Generate a .p12 file for Apple Pay

Generate a .p12 processing certificate.


A .p12 processing certificate is required when you use a server-to-server Apple Pay integration and send encrypted Apple Pay tokens to emerchantpay for decryption and processing through the gateway.

Note that you don’t need to generate or upload a .p12 file if you accept Apple Pay through emerchantpay’s hosted Web Payment Form (WPF). For WPF integrations, emerchantpay manages the Apple Pay configuration and certificates.

Generate a .p12 file using any of the following methods:


Generate a .p12 file using OpenSSL

  1. Generate a Certificate Signing Request (ecccertreq.csr)
    1. Generate key pair in a key file
      openssl ecparam -genkey -name prime256v1 -out ecckey.key
    2. Generate CSR from key pair in key file
      openssl req -new -sha256 -key ecckey.key -out ecccertreq.csr -subj /CN=www.mydomain.com
  2. Upload the Payment Processing Certificate CSR
    1. In Certificates, Identifiers & Profiles, select Identifiers from the sidebar
    2. Under Identifiers, select Merchant IDs using the filter in the top-right
    3. Select your merchant identifier
    4. Under Apple Pay Payment Processing Certificate, click Create Certificate
    5. Select Choose File. In the dialog that appears, select the certificate request file (ecccertreq.csr), then select Choose
    6. Select Continue
  3. Download the Apple signed Payment Processing Certificate
    1. In Certificates, Identifiers & Profiles, select Identifiers from the sidebar
    2. Under Identifiers, select Merchant IDs using the filter in the top-right
    3. Select your merchant identifier
    4. Under Apple Pay Payment Processing Certificate, click Download. The certificate file (apple_pay.cer) appears in your Downloads folder
  4. Generate the .p12 file (ecckeystore.p12)
    1. Convert apple_pay.cer to PEM
      openssl x509 -inform DER -in apple_pay.cer -out apple_pay.pem
    2. Import merchant certificate and private key to generate .p12
      openssl pkcs12 -export -out ecckeystore.p12 -inkey ecckey.key -in apple_pay.pem

Generate a .p12 file using KeyTool

  1. Generate a Certificate Signing Request
    1. Generate key pair in a pkcs12 file
      keytool -genkeypair -keyalg EC -keystore ecckeystore.p12 -storetype pkcs12 -keysize 256 -alias ecckeyname -dname CN=www.mydomain.com
    2. Generate CSR from key pair in pkcs12 file
      keytool -certreq -sigalg SHA256withECDSA -alias ecckeyname -file ecccertreq.csr -keystore ecckeystore.p12 -storetype pkcs12
  2. Upload the Payment Processing Certificate CSR
    1. In Certificates, Identifiers & Profiles, select Identifiers from the sidebar
    2. Under Identifiers, select Merchant IDs using the filter in the top-right
    3. Select your merchant identifier
    4. Under Apple Pay Payment Processing Certificate, click Create Certificate
    5. Select Choose File. In the dialog that appears, select the certificate request file (ecccertreq.csr), then select Choose
    6. Select Continue
  3. Download the Apple signed Payment Processing Certificate
    1. In Certificates, Identifiers & Profiles, select Identifiers from the sidebar
    2. Under Identifiers, select Merchant IDs using the filter in the top-right
    3. Select your merchant identifier
    4. Under Apple Pay Payment Processing Certificate, click Download. The certificate file (apple_pay.cer) appears in your Downloads folder
  4. Generate the .p12 file (ecckeystore.p12)
    keytool -import -keystore ecckeystore.p12 -storetype pkcs12 -alias ecckeyname -trustcacerts -file apple_pay.cer

Generate a .p12 file using Keychain Access (Mac only)

  1. Generate a Certificate Signing Request
    1. In the Applications folder on your Mac, open the Utilities folder and launch Keychain Access
    2. Within the Keychain Access drop down menu, select Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority
    3. In the Certificate Information window, enter in the following information:
      • Enter your email address and create a name for your private key
      • Leave the CA Email Address empty
      • In the Request is group, select the Saved to disk option
      • Select Let me specify key pair information
    4. Select Continue within Keychain Access and select the file location
    5. Set the Key Pair Information to the following:
      • Algorithm: ECC
      • Key_size: 256 bits
    6. Click Continue within Keychain Access to complete the CSR generating process
  2. Upload the Payment Processing Certificate CSR
    1. In Certificates, Identifiers & Profiles, select Identifiers from the sidebar
    2. Under Identifiers, select Merchant IDs using the filter in the top-right
    3. Select your merchant identifier
    4. Under Apple Pay Payment Processing Certificate, click Create Certificate
    5. Select Choose File. In the dialog that appears, select the certificate request file (ecccertreq.csr), then select Choose
    6. Select Continue
  3. Download the Apple signed Payment Processing Certificate
    1. In Certificates, Identifiers & Profiles, select Identifiers from the sidebar
    2. Under Identifiers, select Merchant IDs using the filter in the top-right
    3. Select your merchant identifier
    4. Under Apple Pay Payment Processing Certificate, click Download. The certificate file (apple_pay.cer) appears in your Downloads folder
  4. Generate the .p12 file (ecckeystore.p12)
    1. Double click the apple_pay.cer file to install in Keychain Access
    2. Export the Payment Processing Certificate and the Key Pair to the .p12 file:
      1. Select Payment Processing Certificate
      2. While holding the Cmd key, select the Key Pair file
      3. Within the Keychain Access dropdown menu, select File > Export Items
      4. Enter a name for the .p12 file and select Save.

Once you have generated the .p12 file, see how to Upload your .p12 file to the Gateway Console.