My Oracle Support Banner

How To Install Latest Verisign Root Certificates For Use With Paypal SDK 4.3.X (Doc ID 874433.1)

Last updated on SEPTEMBER 27, 2021

Applies to:

Oracle Wallet Manager
Oracle Payments - Version to 12.1.3 [Release 11.5 to 12.1]
Information in this document applies to any platform.


PayPal has upgraded Payflow v4 Servers from 1024 MD5 certificate to stronger 1024 SHA-1 certificate for PCI Compliance.  Any customer who upgraded to Paypal SDK 4.3.X using instructions in "Note:804338.1 How To Upgrade To Paypal Version 4.x SDK" will need install these new paypal certificates immediately for both test ( and production (payflow.paypal.con) gateways.     
As per the Paypal site for URGENT - 2015-2016 SSL Certificate Change Microsite: "The SHA-1 certificate for was renewed on June 15, 2015. We will be performing the G5 and SHA-256 upgrades to on October 13, 2015."  

NOTE:  If these new certificates are not imported into apache keystore, customer's will experience credit card authorization failures with following errors in the iPayment debug log:

"In the catch No trusted certificate found"

PayPal - vpsPayment.processTransaction(String): In the catch PKIX path building failed: unable to find valid certification path to requested target PKIX path building failed: unable to find valid certification path to requested target
Authorization operation failed. Internal Error to Payment Server
at ibyextend.TxnCustomizer_vps.preTxn(Unknown Source)
at oracle.apps.iby.extend.ExtUtils.customizePre(
                                                                                                                                                                                                                                                                                                                                                                                                            EXCEPTION:[iby.exception.Log.debug.generic]:oracle.apps.iby.exception.PSException: Internal Error to Payment Server:
at oracle.apps.iby.ecapp.PmtECApp.oraPmtReq(
at oracle.apps.iby.ecapp.PaymentServiceImpl.oraPmtReq(
at oracle.apps.iby.admin.operations.server.CreditCardOperationsAMImpl.submitTrxn(


This note will document the steps needed to download and install latest paypal root certificates into middle tier apache keystore. 


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.