discontinue use of the VeriSign G2 Root Certificate

Hi There

We have to discontinue use of the VeriSign G2 Root Certificate. Can you confirm what we have to do the Linux (CENTOS version) and Windows server 2012 in order to be on compliance.

How to check where are those certificates (Does it exist one per server ?)
how to upgrade them to  G5 Root Certificate ?
LVL 6
worthyking1Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
if you are responding to an email supposedly sent by PayPal then you got spoofed

http://www.amember.com/forum/threads/paypal-message-reguarding-verisign-g2-root-certificate.19795/
0
David Johnson, CD, MVPOwnerCommented:
The certificate is only valid for the following names: www.paypal-techsupport.com, de.paypal-techsupport.com, es.paypal-techsupport.com, fr.paypal-techsupport.com, it.paypal-techsupport.com, cn.paypal-techsupport.com, jp.paypal-techsupport.com
0
David Johnson, CD, MVPOwnerCommented:
bad siteI have already contacted Digicert and PayPal
0
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

David Johnson, CD, MVPOwnerCommented:
paypal is asking for you to forward that email to
review@paypal.com
0
worthyking1Author Commented:
David, we are not referring to that email, fake as it may be.  We are referring to Paypal's upgrades as per this tech bulletin:

https://devblog.paypal.com/paypal-ssl-certificate-changes/
0
worthyking1Author Commented:
We have BOTH a WIndows 2012 server and a LAMP server (CentOS 6.5) and need some easy to follow instructions on how to go about completing the following tasks, as listed in Paypal's bulletin:

Save the VeriSign G5 Root Trust Anchor in your keystore.
Upgrade your environment to support the SHA-256 signing algorithm.

Thanks!
0
worthyking1Author Commented:
Experts

Let us know any feedback on this:

We have BOTH a WIndows 2012 server and a LAMP server (CentOS 6.5) and need some easy to follow instructions on how to go about completing the following tasks, as listed in Paypal's bulletin:

    Save the VeriSign G5 Root Trust Anchor in your keystore.

    Upgrade your environment to support the SHA-256 signing algorithm.
0
gheistCommented:
Can you show version nummbers of systems so we have something to confirm?
0
kadadi_vIT AdminCommented:
URL : https://devblog.paypal.com/paypal-ssl-certificate-changes/

As per PayPal ssl certificate changes , now they need the sha-2 algorithm enabled encryption. Now need to install / configure the new root certificates.

On Centos >Apache Web-server>Check the domain name for which had installed ssl before.
Please check the /etc/httpd/conf.d/ssl.conf , check the ssl certificates path for certificate/private key & bundled certificates where it copied before for ex. /etc/httpd/ssl/domain.cer.

Same procedure for Windows 2012 >IIS Web server.

Regards,
VK


Fetch the new certificates from Verisign and put @ proper folder path and restart the httpd service.

And same procedure for Windows
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.