On railscasts.com episodes #141 to #143 Ryan went through how to setup online credit card payments via Paypal and IPN. Worked like a treat after a few late nights and some modifications. If several years down the track you find the public key you provided Paypal has expired, do the following.
Run the following command wherever your current certificates are held. Most likely in RAILS_ROOT/certs. Change 365 to how many days you want the certificate to be valid for.
RAILS_ROOT/certs$ openssl req -new -key app_key.pem -x509 -days 365 -out app_cert.pem
Login to your Paypal Account and go to the following menus: My Account -> Profile -> My selling tools -> Encrypted payment settings. The last option will be at the bottom of the page. This will take you to a Website Payment Certificates page.
You should see your old expired certificate here in a list. Click the Add button. This will take you to a page where you will need to upload the certificate you generated in step 1. Remember, upload the app_cert.pem file!
You should go back to the Website Payment Certificates page and your new Public Certificate will be listed. Copy the Cert ID for the newly uploaded certificate. We will use this in step 3.
Open your RAILS_ROOT/config/paypal.yml file and find the paypal_cert_id entry under production. Replace it with the Cert ID you copied in step 2.
Here is an example from paypal.yml:
production: paypal_email: firstname.lastname@example.org paypal_secret: blahblahblah paypal_cert_id: [replace this] paypal_url: https://www.paypal.com/cgi-bin/webscr paypal_currency: AUD
You will need to restart rails so the modifications made in step 3 will be loaded.
The following command will restart Passenger:
RAILS_ROOT$ touch tmp/restart.txt
If you are running capistrano to deploy your app into production make sure you modify the correct files so that subsequent deployments use the correct app_certs.pem and paypal.yml files. Typically you will want to modify the files in your shared/certs and shared/config directories as the latest production release will have symbolic links pointing to them.