PayPal notification to update your integration to support certificates using the SHA-256 algorithm.
Many of our customers will have received notifications from PayPal that SHA-1 won’t be support anymore, and to update your integration to support certificates using the SHA-256 algorithm.
SHA-1 is a 22 year old cryptographic algorithm that is being threatened by increases in
computing power. SHA-256 uses a stronger algorithm with 256-bit hash values.
All our servers have already been set up for this change and all the recent certificates that we’ve provided comply to these requirements. If you have access to your CSR (Certificate Signing Request), you can simply analyse it to see if it’s still on SHA-1 at – https://www.sslshopper.com/csr-decoder.html
You can cross check your certificates directly by accessing your website in any browser.
In case it doesn’t yet show a SHA-256 Signature algorithm, you can contact us if the certificate was purchased through us. We’ll take it from there.
If it’s been purchased and set up from elsewhere, you can contact your vendor and ask them to re-issue the certificate to comply to this requirement. You might have to provide them with a new CSR (as an old one would still be on SHA-1), get the certificate re-issued using this new CSR and install it with the correct CA bundle.
Just in case anyone’s not quite familiar on how to check this out, here we have screenshots on the Google Chrome browser on how exactly you can go about this.
1. Pull up your website in Google Chrome with https, and proceed as shown on the screenshot.
2. Pull up the details of your certificate
3. Scroll through the certificate details until you find the Signature Algorithm.
