Generate a .p12 file for Apple Pay
Generate a .p12 processing certificate.
A .p12 processing certificate is required when you use a server-to-server Apple Pay integration and send encrypted Apple Pay tokens to emerchantpay for decryption and processing through the gateway.
Note that you don’t need to generate or upload a .p12 file if you accept Apple Pay through emerchantpay’s hosted Web Payment Form (WPF). For WPF integrations, emerchantpay manages the Apple Pay configuration and certificates.
Generate a .p12 file using any of the following methods:
Generate a .p12 file using OpenSSL
- Generate a Certificate Signing Request (ecccertreq.csr)
- Generate key pair in a key file
openssl ecparam -genkey -name prime256v1 -out ecckey.key - Generate CSR from key pair in key file
openssl req -new -sha256 -key ecckey.key -out ecccertreq.csr -subj /CN=www.mydomain.com
- Generate key pair in a key file
- Upload the Payment Processing Certificate CSR
- In Certificates, Identifiers & Profiles, select Identifiers from the sidebar
- Under Identifiers, select Merchant IDs using the filter in the top-right
- Select your merchant identifier
- Under Apple Pay Payment Processing Certificate, click Create Certificate
- Select Choose File. In the dialog that appears, select the certificate request file (
ecccertreq.csr), then select Choose - Select Continue
- Download the Apple signed Payment Processing Certificate
- In Certificates, Identifiers & Profiles, select Identifiers from the sidebar
- Under Identifiers, select Merchant IDs using the filter in the top-right
- Select your merchant identifier
- Under Apple Pay Payment Processing Certificate, click Download. The certificate file (
apple_pay.cer) appears in your Downloads folder
- Generate the .p12 file (
ecckeystore.p12)- Convert
apple_pay.certo PEMopenssl x509 -inform DER -in apple_pay.cer -out apple_pay.pem - Import merchant certificate and private key to generate .p12
openssl pkcs12 -export -out ecckeystore.p12 -inkey ecckey.key -in apple_pay.pem
- Convert
Generate a .p12 file using KeyTool
- Generate a Certificate Signing Request
- Generate key pair in a pkcs12 file
keytool -genkeypair -keyalg EC -keystore ecckeystore.p12 -storetype pkcs12 -keysize 256 -alias ecckeyname -dname CN=www.mydomain.com - Generate CSR from key pair in pkcs12 file
keytool -certreq -sigalg SHA256withECDSA -alias ecckeyname -file ecccertreq.csr -keystore ecckeystore.p12 -storetype pkcs12
- Generate key pair in a pkcs12 file
- Upload the Payment Processing Certificate CSR
- In Certificates, Identifiers & Profiles, select Identifiers from the sidebar
- Under Identifiers, select Merchant IDs using the filter in the top-right
- Select your merchant identifier
- Under Apple Pay Payment Processing Certificate, click Create Certificate
- Select Choose File. In the dialog that appears, select the certificate request file (
ecccertreq.csr), then select Choose - Select Continue
- Download the Apple signed Payment Processing Certificate
- In Certificates, Identifiers & Profiles, select Identifiers from the sidebar
- Under Identifiers, select Merchant IDs using the filter in the top-right
- Select your merchant identifier
- Under Apple Pay Payment Processing Certificate, click Download. The certificate file (
apple_pay.cer) appears in your Downloads folder
- Generate the .p12 file (
ecckeystore.p12)Ensure the relevant Apple Root and Intermediate certificates are installed in your trust store.keytool -import -keystore ecckeystore.p12 -storetype pkcs12 -alias ecckeyname -trustcacerts -file apple_pay.cer
Generate a .p12 file using Keychain Access (Mac only)
- Generate a Certificate Signing Request
- In the Applications folder on your Mac, open the Utilities folder and launch Keychain Access
- Within the Keychain Access drop down menu, select Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority
- In the Certificate Information window, enter in the following information:
- Enter your email address and create a name for your private key
- Leave the CA Email Address empty
- In the Request is group, select the Saved to disk option
- Select Let me specify key pair information
- Select Continue within Keychain Access and select the file location
- Set the Key Pair Information to the following:
- Algorithm: ECC
- Key_size: 256 bits
- Click Continue within Keychain Access to complete the CSR generating process
- Upload the Payment Processing Certificate CSR
- In Certificates, Identifiers & Profiles, select Identifiers from the sidebar
- Under Identifiers, select Merchant IDs using the filter in the top-right
- Select your merchant identifier
- Under Apple Pay Payment Processing Certificate, click Create Certificate
- Select Choose File. In the dialog that appears, select the certificate request file (
ecccertreq.csr), then select Choose - Select Continue
- Download the Apple signed Payment Processing Certificate
- In Certificates, Identifiers & Profiles, select Identifiers from the sidebar
- Under Identifiers, select Merchant IDs using the filter in the top-right
- Select your merchant identifier
- Under Apple Pay Payment Processing Certificate, click Download. The certificate file (
apple_pay.cer) appears in your Downloads folder
- Generate the .p12 file (
ecckeystore.p12)- Double click the
apple_pay.cerfile to install in Keychain Access - Export the Payment Processing Certificate and the Key Pair to the .p12 file:
- Select Payment Processing Certificate
- While holding the Cmd key, select the Key Pair file
- Within the Keychain Access dropdown menu, select File > Export Items
- Enter a name for the .p12 file and select Save.
If you are prompted to create a password when saving the .p12 file, you must not create a password. Click OK instead.
- Double click the
Once you have generated the .p12 file, see how to Upload your .p12 file to the Gateway Console.
Was this page helpful?