Generating Certificates
The certificate is generated in three steps:
Generate a Private Key
A private key is the foundation of certificate creation. It is used to sign requests and must be kept secure at all times. A private key is the foundation of certificate creation. It is used to sign requests and must be kept secure at all times.
Key value pairs can be generated with different algorithms. The most commonly used algorithm is RSA.
Supported algorithms
- RSA: Minimum 2048 bits
- ECDSA: Minimum 256 bits
The most commonly used algorithm is RSA. To generate an RSA private key, run the following command:
openssl genrsa -out private.key 4096Important
Never share your private key with anyone. It is used to sign all requests and ensures secure communication.
Generate a Certificate Signing Request (CSR)
A CSR (Certificate Signing Request) contains information about your organization and is required to create the certificate.
To generate a CSR, use the command below:
openssl req -new -key private.key -out csr.csrThis command will prompt you to provide the following details:
- Country Name
- State or Province Name
- Locality Name (e.g., city)
- Organization Name
- Organizational Unit Name
- Common Name (e.g., your domain name)
- Email Address
Submit the CSR
To create the certificate:
- Go to the admin section of the backoffice.
- Paste your signed CSR into the designated form.
- Click the Generate Certificate button.
Once completed, you will receive a certificate specific to your merchant. The portal also displays:
- Active certificates
- Certificate validity dates
- Revocation options
Note
A mechant can issue multiple certificates. Multiple certificates allow you to swap certificates without downtime when an old certificate nears expiration.