Pay Pal

Permalink Browser Info Environment
My Client received this from PayPal.

Is there anything required to ensure eCommerce Express is compatible after the update by PayPal



As we have previously communicated to you, PayPal is upgrading the certificate for to SHA-256. This endpoint is also used by merchants using the Instant Payment Notification (IPN) product.

This upgrade is scheduled for 9/30/2015; however, we may need to change this date on short notice to you to align to the industry security standard.

You’re receiving this notification because you’ve been identified as a merchant who has used IPN endpoints within the past year. If you have not made the necessary changes, we urge you to do so right away to avoid a disruption of your service!
Because these changes are technical in nature, we advise that you consult with your individuals responsible for your PayPal integration. They will be able to identify what, if any, changes are needed. Please share this email and the hyperlinks below with your technical contact for evaluation.
Testing in the Sandbox is one of the best ways to make sure your integrations work. Sandbox endpoints have been upgraded to accept secure connections by the SHA-256 Certificates.
Full technical details can be found in our Merchant Security System Upgrade Guide. In addition, our 2015-2016 SSL Certificate Change microsite contains a schedule of our service upgrade plan.

Type: Discussion
Status: In Progress
View Replies:
jb1 replied on at Permalink Reply
Hi Colin,

Yes we also received that message and we are working on an update for this add-on to work with the changes on PayPal. We will release a new update next week and we will update this thread when done.

jb1 replied on at Permalink Reply
Hi Colin,

I've read about this and it shows that our eCommerce Express add-on isn't affected. However, if your server is using SSL (https:) protocol then you would have to make sure your hosting supports the latest changes that is mentioned in the email. However if you aren't using SSL then you would be fine without doing so based on the response from Paypal In fact you can actually test it right now using Sandbox test because their sandbox servers have already been updated to the latest SHA 256.

Hope that helps.


concrete5 Environment Information


Browser User-Agent String

Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0

Hide Post Content

This will replace the post content with the message: "Content has been removed by an Administrator"

Hide Content

Request Refund

You may not request a refund that is not currently owned by you.