SSL certificate changed from * to

This post is relevant to merchants that completed a level 2 integration using the order processing API. On May 10, we will update the SSL certificate for from a wildcard certificate (* to a certificate specifically issued for
If you use the order processing API, it's important that your code follows the security guidelines outlined in the API documentation.

We also strongly recommend that you verify the authenticity of the server certificate whenever you make the HTTPS connection with Google. Before you send any data or do HTTP Basic Authentication, please verify that:

  • the server certificate belongs to or
  • the server certificate was signed by the appropriate Certifying Authority
  • the certificate has not expired
Once this change has been made, your production code should validate the SSL certificate against, not * Note that this change will not affect you if you use any of the sample code packages.

Permalink | Links to this post |
The comments you read here belong only to the person who posted them. We do, however, reserve the right to remove off-topic comments.