On This Page
FILTER BY TAG

Create or Submit a P12 Certificate

This section describes how to create or submit a P12 certificate and how to extract its private key. A private key is necessary for you to construct JSON Web Tokens.
Create
 a P12 certificate if you need a new certificate.
Submit
 a P12 certificate if you want to use your own certificate.

Creating a P12 Certificate

Follow these steps to create a P12 certificate file if you are using JSON Web Tokens to secure communication:
  2. On the left navigation panel, choose
    Payment Configuration > Key Management
    .
  3. Click
    + Generate key
     on the Key Management page.
  4. Under REST APIs, choose
    REST – Certificate
    , and then click
    Generate key
    .
    If you are using a
    portfolio
     account, the Key options window appears, giving you the choice to create a meta key.
    For more information about how to create a meta key, see .
  5. Click
    Download key
     .
  6. Create a password for the certificate by entering one into the
    New Password
     and
    Confirm Password
     fields. Click
    Generate key
    .
    The
    .p12
     file downloads to your desktop.
    If prompted by your system, approve the location to which the key downloads.
To create or upload another key, click
Generate another key
. To view all of your created keys, go to the Key Management page.
IMPORTANT
Securely store the
.p12
 file and password in your system. These credentials are required in order to implement certain products, and you must be able to access them.

Submitting a P12 Certificate

Follow these steps to submit your own public PEM-formatted certificate signing request (CSR) if you are using JSON Web Tokens to secure communication. You also have the option to create a P12 certificate from your CSR to use for testing purposes.
  2. On the left navigation panel, choose
    Payment Configuration > Key Management
    .
  3. Click
    + Generate key
     on the Key Management page.
  4. Under REST APIs, choose
    REST – Certificate
    , and then click
    Generate key
    .
    If you are using a
    portfolio
     account, the Key options window appears, giving you the choice to create a meta key.
    For more information about how to create a meta key, see .
  5. Enter your public PEM-formatted certificate in the text box, then click
    Download key
     .
    If you need to generate your own CSR and private key, run this command. In this example,
    merchant
     is your organization or merchant ID (MID). You can extract the certificate value by opening the
    example.csr
     file using a text editor application.
    openssl req -new -newkey rsa:2048 -keyout private_key.pem -out example.csr -sha256 -nodes -subj "/CN=
    merchant
    "
  6. (Optional) To convert your submitted CSR into a
    .p12
     file, run this command. In this example,
    merchant
     is your organization or merchant ID (MID).
    You can use the P12 certificate for testing using the
    REST API Reference
     on the Developer Center.
    openssl pkcs12 -export -name "$(printf 'serialnumber=%s,cn=%s' "$(openssl x509 -in 
    merchant
    _certChain.pem -noout -serial | cut -d= -f2 | xxd -r -p)" "$(openssl x509 -in 
    merchant
    _certChain.pem -noout -subject | sed -n 's/.*CN=\([^/]*\).*/\1/p')" )" -out 
    merchant
    .p12 -inkey private_key.pem -in 
    merchant
    _certChain.pem
  7. When prompted, set a password for the
    .p12
     file.
To create or upload another key, click
Generate another key
. To view all of your created keys, go to the Key Management page.
IMPORTANT
Securely store your key's password in your system. These credentials are required to implement certain products and you must be able to access them.

Extracting the Private Key from Your P12 Certificate

When you have your P12 certificate, extract the private key from the certificate. Use this key to sign your header when sending an API request.
IMPORTANT
If you are using the SDK to establish communication, you do not need to extract the private key from the P12 certificate.
Prerequisite
You must have a tool such as OpenSSL installed on your system.
Extract the Private Key
Follow these steps to extract the private key using OpenSSL:
  1. Open the command-line tool and navigate to the directory that contains the P12 certificate.
  2. Enter this command:
    openssl pkcs12 -in [certificate name] -nodes -nocerts -out [private key name]
  3. Enter the password for the certificate.
    You set this password when you created the P12 certificate in the
    Gateway Portal
    .
The new certificate is added to the directory with the private key name you supplied in Step 2.

Testing Your Private Key

After creating your key certificate, you must verify that it can successfully process API requests. This task explains how to test and validate your private key in the Developer Center and the
Gateway Portal
.
Follow these steps:
  2. On the left navigation panel, click .
  3. Under Authentication and Sandbox Credentials, go to the Authentication Type drop-down menu and choose
    JSON Web Token
    .
  4. Enter your organization ID in the
    Organization
     field.
  5. Enter your Password in the
    Password
     field.
  6. Click
    Browse
     and upload your p12 certificate from your desktop.
  7. Click
    Update Credentials
    .
    A confirmation message states that your credentials are successfully updated.
  8. Go to the Developer Center's API Reference and navigate to
    Payments >
    POST
     Process a Payment
    .
  9. Click
    Send
    .
    A message confirms that your request was successful with the status code 201.
  11. On the left navigation panel, choose
    Transaction Management > Transactions
    .
  12. Under Search Results, verify that the request ID from the test authorization response is listed in the Request ID column.
    If the test authorization was successful, a success message is present in the corresponding Applications column.
RELATED TO THIS PAGE