discontinue use of the VeriSign G2 Root Certificate

Hi There

We have to discontinue use of the VeriSign G2 Root Certificate. Can you confirm what we have to do the Linux (CENTOS version) and Windows server 2012 in order to be on compliance.

How to check where are those certificates (Does it exist one per server ?)
how to upgrade them to  G5 Root Certificate ?
LVL 6
worthyking1CTOAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
if you are responding to an email supposedly sent by PayPal then you got spoofed

http://www.amember.com/forum/threads/paypal-message-reguarding-verisign-g2-root-certificate.19795/
David Johnson, CD, MVPOwnerCommented:
The certificate is only valid for the following names: www.paypal-techsupport.com, de.paypal-techsupport.com, es.paypal-techsupport.com, fr.paypal-techsupport.com, it.paypal-techsupport.com, cn.paypal-techsupport.com, jp.paypal-techsupport.com
David Johnson, CD, MVPOwnerCommented:
bad siteI have already contacted Digicert and PayPal
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

David Johnson, CD, MVPOwnerCommented:
paypal is asking for you to forward that email to
review@paypal.com
worthyking1CTOAuthor Commented:
David, we are not referring to that email, fake as it may be.  We are referring to Paypal's upgrades as per this tech bulletin:

https://devblog.paypal.com/paypal-ssl-certificate-changes/
worthyking1CTOAuthor Commented:
We have BOTH a WIndows 2012 server and a LAMP server (CentOS 6.5) and need some easy to follow instructions on how to go about completing the following tasks, as listed in Paypal's bulletin:

Save the VeriSign G5 Root Trust Anchor in your keystore.
Upgrade your environment to support the SHA-256 signing algorithm.

Thanks!
worthyking1CTOAuthor Commented:
Experts

Let us know any feedback on this:

We have BOTH a WIndows 2012 server and a LAMP server (CentOS 6.5) and need some easy to follow instructions on how to go about completing the following tasks, as listed in Paypal's bulletin:

    Save the VeriSign G5 Root Trust Anchor in your keystore.

    Upgrade your environment to support the SHA-256 signing algorithm.
gheistCommented:
Can you show version nummbers of systems so we have something to confirm?
kadadi_vIT AdminCommented:
URL : https://devblog.paypal.com/paypal-ssl-certificate-changes/

As per PayPal ssl certificate changes , now they need the sha-2 algorithm enabled encryption. Now need to install / configure the new root certificates.

On Centos >Apache Web-server>Check the domain name for which had installed ssl before.
Please check the /etc/httpd/conf.d/ssl.conf , check the ssl certificates path for certificate/private key & bundled certificates where it copied before for ex. /etc/httpd/ssl/domain.cer.

Same procedure for Windows 2012 >IIS Web server.

Regards,
VK


Fetch the new certificates from Verisign and put @ proper folder path and restart the httpd service.

And same procedure for Windows

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.