I have seen a uptick the closer we get to June for customers requesting compliance for PayPal’s SSL Certificate Upgrade. If you interact with API’s it is a good thing to update the root ca certs, especially on older distros. In this case I am going to show you how to verify support for VeriSign G5 Root Certificate and SHA-256 support.
For Red Hat Enterprise Linux 5, CentOS 5, Fedora, Scientific Linux and all other RHEL 5 based distro’s. We are going to download the ca-bundle from the cURL site.
For Red Hat Enterprise Linux 6 and 7, CentOS 6 and 7, Fedora, Scientific Linux and all other RHEL 6 and 7 based distro’s. Here we are going to use the built-in package “ca-certificates”
For Debian, Ubunutu and other distro’s based on Debian. I have included the certificate which you will echo into /usr/local/share/ and then use update-ca-certificates to activate it. You may need to install the update-ca-certificates package if it is not already installed.
Ok, so you want to know how do we know if the server is compatible with PayPal’s update from VeriSign G2 to G5 certificate update? If the following command shows the VeriSign G5 certificate you should be ready to test against the PayPal sandbox.
Brian has spent more than fifteen years as Unix enthusiast, specalising in systems administration and solutions architecture for SMB's to Fortune 100 companies. His career has focused on emerging and niche technologies to major advancements in the industry - most notibly cloud.