PayPal Service Upgrade

This alert relates to a change made by Paypal in 2017

PayPal have announced that in an effort to strengthen security they are upgrading their SSL certificates to SHA-256. They are performing a staged rollout across all their web and API endpoints.

As this is a server/SSL certificate issue, the Gravity Forms PayPal Add-Ons do not require any changes; however, we will be releasing updates which will alert you if your server does not support the newer SHA-256 standard.

PayPal isn’t alone in making this change; many organizations are upgrading their SSL certificates to the newer SHA-256 standard. For this reason most hosts should have already begun upgrading their servers to support this new standard. You may want to contact your hosting provider to check if the server hosting your site supports SHA-256.

If your site has an SSL certificate you should also check if it needs upgrading to SHA-256. You can do this by using the SHAChecker tool.

See more from Paypal regarding security here.

PayPal Standard

The endpoint used by the PayPal IPN service is due to be upgraded anytime between September 9-30, 2015. You may have already received an email from PayPal with the subject ‘IMMEDIATE ATTENTION REQUIRED’ notifying you about the certificate upgrade for www.paypal.com to SHA-256.

If the server hosting your site does not currently support SHA-256, your customers will still be able to make payments using the add-on; however, the PayPal IPN will not be able to update the entry payment status or transaction details on your site.

Note: When using the PayPal Standard Add-On you don’t need an SSL certificate.

PayPal Payments Pro & PayPal Pro

The SHA-256 upgrade for the endpoint used by the PayPal Payments Pro Add-On is currently planned for October 7, 2015.

The upgrade of the endpoint used by the PayPal Pro Add-On is currently planned for Q2, 2016.

To use either of these add-ons your site should have an SSL certificate.

If your certificate is not using the newer standard or the server hosting your site is not compatible with SHA-256 then once PayPal has made this change you may find that the credit card field will return a validation error when submitting the form.