Skip to main content
Help Center
The GoDaddy Community will undergo maintenance starting on Tuesday, August 3rd at 3pm PST / 6pm EST. Learn more
  • GoDaddy Community
  • VPS & Dedicated Servers
  • VPS & Dedicated Servers

    cancel
    Showing results for 
    Show  only  | Search instead for 
    Did you mean: 
    dkudev
    New

    Paypal requirements: Discontinue use of the VeriSign G2 Root Certificate

    Discontinue use of the VeriSign G2 Root Certificate. In accordance with industry standards, PayPal will no longer honor secure connections that require the VeriSign G2 Root Certificate for trust validation. Only secure connection requests that are expecting our certificate/trust chain to be signed by the G5 Root Certificate will result in successful secure connections.

    Paypal Requirement...

     

    Right now I have this type of Certificate:

    • Go Daddy Secure Certificate Authority - G2

    Is it possible somehow to change the certificate to G5 to meet Paypal requirement

    3 REPLIES 3
    MPC
    Community Team
    Community Team

    Hello @dkudev, the G5 designation only applies if you're using a Verisign certificate.  Our GoDaddy SSL Certificates are designated SHA-2, which is fully compliant with PayPal's current standards for an SSL.  You won't have to worry about making any changes.  Thanks. 

     

    MPC

    I have the GoDaddy SHA-2 and my ecommerce is now not working saying:

     

    ALERT: PayPal Express Checkout Error ()
    - (60) SSL certificate problem: unable to get local issuer certificate

    In a nutshell. GO Daddy DO NOT support G5 Root Certificate unless you want to pay them for an SSL certificate which does, or someone else - I only found this out today, so it's extremely limited and i'm not happy to say the least... but they are great at marketing right!

     

    PayPal Express checkout is MEANT to work with the G2 Root Certificate, but for me it does not. I have logged a support request through the merchant account with paypal and will see what comes of that.

     

    If you want to use PayPal Standard payments, you will not be in luck as this requires the G5 root certificate to be installed with the hosting provider, which it isn't. I'm assuming the other PayPal options (Advanced/Pro) would also require the G5 Root Certificate.  

     

    Express Checkout is your only option via PayPal with the G2 Root Certificate that Go Daddy currently has.

    -------------

    Background Info and some research info for you:

    PayPal is in the process of upgrading the SSL certificates used to secure our web sites and API endpoints. These new certificates will be signed using the SHA-256 algorithm and VeriSign’s 2048-bit G5 Root Certificate. You will need to ensure that your environment supports the use of the SHA-256 signing algorithm and discontinue the use of SSL

    connections that rely on the VeriSign G2 Root Certificate

    -----------------------------------------------------------------------------

    Here's some more links you may want to read, it explains it all etc (best to copy and paste IMO)

    1) 

    https://www.paypal-knowledge.com/infocenter/index?page=content&id=FAQ1766&expand=true&locale=en_US

    2)

    https://www.paypal-knowledge.com/resources/sites/PAYPAL/content/live/FAQ/1000/FAQ1766/en_US/2015%20M...

    --------

    On another note, GO Daddy DOES support TLS 1.2 and HTTPS 1.1 protocols as well as SHA-256... Just not g5 Root Certificate.

    ------------

    To check SSL status:

    https://www.ssllabs.com/ssltest/

     

    To Check SHA2 Status

    https://www.sha2sslchecker.com

     

     

    Cheers!