of our service upgrade plan.

 

Thanks for your patience as we continue to improve our services."

0
Link to comment
Share on other sites
Wabun Member

Wabun

Posted
Posted
under Admin Area -> Setup -> Payments -> Payment Gateways -> *PayPal*

what the email address used in the configuration? make sure it is the primary email address as in PayPal account

 

Hi, same for me, but today I received email from PayPal that they are upgrading their certificate and that I was identified as merchant using IPN product, seems WHMcs needs to do something I think.

0
Link to comment
Share on other sites
ttremain Junior Member

ttremain

Posted
  • Author
Posted
Multiple threads on same topic merged here.

 

You merged two unrelated topics. Yes both had to do with PayPal, but still unrelated...

 

- - - Updated - - -

 

under Admin Area -> Setup -> Payments -> Payment Gateways -> *PayPal*

what the email address used in the configuration? make sure it is the primary email address as in PayPal account

 

It is. I manually marked this invoice as paid. Since this thread was messed up by someone merging an unrelated thread in, I'll open a new thread if I continue to have problems.

0
Link to comment
Share on other sites
jbw Junior Member

jbw

Posted
Posted

paypal now requires that all certs used be 2048 sha-2 you should check your OS and sever , see that it is SHA-2 compliant.

check your SSL cert to be sure it is 2048

your cert should say this in SSL/TLS management

 

Description

2,048 bits, created 12/24/14 9:09 AM UTC

ID ( I have altered mine here )

b2fb2_fb299_3a788a9dab6a6db9868351b4b

Size

2048

 

also if your cpanel allows for creation of smaller size than 2048 bits , I forget what that was now, but that will mean you need to upgrade cpanel and or your OS.

 

the best way to set up whmcs is on multiple servers clustered in a master / slave config.

where whmcs is housed in its own server and makes accounts on a slave IE: no hosting accounts on master just whmcs with Data base any hosting accounts are on slave , so master talks to slave but slave cannot talk to master.

further if you are experiencing lots of Bruteforce attacks I have IP list for all recently know bad IPs after implementation

we have had NO entrys in master and only 2 or 5 a month on slave. you may contact me here for list to add in blacklist.

servers@nrwebus.com

0
Link to comment
Share on other sites
Wabun Member

Wabun

Posted
Posted (edited)

Right, I bought 2 new SSL certificates one for the server and one for the domain, check their status and all looks fine, but still not getting any separated email from Paypal about the payment confirmation, although WHMcs marked the invoices as paid and I can see the transaction ID. Weirdo, perhaps something wrong with PayPal or WHMcs payment gateway???

 

Any one another suggestion?

 

https://www.digicert.com/help/

 

Issuer = RapidSSL SHA256 CA - G3

Key Length = 2048 bit

Signature algorithm = SHA256 + RSA (excellent)

Secure Renegotiation: Supported

 

And Intermediate certificate:

Subject RapidSSL SHA256 CA - G3

Valid from 29/Aug/2014 to 20/May/2022

Issuer GeoTrust Global CA

 

SSL Certificate is correctly installed

Edited by Wabun
Added SSL certificate.
0
Link to comment
Share on other sites
  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept