Will PayPal be upgrading THEIR own SSL cert?

OzWizard
Contributor
Contributor
Posted on
‎Nov-25-2017 09:52 AM

PayPal's very own EV SSL certificate will be distrusted in an upcoming release of the Chrome browser.

 

The certificate used to load https://www.paypal.com/webapps/hermes?token=XXXXXXXXXXXXXX&useraction=commit&rm=2&mfid=XXXXXXXXXX uses an SSL certificate that will be distrusted in an upcoming release of Chrome. Once distrusted, users will be prevented from loading this resource. See https://g.co/chrome/symantecpkicerts for more information.

 

Symantec was lazy and issued invalid EV certificates, so Chromium decided to distrust their CA. Symantec ended up selling their PKI business to DigiCert.

 

Does anyone know when PayPal will be updating their EV certs to avoid disruption of services? The new DigiCert CA to replace Symantec's should be up no later than December 1. Why did PayPal even bother buying a Symtantec EV on 9/21/2017?

 

PayPal-Symantec-EV.png

Login to Me Too
Login to Reply or Kudo
12 REPLIES 12

OzWizard
Contributor
Contributor
‎Mar-31-2018 09:09 AM

I got a reply from Merchant Technical Support on 3/27:

We are aware of this issue and we are taking the necessary steps to resolve the problem. 

Login to Me Too
Login to Reply or Kudo

armthepit
Member
Member
‎Apr-04-2018 07:06 AM

Is there a workaround?

Login to Me Too
Login to Reply or Kudo

OzWizard
Contributor
Contributor
‎Apr-04-2018 07:14 AM

No. PayPal must update their servers.

Login to Me Too
Login to Reply or Kudo

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.