Skip to main content

Easy Digital Downloads & the PayPal SHA 256 Changes


A couple of days ago PayPal announced on it’s developer website, as well as via an email sent to all PayPal business customers who’ve used the PayPal IPN within the last year that it is moving to a new SSL certificate type for all of it’s API endpoints that use a bundled certificate .

This email looks like this:

{Your Name},

As we have previously communicated to you, PayPal is upgrading the certificate for www.paypal.com to SHA-256. This endpoint is also used by merchants using the Instant Payment Notification (IPN) product.

This upgrade is scheduled for 9/30/2015; however, we may need to change this date on short notice to you to align to the industry security standard.

You’re receiving this notification because you’ve been identified as a merchant who has used IPN endpoints within the past year. If you have not made the necessary changes, we urge you to do so right away to avoid a disruption of your service!

Because these changes are technical in nature, we advise that you consult with your individuals responsible for your PayPal integration. They will be able to identify what, if any, changes are needed. Please share this email and the hyperlinks below with your technical contact for evaluation.

Testing in the Sandbox is one of the best ways to make sure your integration works. Sandbox endpoints have been upgraded to accept secure connections by the SHA-256 Certificates.

Full technical details can be found in our Merchant Security System Upgrade Guide. In addition, our 2015-2016 SSL Certificate Change microsite contains a schedule of our service upgrade plan.

Thanks for your patience as we continue to improve our services.

After an extensive review, it has been determined Easy Digital Downloads, and all of our official extensions, are 100% compatible with the changes, and will not require an update of any kind.

As always, we strongly recommend keeping all of your extensions, as well as Easy Digital Downloads and WordPress up to date.

Pippin Williamson

About Pippin Williamson

Pippin Williamson is the founder of Sandhills Development, the parent company for Easy Digital Downloads, AffiliateWP, WP Simple Pay, Sugar Calendar, and others. When not writing PHP, he can often be found sipping coffee or brewing beer at Sandhills Brewing.

@pippinsplugins

4 comments

  1. Pippin Williamson

    Thanks for the info, now We are more relaxed about this issue with sha-256 and EDD, but… what about Restric Content Pro?, is there any similar report about it? Sorry, but We have not been able to find that information.

    Thank you.

    1. Pippin Williamson
  2. Pippin Williamson

    Do we need to have an SSL certificate to comply with this? Paypal keeps sending these emails and its hard to make sense of them.

    Thanks

    1. Pippin Williamson

Leave a Reply

Your email address will not be published. Required fields are marked *