如何判断我的贝宝证书是否为 SHA-256?- 贝宝服务升级 [英] How can I tell if my paypal certificate is SHA-256? - PayPal service upgrades

问题描述

我使用 IPN 端点并收到了来自贝宝的电子邮件，称贝宝正在将 www.paypal.com 的证书升级到 SHA-256.

I use IPN endpoints and have received emails from paypal saying PayPal is upgrading the certificate for www.paypal.com to SHA-256.

我只是想确保我的证书继续有效.

I just want to make sure my certificate will keep working.

我尝试查看 https://shaaaaaaaaaaaaa.com、https://shachecker.com, www.sslshopper.com/ssl-checker.html 但没有人会检查它(我假设他们都需要一个 https 站点，我的不是t?).

I have tried checking on https://shaaaaaaaaaaaaa.com, https://shachecker.com, www.sslshopper.com/ssl-checker.html but none will check it (I assume they all require an https site, which mine isn't?).

我已经尝试通过沙盒进行交易，效果很好.

I have tried a transaction though the sandbox and this works fine.

我已经在我的 ubuntu 服务器上运行了 openssl s_client -connect www.sandbox.paypal.com:443 -showcerts -CApath/etc/ssl/certs/ 并且看到了很多以 <结尾的信息code>Verify return code: 0 (ok) 然后它就挂了.这是否意味着有问题?我在这些信息中寻找什么?

I have run openssl s_client -connect www.sandbox.paypal.com:443 -showcerts -CApath /etc/ssl/certs/ on my ubuntu server and see a lot of information ending in Verify return code: 0 (ok) it then just hangs. Does that mean there is a problem? What am I looking for in this information?

(如果我为 www.paypal.com 运行相同的代码，它会在 Verify 行暂停，然后说 closed)

(If I run the same for www.paypal.com it pauses on the Verify line, then says closed)

推荐答案

证书升级详情如下:
商家回复指南
证书常见问题
这来自商家回复指南:

Here are the details for the Certificate Upgrade:
Merchant Response Guide
Certificate FAQ
This comes from the Merchant Response Guide:

我们的回应:按照行业标准，PayPal将不再接受安全到 API/IPN 端点的连接，这些端点期望我们的证书/信任链由 G2 根证书签名.仅有的期望我们的证书/信任链由 G5 根证书签名的安全连接请求将导致成功的安全连接连接.

Our Response: In accordance with industry standards, PayPal will no longer accept secure connections to the API/IPN endpoints that are expecting our Certificate/trust chain to be signed by the G2 Root Certificate. Only secure connection requests that are expecting our certificate/trust chain to be signed by the G5 Root Certificate will result in successful secure connections.

这里是如何通过 Linux 检查您的证书.这来自 GitHub:
如何通过 Linux 检查所有证书

Here is how to check your Certificate through Linux. This comes from GitHub:
How to Check All Certificates through Linux

#!/bin/bash

echo "All certificates in ca-certificates.crt, listed by subject:"
awk -v cmd='openssl x509 -noout -subject' '/BEGIN/{close(cmd)};{print | cmd}' < /etc/ssl/certs/ca-certificates.crt

echo "All certificates in ca-certificates.crt, listed by subject, check for presence of VeriSign's 'Class 3 Public Primary - G5':"
awk -v cmd='openssl x509 -noout -subject' '/BEGIN/{close(cmd)};{print | cmd}' < /etc/ssl/certs/ca-certificates.crt | grep "G5"

这篇关于如何判断我的贝宝证书是否为 SHA-256?- 贝宝服务升级的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！