Additional Info For Step 7 - Generate a .pfx file #342
Comments
|
Yeah, it's not an easy process. I have a gist from when I had to renew my certificate that has these commands in it: # From https://blog.aclerbois.be/blog/2020/01/09/Generates-a-pfx-for-Apple-Pay
# Generate the CSR for Apple Pay Payment Processing
openssl req -nodes -newkey rsa:2048 -sha256 -keyout certificate.key -out certificate.csr
# Upload the CSR to developer.apple.com to get the certificate
# Generate the PFX from the CSR and CER
openssl x509 -inform der -in merchant_id.cer -out certificate.pem
openssl pkcs12 -export -inkey certificate.key -in certificate.pem -out certificate.pfx
# From https://www.ryandaigle.com/a/openssl-generate-apple-pay-csr/
# Generate the CSR for Apple Pay Merchant Identity
openssl ecparam -out certificate.key -name prime256v1 -genkey
openssl req -new -sha256 -key certificate.key -nodes -out request.csr
# Generate the PFX from the CSR and CER
openssl x509 -inform der -in apple_pay.cer -out certificate.pem
openssl pkcs12 -export -inkey certificate.key -in certificate.pem -out certificate.pfxWould you be interesting in distilling this issue into a pull request to update the instructions in the README? |
|
Yeah, sounds good! |
|
Very Helpful @martincostello thankyou. Small issue, It seems for Payment Processing we use
And this one for Merchant Identity
Basically the other way around! Its actually just the 2 comments that need switched only : ProcessingCert is called apple_pay.cer |
|
Another gotcha I found. When publishing and testing in Azure, (using Net6) It was not possible to complete merchant validation using the PFX cetificate without setting a mysterious config in Azure Portal , basically I was getting weird SSL connection exceptions until I set this. We need to set this Azure WebApp config > WEBSITE_LOAD_USER_PROFILE : 1 Hopefully this helps someone, somewhere. I took me best part of 6 hours to figure out this config. |
|
Thanks for pointing that out - I've added that to the Azure section in the README in #353. |
|
Thankyou for sharing this repo. It was very very helpful. The ApplePay docs suck |
Even after reading through the closed issues, it took me awhile to actually do step 7 and generate a PFX. So I thought I would compile the steps I found that worked for me in case it can help anyone else.
You will need:
Step 1
The merchant_id.cer certificate from Apple is a binary encoded version (I think?). You will need to convert it to something usable for this process. This will create merchant_id_cert.pem.
x509 -inform DER -in merchant_id.cer -out merchant_id_cert.pemStep 2
You will also need to convert the Apple Pay Merchant Identity MERCHANT NAME.p12 private key to something usable. This will create merchant_id_key.pem. NOTE: I renamed the file "Apple Pay Merchant Identity MERCHANT NAME.p12" to "merchant_id.p12" to make it easier to work with.
pkcs12 -in merchant_id.p12 -out merchant_id_key.pem -nodes -clcertsStep 3
Finally you combine the new cert format and new private key format into a single PFX file for use with the .NET project. This will create merchant_id.pfx.
pkcs12 -export -in merchant_id_cert.pem -inkey merchant_id_key.pem -out merchant_id.pfxIt will prompt you to enter the password for the private key and then prompt you again to confirm the password.
Now you should have a .pfx file and can move on to step 8 of the readme setup guide.
The text was updated successfully, but these errors were encountered: