• Resolved Travis Poole

    (@poolet08)


    Hi folks,

    I received this today from PayPal:

    As we have previously communicated to you, PayPal is upgrading the certificate for https://www.paypal.com to SHA-256. This endpoint is also used by merchants using the Instant Payment Notification (IPN) product.

    This upgrade is scheduled for 9/30/2015; however, we may need to change this date on short notice to you to align to the industry security standard.

    You’re receiving this notification because you’ve been identified as a merchant who has used IPN endpoints within the past year. If you have not made the necessary changes, we urge you to do so right away to avoid a disruption of your service!

    Because these changes are technical in nature, we advise that you consult with your individuals responsible for your PayPal integration. They will be able to identify what, if any, changes are needed. Please share this email and the hyperlinks below with your technical contact for evaluation.

    Testing in the Sandbox is one of the best ways to make sure your integration works. Sandbox endpoints have been upgraded to accept secure connections by the SHA-256 Certificates.

    Full technical details can be found in our Merchant Security System Upgrade Guide. In addition, our 2015-2016 SSL Certificate Change microsite contains a schedule of our service upgrade plan.

    Thanks for your patience as we continue to improve our services.

    Is there anything I need to make sure of in particular?

    https://www.ads-software.com/plugins/woocommerce/

Viewing 13 replies - 1 through 13 (of 13 total)
  • Basic everybody that uses paypal as their gateway will get that email, I am sure that the guys at woocommerce will do the required updates as soon as possible, well I hope they will lol

    Just reading some info on the update and it appears that your host is the one that is required to make updates/meet the requirements for this PayPal upgrade. So not sure if woocommerce has to do anything, I would suggest that you do some investigation to see if your host is SHA-256 compliant.

    Plugin Contributor Mike Jolley (a11n)

    (@mikejolley)

    Thank you for the new reply, Mike. I see only an image when I click the link for the sandbox tester plugin, and it’s not in the WordPress repository. Am I missing something?

    Also, for anyone who uses Cloudflare Flexible SSL for their WooCommerce sites, I received the following reply from Cloudflare support when I inquired with them:

    Regarding Paypal’s recent notification on SHA-2 support and root certificates.
    ? Do I need a SHA-2 certificate on my site?
    The notification regarding SHA-2 certificates refers to your origin server supporting a SHA-2 certificate, not CloudFlare.
    Paypal are migrating their IPN endpoints to use a SHA-2 cert and so want to ensure that websites connecting to these endpoints can support this. This refers to the connection from your origin to PayPal, which is made, for example, when a transaction is processed or payment taken.

    CloudFlare is not involved in this connection as it is directly from your origin to PayPal.
    For most servers, this won’t be an issue, but do speak to your host if you are in any doubt.
    ? What about the G2 root certificate warning?
    The warning regarding G2 root certificates refers to users with Verisign certificates. CloudFlare does not use Verisign certificates (We use Globalsign/Comodo) so this warning can be ignored.
    For further information, see Paypal’s own guide here: https://www.paypal-knowledge.com/infocenter/index?page=content&id=FAQ1766&expand=true&locale=en_US.

    Finally, in case it may also help others with this question, my host has indicated that because my sites send buyers to Paypal to complete the transaction and I do not use my host’s SSL server, this should not be an issue for my sites.

    Check with your host if you have concerns or run a test transaction.

    Paypal support was less helpful for those who are not as tech-savvy– their recommendations were to check with my shopping cart provider, host and developer. Honestly, I expected a better explainer from a company that specializes in making eCommerce payment processing simple even for beginners.

    Same here, I didn’t see any download link/button for IPN tester tool/plugin

    I was about to post about the Paypay IPN Tester plugin as well, but I’ll bump this post instead.

    The link is just a picture. There is no download.

    Get the plugin here. I installed it. Tested = success. Click on download button then install like any other plugin

    https://gist.github.com/mikejolley/0941e0882efcad64ea40

    Thanks you stardaug

    Thanks stardaug!

    For clarification:

    1) Click “Download ZIP” on the github page
    2) Install as new plugin
    3) Find Paypal Sandbox IPN Tester in your list of installed plugins
    4) Click the yoursite.com/?ipn-test-1 url in the plugin description
    5) Cross fingers

    So I get this after installing and running the plugin, does this mean that I’m in trouble?

    FAIL – Operation timed out after 5002 milliseconds with 0 bytes received.

    I get this error after running the plugin. But I did speak to someone at BlueHost (where I got this error) but they told me they would support the changes.

    Who or what should I believe?

    It should say “SUCCESS” if it works.

    I’m at a loss .. I installed it on 2 sites .. went the the site /?ipn-test=1 and nothing happened .. the homepage just loaded. What am I missing?

    –> Figured it out! You don’t put that link in your browser but click on it in the plugin description

    I’ve installed this at a client site.

    The setup has the shop on a subfolder. When I click the link in the plugin description, I can see that it is translating to the root level domain and not the subfolder domain. When I added the string /?ipn-test=1 to the end of the subfolder domain link, I received a failure message:
    FAIL - error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

    My questions are these:

    1. Does the site have to be in sandbox mode when this is done?
    2. What endpoint is being tested, exactly?
    3. Would use of CloudFlare have any impact on this test?
    4. Would use of Infusionsoft and InfusedWoo have an impact on this test?

      PayPal support is indicating that WooCommerce needs to modify their plugin to make my client’s site compliant. We have a ticket into InfusedWoo plugin authors already.

      Any useful responses will be greatly appreciated. ??

Viewing 13 replies - 1 through 13 (of 13 total)
  • The topic ‘PayPal Merchant Upgrade’ is closed to new replies.