Generate a .p12 file for Apple Pay

Generate a .p12 processing certificate.

---

A .p12 processing certificate is required by emerchantpay to process payments using your encrypted Apple Pay token. Upload your .p12 file to your Merchant Console to process payments through the Genesis payment gateway.

Generate a .p12 file using any of the following methods: OpenSSL, KeyTool, KeyChain Access (Mac only).

---

Generate a .p12 file using OpenSSL

1. Generate a Certificate Signing Request (ecccertreq.csr)
   1. Generate key pair in a key file

      openssl ecparam -genkey -name prime256v1 -out ecckey.key

   2. Generate CSR from key pair in key file

      openssl req -new -sha256 -key ecckey.key -out ecccertreq.csr -subj /CN=www.mydomain.com

2. Upload the Payment Processing Certificate CSR
   1. In Certificates, Identifiers & Profiles, select Identifiers from the sidebar
   2. Under Identifiers, select Merchant IDs using the filter in the top-right
   3. Select your merchant identifier
   4. Under Apple Pay Payment Processing Certificate, click Create Certificate
   5. Select Choose File. In the dialog that appears, select the certificate request file (ecccertreq.csr), then select Choose
   6. Select Continue
3. Download the Apple signed Payment Processing Certificate
   1. In Certificates, Identifiers & Profiles, select Identifiers from the sidebar
   2. Under Identifiers, select Merchant IDs using the filter in the top-right
   3. Select your merchant identifier
   4. Under Apple Pay Payment Processing Certificate, click Download. The certificate file (apple_pay.cer) appears in your Downloads folder
4. Generate the .p12 file (ecckeystore.p12)
   1. Convert apple_pay.cer to PEM

      openssl x509 -inform DER -in apple_pay.cer -out apple_pay.pem

   2. Import merchant certificate and private key to generate .p12

      openssl pkcs12 -export -out ecckeystore.p12 -inkey ecckey.key -in apple_pay.pem

---

Generate a .p12 file using KeyTool

1. Generate a Certificate Signing Request
   1. Generate key pair in a pkcs12 file

      keytool -genkeypair -keyalg EC -keystore ecckeystore.p12 -storetype pkcs12 -keysize 256 -alias ecckeyname -dname CN=www.mydomain.com

   2. Generate CSR from key pair in pkcs12 file

      keytool -certreq -sigalg SHA256withECDSA -alias ecckeyname -file ecccertreq.csr -keystore ecckeystore.p12 -storetype pkcs12

2. Upload the Payment Processing Certificate CSR
   1. In Certificates, Identifiers & Profiles, select Identifiers from the sidebar
   2. Under Identifiers, select Merchant IDs using the filter in the top-right
   3. Select your merchant identifier
   4. Under Apple Pay Payment Processing Certificate, click Create Certificate
   5. Select Choose File. In the dialog that appears, select the certificate request file (ecccertreq.csr), then select Choose
   6. Select Continue
3. Download the Apple signed Payment Processing Certificate
   1. In Certificates, Identifiers & Profiles, select Identifiers from the sidebar
   2. Under Identifiers, select Merchant IDs using the filter in the top-right
   3. Select your merchant identifier
   4. Under Apple Pay Payment Processing Certificate, click Download. The certificate file (apple_pay.cer) appears in your Downloads folder
4. Generate the .p12 file (ecckeystore.p12)
   

   Ensure the relevant Apple Root and Intermediate certificates are installed in your trust store.

   keytool -import -keystore ecckeystore.p12 -storetype pkcs12 -alias ecckeyname -trustcacerts -file apple_pay.cer

---

Generate a .p12 file using Keychain Access (Mac only)

1. Generate a Certificate Signing Request
   1. In the Applications folder on your Mac, open the Utilities folder and launch Keychain Access
   2. Within the Keychain Access drop down menu, select Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority
   3. In the Certificate Information window, enter in the following information:
      • Enter your email address and create a name for your private key
      • Leave the CA Email Address empty
      • In the Request is group, select the Saved to disk option
      • Select Let me specify key pair information
   4. Select Continue within Keychain Access and select the file location
   5. Set the Key Pair Information to the following:
      • Algorithm: ECC
      • Key_size: 256 bits
   6. Click Continue within Keychain Access to complete the CSR generating process
2. Upload the Payment Processing Certificate CSR
   1. In Certificates, Identifiers & Profiles, select Identifiers from the sidebar
   2. Under Identifiers, select Merchant IDs using the filter in the top-right
   3. Select your merchant identifier
   4. Under Apple Pay Payment Processing Certificate, click Create Certificate
   5. Select Choose File. In the dialog that appears, select the certificate request file (ecccertreq.csr), then select Choose
   6. Select Continue
3. Download the Apple signed Payment Processing Certificate
   1. In Certificates, Identifiers & Profiles, select Identifiers from the sidebar
   2. Under Identifiers, select Merchant IDs using the filter in the top-right
   3. Select your merchant identifier
   4. Under Apple Pay Payment Processing Certificate, click Download. The certificate file (apple_pay.cer) appears in your Downloads folder
4. Generate the .p12 file (ecckeystore.p12)
   1. Double click the apple_pay.cer file to install in Keychain Access
   2. Export the Payment Processing Certificate and the Key Pair to the .p12 file:
      1. Select Payment Processing Certificate
      2. While holding the Cmd key, select the Key Pair file
      3. Within the Keychain Access dropdown menu, select File > Export Items
      4. Enter a name for the .p12 file and select Save.
         

         If you are prompted to create a password when saving the .p12 file, you must not create a password. Click OK instead.

Once you have generated the .p12 file, you must upload it in the Apple Pay Onboarding section of your Genesis Merchant Console. See Upload your .p12 file for more information.