Magento and June 17th PayPal Security Update

We all know that security is critical in e-commerce and so does any reliable payment provider. This time, we’d like to point your attention to the upcoming security update that PayPal will be rolling out on June 17th and what you need to do to make sure that your Magento store is ready for it.

The update itself has been announced in 2015, however getting closer to the deadline we see that many merchants still haven’t paid enough attention to it or underrate the implications. To put it simple, if your Magento website won’t be compatible with the updates that PayPal rolls out, your PayPal integration will break.

In a nutshell, PayPal is upgrading all its SSL certificates to SHA-256 algorithm that is stronger than previously used SHA-1 and discontinuing use of Verisign G2 Root Certificate in favor of Verisign G5. So what you need to do is to make sure that your system supports SHA-256 and uses G5 Root Certificate for validation.

Quickest way to check Magento’s compatibility with PayPal Security Updates

There is a pretty much clear and straightforward way to check if your environment is ready for the upcoming changes. Just run a test transaction using PayPal Sandbox environment and check the outcome. If everything works well, it means that you’re compatible and you don’t need to do anything at this point.

Want to dive deeper?

If integration is not working properly in the Sandbox environment or if you want to perform a detailed check, Anna Völkl has put together a detailed guide that explains how to Check if G5 Root Certificate is installed and if SHA-256 algorithm is working. Also check the official notes about the changes.

We hope that your system would be ready for the upcoming update and your developers wouldn’t have to wake up that Friday night from an emergency call :).