1 June 2015
Category PCI-DSS, Security
1 June 2015,

Throughout May, June and July 2015, PayPal will be making substantial changes to the SSL certificates used by the PayPal and Payflow Pro gateways. These certificates are being upgraded from a SHA1 certificate hash to a SHA2 certificate hash, as well as upgrading them to Extended Validation certificates with a 2048bit key. For users of the Platypus Billing System that use the Payflow Pro gateway for processing credit card transactions, there may be a few changes required before Platypus is able to use the gateway again.

* For users of Microsoft Windows Vista/2008 or greater, no changes are required.

* For users of Microsoft Windows XP, Service Pack 3 must be installed (https://support.microsoft.com/en-us/kb/322389).

* For users of Microsoft Windows Server 2003, security patches from Microsoft Security Bulletin MS14-049 must be installed (https://technet.microsoft.com/en-us/library/security/ms14-049.aspx).

* For users of Microsoft Windows 2000 or lower, there is no support for SHA2 certificate hashes. Because of this, Platypus will no longer be able to process payments from those machines.

Machines that need patching will see the following error message displayed.

The card could not be authorized for the following reason:
OLE IDispatch exception code 0 from msxml6.dll: An error occurred in the secure channel support…

The announcements for these changes were published to the PayPal Technical Support web site and the status of those changes is updated regularly. Please see the links below.

* 2015-2016 SSL Certificate Change Microsite (https://ppmts.custhelp.com/app/answers/detail/a_id/1236).

Comments are closed.