Our servers are compatible with 2015 and 2016 PayPal security upgrades

Recently, PayPal has been sending notifications to merchants who use the “PayPal API”, discussing some changes they’re making. If you are one of our customers and you have received this e-mail from PayPal, you may be wondering if you need to do anything. The short answer is that you don’t; the change is being made entirely on the PayPal servers, and our service is fully compatible.

The longer answer is that if you read the details provided by PayPal, you’ll find they aren’t talking about certificates on your site hosted with us. Instead, they’re talking about how they’re replacing the private certificates they use on their “api.paypal.com” server, which matters if you’ve installed software on your site that makes a secure connection to PayPal to process a transaction.

They are saying that they’re going to switch their own private certificate from “Verisign G2” to “Verisign G5”, and because of that, any server that connects securely to api.paypal.com needs to have a copy of the matching “Verisign G5” public certificate. That’s not a problem because we installed that certificate several years ago on all our servers.

So our Web servers are already fully compatible with the 2015 PayPal security requirements; customers don’t need to do anything special.

Update January 13, 2016: PayPal is now sending these notices saying they’re making “2016” security upgrades, instead of “2015”. But it’s the same upgrades, and the same thing applies.