Paypal has updated its sandbox API endpoint and certificate to use sha256 instead of sha1. To migrate my application (which connects to paypal for express checkout) to use sha256,
a) Deleted and downloaded new certificate from my paypal account and converted it to .p12 format Using openssl confirmed that the certificate is using sha256withRsa
b) Confirmed that /etc/ssl/certs/ca-certs.crt is having the verisign G5 CA certificate as given in the link https://gist.github.com/robglas/3ef9582c6292470a1743
Still unable to connect to paypal sandbox from my java code which uses HttpClient. Failing during handshake
In the java code - using SSLContext.getInstance("SSL")
Using custom Truststore
Class CustomTrustManager implements X509TrustManager {
public boolean checkClientTrusted(java.security.cert.X509Certificate[] chain) {
return true;
}
public boolean isServerTrusted(java.security.cert.X509Certificate[] chain) {
return true;
}
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) {
}
public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) {
}
}
I am using a KeyManagerFactory of instance SunX509 and initializing it the pkcs12 keystore.
Am I missing anything . Please help!
The issue was with the open-jdk 7 version. It seems open jdk by default has the JCE unlimited strength policy files (required to support 256 bit ciphers) . However some versions have the ciphers disabled (might be a bug). Upgrading open jdk to version 1.7.0_91 resolved the issue.