SSL Certificates - Client Certificate

In order to be authenticated to our REST services you have to provide a self-signed client certificate, which can be generated either using makecert.exe or OpenSSL. 

Note, that the certificate is valid for 2 years and will have to be regenerated after it expires.

Generate two certificates for Sandbox and Production environments:

  • Sandbox: set environment to Sandbox.
  • Production: leave environment blank.

Send the generated *.cer (or *.crt, if you use OpenSSL) files to and store the *.pfx file in a secure private key storage on your end.

Using makecert.exe to generate client certificate

makecert.exe ^
 -n "CN=your-company-name - MobilePay - environment" ^
 -sky exchange ^
 -eku ^
 -r ^
 -pe ^
 -a sha512 ^
 -len 2048 ^
 -m 24 ^
 -sv environment_MobilePay_your-company-name.pvk ^

Export private key to pfx:

pvk2pfx.exe ^ 
 -pvk environment_MobilePay_your-company-name.pvk ^
 -spc environment_MobilePay_your-company-name.cer ^
 -pfx environment_MobilePay_your-company-name.pfx

Using OpenSSL to generate client certificate

$ openssl req -x509 -nodes -sha512 -newkey rsa:2048 -keyout environment_MobilePay_your-company-name.pvk -out environment_MobilePay_your-company-name.crt -days 730

Enter your-company-name - MobilePay - environment for Common Name, when asked.

Export private key to pfx:

$ openssl pkcs12 -export -in environment_MobilePay_your-company-name.crt -inkey environment_MobilePay_your-company-name.pvk -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider" -out environment_MobilePay_your-company-name.pfx