PayPal and new certificate SHA-256

-- HikaShop version -- : 2.5.0
-- Joomla version -- : 3.4.3
-- PHP version -- : 5.5.27
-- Error-message(debug-mod must be tuned on) -- : general PayPal Question

Just want to know if HikaShop will be compatible to use with PayPal new certificate guidelines. Just received notification and not sure if this will impact the PayPal payment method going forward after 9/30/2015. Currently no issues. thanks

My clients are all concerned about this update also. Please let us know what we need to do to accommodate it.

Toolie

I've just had the same email from PayPal and would like to know if I am needing to make changes. I have a shop running on a shared hosting server.

I too would like to know, just chiming in to watch the thread.

If specifics are needed for the people here on HikaShop, here's the email with the embedded links...

As we have previously communicated to you, PayPal is upgrading the certificate for www.paypal.com to SHA-256. This endpoint is also used by merchants using the Instant Payment Notification (IPN) product.

This upgrade is scheduled for 9/30/2015; however, we may need to change this date on short notice to you to align to the industry security standard.

You’re receiving this notification because you’ve been identified as a merchant who has used IPN endpoints within the past year. If you have not made the necessary changes, we urge you to do so right away to avoid a disruption of your service!

Because these changes are technical in nature, we advise that you consult with your individuals responsible for your PayPal integration. They will be able to identify what, if any, changes are needed. Please share this email and the hyperlinks below with your technical contact for evaluation.

Testing in the Sandbox is one of the best ways to make sure your integration works. Sandbox endpoints have been upgraded to accept secure connections by the SHA-256 Certificates.

Full technical details can be found in our Merchant Security System Upgrade Guide . In addition, our 2015-2016 SSL Certificate Change microsite contains a schedule of our service upgrade plan.

Thanks for your patience as we continue to improve our services.

I have clients contacting me about this also, hoping to get a response or an update soon!

We also have concerned clients contacting us.
I followed the links through and it is very obtuse, I have zero idea what is required.

Hoping for some guidance from HS

Hi Same here as I have have had a notification from PayPal as below;

As we have previously communicated to you, PayPal is upgrading the certificate for www.paypal.com to SHA-256. This endpoint is also used by merchants using the Instant Payment Notification (IPN) product.

This upgrade is scheduled for 30/9/2015; however, we may need to change this date on short notice to you to align to the industry security standard.

You’re receiving this notification because you’ve been identified as a merchant who has used IPN endpoints within the past year. If you have not made the necessary changes, we urge you to do so right away to avoid a disruption of your service!
Because these changes are technical in nature, we advise that you consult with your individuals responsible for your PayPal integration. They will be able to identify what, if any, changes are needed. Please share this email and the hyperlinks below with your technical contact for evaluation.
Testing in the Sandbox is one of the best ways to make sure your integrations work. Sandbox endpoints have been upgraded to accept secure connections by the SHA-256 Certificates.
Full technical details can be found in our Merchant Security System Upgrade Guide. In addition, our 2015-2016 SSL Certificate Change microsite contains a schedule of our service upgrade plan.
Thanks for your patience as we continue to improve our services

I am also looking for information, adding myself to this topic to be updated. Same email has been received.

I am also confused if this upgrade would affect our e-shop and what changes are required. If anyone has any tips please let us know

Hi guy's

Just also registering my concern too, worried clients and we are fast approaching the Christmas season where we process many orders a day.

It would be nice to see some feedback from the support team even if it's just "we are looking into it".

Regards

Ah you replied while i was writing the post - Thanks!

May I ask - have you tested this internally with the upgraded sandbox endpoints?

Ok so there's no impact on the plug in BUT can anyone explain what the implications of this email are as it's all Double Dutch to most of us?

thanks

I agree, some detail as to why there is no impact would be very helpful for many like me who are receiving requests from customers for further information. I need to explain to my Hikashop running clients why this is not an issue we need to worry about. Many thanks.

Please also let us know if any older HikaShop versions will have issues with the change.

This is to do with the PayPal account (that is connected to your Hikashop store) and the way PayPal returns transaction information to your store. Anyone who has a PayPal account that has the IPN instant notifications turned on, and has processed transactions in the last twelve months, will have received this email so generally it is being sent to whoever owns the PayPal account.

While I stand to be corrected, my understanding is that PayPal are (finally) upgrading the encryption of the PayPal IPN to the latest standard. It should only be an issue for you if your hosting company does not recognise the new level of encryption (SHA-256) - most will. This has been around for months and relates to ALL ecommerce using PayPal not just Joomla/Hikashop. Since it came about due to a deprecation in the Chrome browser software most hosting coys will likely have addressed it already. If not, its more likely a problem with your host rather than with Hikashop.

My take - what Nicholas has said is perfectly correct. There will be no impact at all other than scaring the pants off all of us... Thank you PayPal!

nicolas wrote: Hi,

There is no impact at all in the plugin.

JIK wrote: . . . There will be no impact at all other than scaring the pants off all of us... Thank you PayPal!