如何确定我的贝宝证书是否为SHA-256? -贝宝服务升级 [英] How can I tell if my paypal certificate is SHA-256? - PayPal service upgrades

问题描述

我使用IPN端点，并且收到来自贝宝的电子邮件，说贝宝将www.paypal.com的证书升级到SHA-256.

I use IPN endpoints and have received emails from paypal saying PayPal is upgrading the certificate for www.paypal.com to SHA-256.

我只想确保我的证书可以继续工作.

I just want to make sure my certificate will keep working.

我尝试检查 https://shaaaaaaaaaaaaaaa.com ，

I have tried checking on https://shaaaaaaaaaaaaa.com, https://shachecker.com, www.sslshopper.com/ssl-checker.html but none will check it (I assume they all require an https site, which mine isn't?).

我已经通过沙盒尝试了一笔交易，但效果很好.

I have tried a transaction though the sandbox and this works fine.

我已经在ubuntu服务器上运行了openssl s_client -connect www.sandbox.paypal.com:443 -showcerts -CApath /etc/ssl/certs/，看到很多以Verify return code: 0 (ok)结尾的信息，然后它挂了.这是否意味着有问题?我在这些信息中寻找什么?

I have run openssl s_client -connect www.sandbox.paypal.com:443 -showcerts -CApath /etc/ssl/certs/ on my ubuntu server and see a lot of information ending in Verify return code: 0 (ok) it then just hangs. Does that mean there is a problem? What am I looking for in this information?

(如果我在www.paypal.com上运行相同的代码，它会在Verify行上暂停，然后显示closed)

(If I run the same for www.paypal.com it pauses on the Verify line, then says closed)

推荐答案

以下是证书升级的详细信息:
证书常见问题解答
这来自《商家响应指南》:

Here are the details for the Certificate Upgrade:
Merchant Response Guide
Certificate FAQ
This comes from the Merchant Response Guide:

我们的回复: 根据行业标准，贝宝将不再接受安全 与API/IPN端点的连接，这些端点期望我们的证书/信任链由G2根证书签名.仅有的 期望我们的证书/信任链由G5根证书签名的安全连接请求将导致成功的安全 连接.

Our Response: In accordance with industry standards, PayPal will no longer accept secure connections to the API/IPN endpoints that are expecting our Certificate/trust chain to be signed by the G2 Root Certificate. Only secure connection requests that are expecting our certificate/trust chain to be signed by the G5 Root Certificate will result in successful secure connections.

这是如何通过Linux检查您的证书的方法.这来自GitHub:
如何通过Linux检查所有证书

Here is how to check your Certificate through Linux. This comes from GitHub:
How to Check All Certificates through Linux

#!/bin/bash

echo "All certificates in ca-certificates.crt, listed by subject:"
awk -v cmd='openssl x509 -noout -subject' '/BEGIN/{close(cmd)};{print | cmd}' < /etc/ssl/certs/ca-certificates.crt

echo "All certificates in ca-certificates.crt, listed by subject, check for presence of VeriSign's 'Class 3 Public Primary - G5':"
awk -v cmd='openssl x509 -noout -subject' '/BEGIN/{close(cmd)};{print | cmd}' < /etc/ssl/certs/ca-certificates.crt | grep "G5"

这篇关于如何确定我的贝宝证书是否为SHA-256? -贝宝服务升级的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！