Paypal Payflow gateway problem today, SHA-2 upgrade

We had problem with our credit card processing app. It was developed 5 years ago, running on Windows server 2003.
Today, it can't connect to https://payflowpro.paypal.com. I called Paypal, they're upgrading their card processing server from SHA-1 to SHA2. He suggested me to wait until the upgrade finishes and try again. If it doesn't, I have to follow the below documentation to make change to our card processing app connecting to their server.

https://www.paypal-knowledge.com/infocenter/index?page=content&widgetview=true&id=FAQ1766&viewlocale=en_US&direct=en

Going through that, it seems, I just have to move the app from Windows 2003 to Windows 2012 in order to send authorization and charge with updated  encryption? It doesn't say the app has to use new SDK, so I guess just moving the app from old Windows  to new Windows OS would fix.

I'm not a developer, if it can be done in system job wise, I would do that.
LVL 1
crcsupportAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Russ SuterSenior Software DeveloperCommented:
It's a security upgrade and one that you need to follow along with. If you're communicating with any payment provider you need to be PCI compliant which means you need to keep your systems up to date. Since Windows Server 2003 reached end-of-life status on July 14, 2015 it would be impossible to remain PCI compliant without upgrading your server. Regardless of whether or not it addresses your PayPal issue you need to upgrade.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
crcsupportAuthor Commented:
Russ, do you mean that Paypal is checking the connecting merchant's PCI status?
I finished working on migrating websites from windows 2003 to windows 2012 and waiting for the scan kicks in. But I didn't know that Paypal is checking the connecting merchant's card processing app's PCI compliance status. I thought it's related to another, Windows 2003 can't handle connecting to SHA-2 server.
Today, until 1PM Pacific time, Paypal is in outage due to their certificate upgrade.
Russ SuterSenior Software DeveloperCommented:
Nobody has any way of fully checking your PCI status in that manner. That was a bit of a side note related to your original question.

What they can do, should do, and it appears they did, is reconfigure their systems so that systems and protocols that have been recently identified as insecure are removed from use. There has been a flood of new vulnerabilities discovered lately involving encryption, certificates, and SSL/TLS protocols so it makes sense that they'd be turning off some of these. They'd have probably done it sooner except for the fact that many of their customers also need time to adjust.
Defend Against the Q2 Top Security Threats

Were you aware that overall malware worldwide was down a surprising 42% from Q1'18? Every quarter, the WatchGuard Threat Lab releases an Internet Security Report that analyzes the top threat trends impacting companies worldwide. Learn more by viewing our on-demand webinar today!

crcsupportAuthor Commented:
I agree.
Our card processing app is not a website, but a desktop applicaition running on Windows 2003. I like to make this server so that it connects to Payflow and get back to business.
I found the following article which enables Windows 2003 to handle SHA-2, Does it sound like it will do the job according to the Paypal documentation above?

http://blogs.technet.com/b/pki/archive/2010/09/30/sha2-and-windows.aspx
crcsupportAuthor Commented:
I applied two patches to enable SHA-2, it works.

ref: http://blogs.technet.com/b/pki/archive/2010/09/30/sha2-and-windows.aspx

But if anyone see this, make note, SHA-3 coming. lol. Windows 2003 should retire. Damn, I was in the edge of the timing.
It's ultimate coincidence that Paypal migrated their hash encryption from SHA-1 to SHA-2 today as their maintenance schedule is specified above.
crcsupportAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 500 points for Russ_Suter's comment #a40982397
Assisted answer: 0 points for crcsupport's comment #a40982421

for the following reason:

Russ made a good point as long as we stay in PCI Compliance, the problem won't happen. I believe the link I posted above should resolve this specific problem.
Russ SuterSenior Software DeveloperCommented:
Good work. You are correct that this wouldn't have been an issue at all if you were using a newer version of Windows Server since SHA-2 support is built in to every currently supported version. You've worked around the issue but you should still upgrade your server as soon as you can.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.