Question about SSL on the F5
I got the following message from PayPal
1) Support SHA-256. PayPal is upgrading SSL certificates on all Live and Sandbox endpoints from SHA-1 to the stronger and more robust SHA-256 algorithm. You will need to update your integration to support certificates using SHA-256.
I'm new to this company and they're using an F5 Load Balancer for their SSL offloading. Would I need to check the SSL-Profile for this. Where do I check if the certs will support SHA-256?
2) Discontinue use of the VeriSign G2 Root Certificate. In accordance with industry standards, PayPal will no longer honor secure connections that require the VeriSign G2 Root Certificate for trust validation. Only secure connection requests that are expecting our certificate/trust chain to be signed by the G5 Root Certificate will result in successful secure connections.
"I noticed that the Load Balancer does have a G5 certificate in the SSL list and it also exist on the back end IIS server. But the website that is using paypal is using it's own ssl cert and profile on the F5 with an existing chain from GoDaddy. Does this mean I have to change the chain to the G5 Root?"