Home
Book a Demo
Back to Blog

Official X-Cart comments on PayPal service upgrades (switch to SHA-256 scheduled for 9/30/2015)

Alexander Mulin
Alexander Mulin Author

There are many merchants using PayPal to accept payments in their store. Being a reliable and trusted provider of such a sensitive service, PayPal do their best to guarantee the top-notch security to their users. That’s the reason why we all feel so comfortable using PayPal for local and international payments. But sometimes the security upgrades require actions from the users too – at least, making sure nothing is broken after another update. This is exactly what is happening now, so you might have already received an email titled “IMMEDIATE ATTENTION REQUIRED: PayPal service upgrades” with the content below:

They advise that you consult with people responsible for your PayPal integration. In case of X-Cart, we’re these people, so I’m here with the official comments of X-Cart team.

Alexander Dyatchkov, head of X-Cart Hosting and Support, comments:

Alexander Dyachkov

All this buzz is actually about the necessity of having a root CA certificate of G5 format on your server. If old G2 format is installed on your server currently, you should replace it with G5. In other words, this is a server-side issue, not related to the code of X-Cart 4, X-Cart 5, WordPress itself or WordPress Shopping Cart plugins, Drupal or whatever software your website is powered by.

Again, you do not need to do anything with your X-Cart store, apply any patches or tweaks. All the changes, if any, are to be on the server side.

ACTION REQUIRED

  • In case you are using VeriSign certificate, find out if root CA certificate of G5 format is installed on your server:
    • if your website is hosted with us, rest assured, the proper SSL is used on our machines
    • If you host your X-Cart with another hosting provider, contact them to find out, what certificate is installed
  • Check the type of your SSL certificate with this tool.
    • If the Signature algorithm value is SHA256withRSA, SHA384withRSA etc, you’re all set
    • If it shows type SHA-1 (Signature algorithm =SHA1withDSA), you should urgently reissue SSL of SHA-2 type. If it can not be reissued, you may purchase a new certificate with us

If you need any help or have any questions, please do not hesitate to contact our support team.

Alexander Mulin
Alexander Mulin Payments Sr. Product Manager at X-Cart, a Seller Labs company

Alex is Payments Sr. Product Manager at X-Cart, a Seller Labs company. His other two passions are ice hockey and history.

Want to See Your Store in Action?

Leave your contact details and we will reach out to set up a personal demo.

    By proceeding, you agree to the Terms of service, and authorize X-Cart to send you promotional messages via SMS and Email. You can opt out any time.

    Thanks, you’re booked!

    Our team will follow up shortly, either by email or phone, to schedule the date and time for the X-Cart demo.

    Case Image

    Meanwhile, discover how X-Cart helped FS Parts overcome complex data and fitment challenges.

    Read More