The reason people on stackoverflow are downvoting is because the question is really not one that an average, technically-informed user could answer. Rather, this touches on questions which only project members could answer, since we maintain and develop URL Fetch and its certificate files, signing algorithms. App Engine issue reports should go to the google app engine public issue tracker, issues or errors with your own code/project should go to stackoverflow, and threads like this one belong here.
Given that there's already a public issue tracker issue opened for better documenting the HTTPS behaviour/settings of Url Fetch, I'll have to update this thread within the next week, after seeing if I can glean any more useful information.
One easy way to determine whether things are working for you is to attempt to make API calls and observe if any errors occur, when targeting the API in the "sandbox environment", since the document you linked says the changes would be implemented in February 2015 in this "sandbox environment" (sorry I'm not more familiar with paypal's infrastructure or terminology).
So, I hope to update this thread within the next week with any information I can gather.
Sincerely,
Nick