The paypal https certificate will be renewed next on March 4 2006. Since it may not be convenient to change the keystore of our application exactly at this point in time, 1) will there be a URL where the new paypal with the subsequent validity period can be retrieved before it becomes productive? (typically, there is an overlap where the old and the new cert are valid) 2) Assuming there is a way to retrieve that cert ahead of the point in time where it will be needed for proper https-IPN operation, does anybody have experiences how Java trusttores handle such a situation? a) does it allow to store multiple certs for the same domain b) if so, in which order will it use them? Any hints would be highly appreciated! Reach me securely via: https://www.privasphere.com/e.do?email=hauser@acm.org