PayPal recently sent an email to their customers about some upcoming service upgrades with how they handle Instant Payment Notification (IPN).
The content of the email that PayPal sent to their customers included the following…
Subject: IMMEDIATE ATTENTION REQUIRED: PayPal service upgrades.
As we have previously communicated to you, PayPal is upgrading the certificate for www.paypal.com to SHA-256. This endpoint is also used by merchants using the Instant Payment Notification (IPN) product.
This upgrade is scheduled for 9/30/2015; however, we may need to change this date on short notice to you to align to the industry security standard.
You’re receiving this notification because you’ve been identified as a merchant who has used IPN endpoints within the past year. If you have not made the necessary changes, we urge you to do so right away to avoid a disruption of your service!
Because these changes are technical in nature, we advise that you consult with your individuals responsible for your PayPal integration. They will be able to identify what, if any, changes are needed. Please share this email and the hyperlinks below with your technical contact for evaluation.
Testing in the Sandbox is one of the best ways to make sure your integration works. Sandbox endpoints have been upgraded to accept secure connections by the SHA-256 Certificates.
Full technical details can be found in our Merchant Security System Upgrade Guide. In addition, our 2015-2016 SSL Certificate Change microsite contains a schedule of our service upgrade plan.
Thanks for your patience as we continue to improve our services.
WishList Member includes three different PayPal integrations (PayPal Standard, PayPal Express and PayPal Pro). They all use IPN so our team has looked into these PayPal changes.
After a thorough review of the code, we have determined that no updates are required for the WishList Member plugin. However, you will need to check with your hosting provider or server to ensure your integrations will continue functioning based on the PayPal changes.
You will need to make sure that your hosting/server supports SHA-256 and G5 Root Certificate. This is specific to web servers and how they communicate with each other.
You can contact your hosting provider or can check your server to see if SHA-256 and a G5 Root Certificate is supported. Most hosting companies should be familiar with this change and will likely know exactly what you’re asking about.
In the unlikely case they are unfamiliar with the topic, PayPal has provided instructions for this and we have pasted the link below. You can include this link when you contact your hosting company for reference.
PayPal stated that this upcoming upgrade is scheduled for September 30, 2015 but they also noted that they may change this date and apply the upgrade sooner on short notice.
We highly recommend that you contact your hosting provider or check your server to ensure that it meets the requirements as stated by PayPal.
If your hosting/server supports SHA-256 and G5 Root Certificate then your WishList Member PayPal integrations will continue to function.