[보안인증/Secure Certificate] 2048-bit certificates upgrade
Dear Customer,
In keeping with industry standards set by the Certification Authority/Browser (CA/B) Forum, PayPal will discontinue supporting 1024-bit key length certificates and will migrate to 2048-bit certificates before the end of 2013.
We have completed the installation of 2048-bit certificates for all API endpoints in our PayPal Sandbox and Payflow Pilot environments, and we will be doing the same for our production environments starting on August 6, 2013.
We strongly encourage merchants to thoroughly test any existing integration(s) in the PayPal Sandbox and/or Payflow Pilot environments to ensure this migration will not cause any unforeseen issues.
Please have the team or person responsible for your integration refer to the following:
If you need to import the new PayPal Sandbox and/or Payflow Pilot server certificates to your application or system truststore, you can download production and Sandbox certificates from https://ppmts.custhelp.com/app/answers/detail/a_id/952.
If you don’t typically import the server certificates to your truststore, you can proceed with testing with no other action required.
If you have any questions, please contact PayPal Merchant Technical Services by filing a ticket; refer to PP-LIVE-3503. You may also visit our Live Site Status blog.
Sincerely,
PayPal
--
I am using API signatures instead of certificates. So, I really dont need to do anything here, right?
=>
It's not the API certificate that is changing, it's the endpoint certificate that's changing to 2048. So whether your API credentials consist of either a API Signature or an API Certificate shouldn't matter.
You will only need to change anything if you're somehow storing and validating PayPal's API endpoint SSL certificate against a locally stored copy of the (same) SSL certificate. Often this is done in a so called 'truststore'.
Since PayPal's API endpoint certificate will change, you would need to update the certificate in the truststore accordingly.
So yes, you won't need to change anything if you're merely using an API signature or API certificate for API authentication.
=>
PayPal is upgrading the SSL certificates on their payment notification servers. If your PayPal Checkout Express configuration uses their certificates, you will need to import the new 2048-bit secure certificates. See the email below that was sent out earlier today.
If you use a shopping cart like Magento, you wouldn’t need to do anything because they use API signatures instead of certificates.