如何确定我的贝宝证书是否为SHA-256? -贝宝服务升级 [英] How can I tell if my paypal certificate is SHA-256? - PayPal service upgrades
问题描述
我使用IPN端点,并且收到来自贝宝的电子邮件,说贝宝将www.paypal.com的证书升级到SHA-256.
I use IPN endpoints and have received emails from paypal saying PayPal is upgrading the certificate for www.paypal.com to SHA-256.
我只想确保我的证书可以继续工作.
I just want to make sure my certificate will keep working.
我尝试检查 https://shaaaaaaaaaaaaaaa.com ,
I have tried checking on https://shaaaaaaaaaaaaa.com, https://shachecker.com, www.sslshopper.com/ssl-checker.html but none will check it (I assume they all require an https site, which mine isn't?).
我已经通过沙盒尝试了一笔交易,但效果很好.
I have tried a transaction though the sandbox and this works fine.
我已经在ubuntu服务器上运行了openssl s_client -connect www.sandbox.paypal.com:443 -showcerts -CApath /etc/ssl/certs/
,看到很多以Verify return code: 0 (ok)
结尾的信息,然后它挂了.这是否意味着有问题?我在这些信息中寻找什么?
I have run openssl s_client -connect www.sandbox.paypal.com:443 -showcerts -CApath /etc/ssl/certs/
on my ubuntu server and see a lot of information ending in Verify return code: 0 (ok)
it then just hangs. Does that mean there is a problem? What am I looking for in this information?
(如果我在www.paypal.com上运行相同的代码,它会在Verify
行上暂停,然后显示closed
)
(If I run the same for www.paypal.com it pauses on the Verify
line, then says closed
)
推荐答案
以下是证书升级的详细信息:
证书常见问题解答
这来自《商家响应指南》:
Here are the details for the Certificate Upgrade:
Merchant Response Guide
Certificate FAQ
This comes from the Merchant Response Guide:
我们的回复: 根据行业标准,贝宝将不再接受安全 与API/IPN端点的连接,这些端点期望我们的证书/信任链由G2根证书签名.仅有的 期望我们的证书/信任链由G5根证书签名的安全连接请求将导致成功的安全 连接.
Our Response: In accordance with industry standards, PayPal will no longer accept secure connections to the API/IPN endpoints that are expecting our Certificate/trust chain to be signed by the G2 Root Certificate. Only secure connection requests that are expecting our certificate/trust chain to be signed by the G5 Root Certificate will result in successful secure connections.
这是如何通过Linux检查您的证书的方法.这来自GitHub:
如何通过Linux检查所有证书
Here is how to check your Certificate through Linux. This comes from GitHub:
How to Check All Certificates through Linux
#!/bin/bash
echo "All certificates in ca-certificates.crt, listed by subject:"
awk -v cmd='openssl x509 -noout -subject' '/BEGIN/{close(cmd)};{print | cmd}' < /etc/ssl/certs/ca-certificates.crt
echo "All certificates in ca-certificates.crt, listed by subject, check for presence of VeriSign's 'Class 3 Public Primary - G5':"
awk -v cmd='openssl x509 -noout -subject' '/BEGIN/{close(cmd)};{print | cmd}' < /etc/ssl/certs/ca-certificates.crt | grep "G5"
这篇关于如何确定我的贝宝证书是否为SHA-256? -贝宝服务升级的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!