问题描述
我使用 IPN 端点并收到了来自贝宝的电子邮件,称贝宝正在将 www.paypal.com 的证书升级到 SHA-256.
I use IPN endpoints and have received emails from paypal saying PayPal is upgrading the certificate for www.paypal.com to SHA-256.
我只是想确保我的证书继续有效.
I just want to make sure my certificate will keep working.
我尝试查看 https://shaaaaaaaaaaaaa.com、https://shachecker.com, www.sslshopper.com/ssl-checker.html 但没有人会检查它(我假设他们都需要一个 https 站点,我的不是t?).
I have tried checking on https://shaaaaaaaaaaaaa.com, https://shachecker.com, www.sslshopper.com/ssl-checker.html but none will check it (I assume they all require an https site, which mine isn't?).
我已经尝试通过沙盒进行交易,效果很好.
I have tried a transaction though the sandbox and this works fine.
我已经在我的 ubuntu 服务器上运行了 openssl s_client -connect www.sandbox.paypal.com:443 -showcerts -CApath/etc/ssl/certs/
并且看到了很多以 Verify return code: 0 (ok) 然后它就挂了.这是否意味着有问题?我在这些信息中寻找什么?
I have run openssl s_client -connect www.sandbox.paypal.com:443 -showcerts -CApath /etc/ssl/certs/
on my ubuntu server and see a lot of information ending in Verify return code: 0 (ok)
it then just hangs. Does that mean there is a problem? What am I looking for in this information?
(如果我为 www.paypal.com 运行相同的代码,它会在 Verify
行暂停,然后说 closed
)
(If I run the same for www.paypal.com it pauses on the Verify
line, then says closed
)
推荐答案
证书升级详情如下:
商家回复指南
证书常见问题
这来自商家回复指南:
Here are the details for the Certificate Upgrade:
Merchant Response Guide
Certificate FAQ
This comes from the Merchant Response Guide:
我们的回应:按照行业标准,PayPal将不再接受安全到 API/IPN 端点的连接,这些端点期望我们的证书/信任链由 G2 根证书签名.仅有的期望我们的证书/信任链由 G5 根证书签名的安全连接请求将导致成功的安全连接连接.
这里是如何通过 Linux 检查您的证书.这来自 GitHub:
如何通过 Linux 检查所有证书
Here is how to check your Certificate through Linux. This comes from GitHub:
How to Check All Certificates through Linux
#!/bin/bash
echo "All certificates in ca-certificates.crt, listed by subject:"
awk -v cmd='openssl x509 -noout -subject' '/BEGIN/{close(cmd)};{print | cmd}' < /etc/ssl/certs/ca-certificates.crt
echo "All certificates in ca-certificates.crt, listed by subject, check for presence of VeriSign's 'Class 3 Public Primary - G5':"
awk -v cmd='openssl x509 -noout -subject' '/BEGIN/{close(cmd)};{print | cmd}' < /etc/ssl/certs/ca-certificates.crt | grep "G5"
这篇关于如何判断我的贝宝证书是否为 SHA-256?- 贝宝服务升级的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!