Security

We use PayPal as our transaction processor for Clearpass Guest.   We recently received a notice from PayPal notifying us of certificate changes upcoming.  Do we need to take any action regarding this?

"
Global security threats are constantly changing, and the security of our merchants continues to be our highest priority. To guard against current and future threats, we are encouraging our merchants to make the following upgrades to their integrations:

1.Discontinue use of the VeriSign G2 Root Certificate. In accordance with industry standards, PayPal will no longer accept secure connections that are signed by the VeriSign G2 Root Certificate. Only secure connection requests that are expecting our certificate/trust chain to be signed by the G5 Root Certificate will result in successful secure connections.

2.Update your integration to support certificates using the SHA-256 algorithm. PayPal is upgrading SSL certificates on all Live and Sandbox endpoints from SHA-1 to the stronger and more robust SHA-256 algorithm.
"

Here’s more information:

https://ppmts.custhelp.com/app/answers/detail/a_id/1236

https://ppmts.custhelp.com/ci/fattach/get/487025/1429638687/redirect/1/session/L2F2LzEvdGltZS8xNDMzNTE0ODI3L3NpZC9YKlFqUTdvbQ==/filename/2015%20Merchant%20Security%20System%20Upgrade%20Guide%20(U.S.%20English).pdf


Thanks,

Bryan

Without giving a formal everything will be OK, I can attest that we do not force a specific root.  We let the negotation do its thing.  Policy Manager also has the ability to manage the certificate store so if a chain is missing by default it can be manually included on your part.  I don't think is saw what version you were on but I would make sure you are on the most recent patch of 6.4 or 6.5.