Security

Reply
Contributor II
Posts: 44
Registered: ‎04-06-2011

Clearpass Guest using PayPal as transaction processor -- upcoming Paypal Cert changes.

We use PayPal as our transaction processor for Clearpass Guest.   We recently received a notice from PayPal notifying us of certificate changes upcoming.  Do we need to take any action regarding this?

"
Global security threats are constantly changing, and the security of our merchants continues to be our highest priority. To guard against current and future threats, we are encouraging our merchants to make the following upgrades to their integrations:

1.Discontinue use of the VeriSign G2 Root Certificate. In accordance with industry standards, PayPal will no longer accept secure connections that are signed by the VeriSign G2 Root Certificate. Only secure connection requests that are expecting our certificate/trust chain to be signed by the G5 Root Certificate will result in successful secure connections.

2.Update your integration to support certificates using the SHA-256 algorithm. PayPal is upgrading SSL certificates on all Live and Sandbox endpoints from SHA-1 to the stronger and more robust SHA-256 algorithm.
"

Here’s more information:

https://ppmts.custhelp.com/app/answers/detail/a_id/1236

https://ppmts.custhelp.com/ci/fattach/get/487025/1429638687/redirect/1/session/L2F2LzEvdGltZS8xNDMzNTE0ODI3L3NpZC9YKlFqUTdvbQ==/filename/2015%20Merchant%20Security%20System%20Upgrade%20Guide%20(U.S.%20English).pdf


Thanks,

Bryan

 

Aruba Employee
Posts: 102
Registered: ‎03-15-2011

Re: Clearpass Guest using PayPal as transaction processor -- upcoming Paypal Cert changes.

Without giving a formal everything will be OK, I can attest that we do not force a specific root.  We let the negotation do its thing.  Policy Manager also has the ability to manage the certificate store so if a chain is missing by default it can be manually included on your part.  I don't think is saw what version you were on but I would make sure you are on the most recent patch of 6.4 or 6.5.

Search Airheads
Showing results for 
Search instead for 
Did you mean: