Paypal has updated its sandbox API endpoint and certificate to use sha256 instead of sha1. To migrate my application (which connects to paypal for express checkout) to use sha256,
a) Deleted and downloaded new certificate from my paypal account and converted it to .p12 format Using openssl confirmed that the certificate is using sha256withRsa
b) Confirmed that /etc/ssl/certs/ca-certs.crt is having the verisign G5 CA certificate as given in the link https://gist.github.com/robglas/3ef9582c6292470a1743
Still unable to connect to paypal sandbox from my java code which uses HttpClient. Failing during handshake
In the java code - using SSLContext.getInstance("SSL")
Using custom Truststore
Class CustomTrustManager implements X509TrustManager {
public boolean checkClientTrusted(java.security.cert.X509Certificate[] chain) {
return true;
}
public boolean isServerTrusted(java.security.cert.X509Certificate[] chain) {
return true;
}
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) {
}
public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) {
}
}
I am using a KeyManagerFactory of instance SunX509 and initializing it the pkcs12 keystore.
Am I missing anything . Please help!
getAcceptedIssuers()cannot return null, and the whole thing is 100% insecure. You may as well use plaintext as this. – user207421