My Oracle Support Banner

How To Install Latest Verisign Root Certificates For Use With Paypal SDK 4.3.X (Doc ID 874433.1)

Last updated on DECEMBER 05, 2019

Applies to:

Oracle Wallet Manager
Oracle Payments - Version 11.5.10.2 to 12.1.3 [Release 11.5 to 12.1]
Information in this document applies to any platform.

Purpose

PayPal has upgraded Payflow v4 Servers from 1024 MD5 certificate to stronger 1024 SHA-1 certificate for PCI Compliance.  Any customer who upgraded to Paypal SDK 4.3.X using instructions in "Note:804338.1 How To Upgrade To Paypal Version 4.x SDK" will need install these new paypal certificates immediately for both test (pilot-payflow.paypal.com) and production (payflow.paypal.con) gateways.     
 
As per the Paypal site for URGENT - 2015-2016 SSL Certificate Change Microsite: "The SHA-1 certificate for payflowpro.paypal.com was renewed on June 15, 2015. We will be performing the G5 and SHA-256 upgrades to payflowpro.paypal.com on October 13, 2015."  
 

NOTE:  If these new certificates are not imported into apache keystore, customer's will experience credit card authorization failures with following errors in the iPayment debug log:

"In the catch sun.security.validator.ValidatorException: No trusted certificate found"


PayPal - vpsPayment.processTransaction(String): In the catch sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
                                                                                                                                                                                                                                                                                      
Authorization operation failed. Internal Error to Payment Server
   
UNEXPECTED:[iby.ecapp.PmtECApp.oraPmtReq]:IBY_45000:null
UNEXPECTED:[iby.ecapp.PmtECApp.oraPmtReq]:java.lang.RuntimeException
at ibyextend.TxnCustomizer_vps.preTxn(Unknown Source)
at oracle.apps.iby.extend.ExtUtils.customizePre(ExtUtils.java:76)
at oracle.apps.iby.payment.OnlineCreditCardPayment.pay(OnlineCreditCardPayment.java:459)
                                                                                                                                                                                                                                                                                                                                                                                                            EXCEPTION:[iby.exception.Log.debug.generic]:oracle.apps.iby.exception.PSException: Internal Error to Payment Server:
at oracle.apps.iby.ecapp.PmtECApp.oraPmtReq(PmtECApp.java:884)
at oracle.apps.iby.ecapp.PaymentServiceImpl.oraPmtReq(PaymentServiceImpl.java:559)
at oracle.apps.iby.admin.operations.server.CreditCardOperationsAMImpl.submitTrxn(CreditCardOperationsAMImpl.java:620)

Scope

This note will document the steps needed to download and install latest paypal root certificates into middle tier apache keystore. 

Details

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Purpose
Scope
Details
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.