SSL and configuration issues

SSL and configuration issues

In this guide, we have added this article, since we have several clients with the problem of compatibility with the SSL certificate when installing their PayPal module in their environment.

First of all, the customer must make sure to comply with all the requirements that PayPal has for its module works properly. For this, we have developed a list of functions of security that must be FULFILLED in your SITE, and must be well configured by your HOSTING or PRIVATE DEVELOPER, not by our PayPal module technical support.

This is the list of requirements,

1 – Upgrading to TLS 1.2 and HTTP / 1.1: Your server must be able to support these protocols.

Note: you will need at least a version of OpenSSL greater than or equal to 1.0.1 and if you use cURL, a version greater than or equal to 7.34.0.

Also verify that your server has Verisign G5 Root certificate: https://knowledge.symantec.com/support/mpki-for-ssl-support/index?page=content&actp=CROSSLINK&id=SO5624

2 – Upgrading the SSL Certificate: In order to decrypt the new certificates, your website must be able to support the use of the SHA-256 signature algorithm.

==> For the 2 points above, I invite you to contact your host to check if everything is in order.

3 – HTTPS Standard for IPN Post Back Checks

This does not mean that your site must be in HTTPS, it just means that when your IPN script sends its response to PayPal, it must use the correct security standards.

To make sure, I invite you to contact the developer of your IPN script to ensure that the connection is done correctly.

It is therefore important that you verify that for all API calls as well as for IPN postbacks, your site is able to support these new standards.

I invite you to contact your host to ensure that your server has all these prerequisites.

In addition, if you use a basket management system, such as Prestashop / WooCommerce / Magento, I invite you to update your modules to ensure compatibility.

ATTENTION: However, I want to inform you that you do not need to buy an SSL license for your server and that these prerequisites correspond to updates of your server, neither more nor less.

Indeed an SSL license allows to have a site certified in https but the security update PayPal just asks that your shop is able to communicate with the new PayPal server, which they will have new standards. 

In the maintenance mode of your site, you may have problems with the certificate. Our module can tell you that your certificate is not valid or have problems with PHP.

I advise you to exit this maintenance mode and test the module in the correct mode. If you want to test, you can connect to your Sandbox account but in LIVE mode.

Our module will not work properly in maintenance mode.

Finally, we advise you to test your SSL certificate in the following link:

https://www.ssllabs.com/ssltest/analyze.html

In this way, you can verify that the certificate is of good quality or not.

PayPal only accepts certificates with high security.