Secure communications for web sites and web services rely on files known as certificates to establish and authenticate secure connections. These certificates contain cryptographic elements that are generated using algorithms with names like SHA-1 or SHA-256.
Certificates have most commonly been generated using SHA-1 for digital signature elements, but this algorithm is getting old and isn’t seen to be as secure as most of the online industry would like. As a result, there is a major shift underway to move to certificates which use the newer SHA-256 algorithm.
This move may impact some Opayo integrations. In some cases, older integrations may require some changes to work properly once the certificate change has been completed.
To avoid any disruption to your service you must verify that your systems are ready for this change by May 31st 2016.
Before the changes are made on the Opayo systems you can follow these below steps to upgrade from SHA-1 to the stronger version SHA-256. By completing these steps you will be in the best position possible to avoid any potential problems you may encounter.
For more information have a look at this Windows PKI blog on SHA-256. Windows can also assist with patches and recommendations on upgrading your environment.
We are making changes to the Test environment on the 31/03/2016 prior to any Live changes to allow you to verify your integration will not be impacted.
If you see these or similar error messages during your testing against the migrated Test environment, you will need to update your integration prior to the migration of our Live environment to SHA-256 certificates.
The clearest way to determine whether your system already supports the upcoming requirements is to have a web developer or system administrator run a test of your integration against our Test environment after 31/03/2016. A failure in testing indicates you should review all the above steps and upgrade your system’s environment.
If your integration is hosted by a third party, you should contact your hosting provider and have them perform the appropriate testing to ensure compatibility with these new certificates.
No, if your system already supports this there is no action that you need to take at this point to upgrade.