Did you recently receive an email from PayPal with the subject “Certificate Expire Notification” talking about your API certificate needing to be replaced? If you use PayPal Express or PayPal Website Payments Pro, you will want to pay attention to this email.

You have until December 31, 2017 to update the API certificate from the older SHA-1 protocol to the 2048 bit SHA-2 standard. As of January 1, 2018, your ecommerce site will no longer be able to accept PayPal payments if your certificate has not been updated.

What do you need to do at PayPal?

PayPal’s email links to a helpful API Certificate Credentials Upgrade page. This page explains how to tell if your certificate is already up to date, and what you need to do in order to upgrade the certificate in PayPal. Whether you use the certificate or not, it’s a good idea to upgrade it, in case you use it in the future.

What Steps to take in your ecommerce application?

Once the certificate is updated in PayPal to a SHA-2 certificate, you will need to update your ecommerce software with the new certificate as well. This needs to be done right after making the update in PayPal to avoid any failed transactions.

For ShopSite stores:

Go to:
Commerce Setup -> Payment -> PayPal Express (or Website Payments Pro) -> Configure

Here you can paste in the updated certificate from PayPal (if you’re using the certificate method).

We actually recommend changing the PayPal API method to “Digital Signature” and then using the signature key so you do not have to worry about certificates that expire. In PayPal, go to:
Profile > My selling tools > API access >
and you can enable the API Signature method.

For Magento 1 and Magento 2 ecommerce stores:

Go to:
System (or Store for M2) -> Configuration -> Payment Methods -> (Select PayPal Express) -> Configure

Here you can paste in the updated certificate from PayPal (if you’re using the certificate method).

We actually recommend changing the PayPal API method to “Digital Signature” and then using the signature key so you do not have to worry about certificates that expire. In PayPal, go to:
Profile > My selling tools > API access >
and you can enable the API Signature method.

For WooCommerce stores:

Go to:
WooCommerce > Settings > Checkout> PayPal Express Checkout

and you can choose a file to use for the updated API certificate (you’ll need to save it to a file on your computer).

We actually recommend changing the PayPal API method to “Digital Signature” and then using the signature key so you do not have to worry about certificates that expire. In PayPal, go to:
Profile > My selling tools > API access >
and you can enable the API Signature method.

…

Hopefully this helps explain what is needed to be done at both PayPal and in your ecommerce application. If you are a hosted client of ours, please get in touch if you have any questions about what needs to be done before January 1, 2018.