Hello,
PayPal is making security upgrades in 2016, so be sure that your server is ready.
You don’t need to change your store PayPal settings or modify CS-Cart’s code—all
the changes only apply to your server.
Things You Have to Check
PayPal has already scheduled improvements—the security upgrade starts on January 16, 2016. To prepare PayPal users for these changes in advance, PayPal published a 2016 Merchant Security Roadmap checklist, which shows the upgrades you need to apply to your server.
Most likely, your server supports these upgrades already, but you must check it to be sure.
Please pay special attention to these changes:
1. TLS 1.2 and HTTP 1.1 Upgrade and SSL Certificate Upgrade
PayPal confirms that TLS 1.2 and HTTP 1.1 protocols, which provide a secure communication over a computer network, will be mandatory in 2016.
Also, PayPal is currently upgrading the SSL certificates, which will be signed using a more secure SHA-256 algorithm and VeriSign’s 2048-bit G5 Root Certificate used for trust validation.
To ensure that your server supports the required security standards, run this command from your server’s console:
GET https://tlstest.paypal.com
A successful connection will return the “PayPal_Connection_OK†text confirming that your server supports HTTP 1.1, TLS 1.2, and SHA-256, and has VeriSign’s 2048-bit G5 Root Certificate installed.
To get the list of all the installed certificates on your server, use the instructions for your server’s operating system image.
If the above command results in an error, forward this information to your system administrator or a hosting company so that they can update your server’s software.
Please be sure that your server supports these security standards by June 17, 2016.
2. Merchant API Certificate Credentials Upgrade
PayPal is now upgrading its API certificate credentials to the more secure 2048-bit certificates used for API authentication.
This change will only affect merchants who use API certificate for authentication in PayPal.
To verify whether you use a certificate as a PayPal authentication method or not, do this:
1. Go to Administration → Payment methods
2. Click your PayPal payment method that uses PayPal Pro or PayPal Express Checkout processors
3. Switch to the Configure tab
4. Check the PayPal authentication method property: if this property is set to Certificate, then you use the API certificate for authentication in PayPal and you’ll need to renew it
Check the Technical Details section of the API certificate credentials article to learn about the renewal of your current certificate.
Please take care of your API certificate credentials between January 31, 2016 and January 1, 2018.