Cfhttp to Paypal


Paypal is moving its https endpoints to SHA-256 in the next few days.

I just installed Lucee5 server with Tomcat 8 on a brand new Debian VM. I am able to cfhttp to a Paypal endpoint that has not been updated (, but requests to an updated endpoint ( gives a handshake failure.

I tried adding the SSL certificate from the Lucee server admin, but that fails too (“Could not obtain server certificate chain”).

Anyone knows what needs to be done to be able to connect to SHA-256 endpoints with cfhttp?


I added the certificate and the first parent (the root was already there) to the /WEB-INF/lucee-server/context/security/cacerts keystore, but still receive the handshake error message.

Does it need to be added to another keystore? Something else I am missing?

Thanks for your help !


Did you ever manage to solve this?

Don’t know about the OPs problem but many card processors are getting ready to cut off tls 1.0 and 1.1 for PCI compliance. I would assume sandbox might be already updated until their cutover date (no later than 6/2018). I use and that is how they are doing it.
Make sure you are running Java 8 for tls1.2 support.

1 Like