SazB's thanks for the help. I was having the same problem with the "Warning: openssl_pkcs7_sign(): error getting private key" I noticed there was a few typo's so I just wanted to recap for anyone googling the problem.. #1 on linux you can find where openssl is located by typing "which openssl" #2 like you said gen your certs. I did this in my 'paypal' directory that I created. The first command gives you a passwordless keyfile which seems to be *pun* the key ;) - openssl genrsa -out privkey.pem 1024 - openssl req -new -x509 -key privkey.pem -out cacert.pem -days 365 You had a slight typo in the last command. I copy and pasted from the top of the thread. If memory services me correctly the 365 days is the 'life' of the cert. You'll have to regen another one in 365 days.. I then uploaded cacert.pem to PayPal under Profile and Encrypted Payment Settings. It gave me back the CertID KCGZPBDRST385 which I then configured in osCommerce. After that I gave it a whril and things worked like they should. Again thanks for the help.