How to Generate Apple Pay Certificates
🚧 This only applies if you are utilizing your own Apple Pay Developer account in conjunction with the Apple Pay Native SDK on an IOS Mobile app
How to integrate Apple Pay API on an IOS App
https://developer.apple.com/documentation/passkit/apple-pay
📘 The integration of the Apple Pay API on your IOS App is solely provided by Apple. Coinflow is unable to assist in development questions related to the native Apple Pay API
Generate Your Decryption Keys
Run the following commands to generate your keys:
Apple Developer Certificate Manager Setup
- Go to the Apple Developer Certificate Manager.
- Make sure you have a Merchant ID. Navigate to Identifiers => Merchant IDs to verify you have one. If not, create one.
- Go to Certificates => All, then click the + button in the top right.
- Select Apple Pay Payment Processing Certificate and proceed through the setup.
- Upload the
.csrfile you created (request.csr).Note:
.csris the same as.certSigningRequest - Download the file, which will download as
apple_pay.cer. You need this file to create the key.
Create the Key File
Important: You will need to password protect your
.p12file. Keep that password somewhere secure.
Convert to PEM Files
You now have the two files you need to decrypt Apple Pay tokens, but before you can do that, you need to convert them into .pem files.
Run the following commands to convert them to .pem files:
Expected Output Files
After completing all steps, you should have:
Certificate File (certPem.pem)
Private Key File (privatePem.pem)
Generate Merchant ID Certificate
Finally, to generate the merchant ID certificate…
Generate Merchant ID Certificate
In Apple Pay Developer Console
- In Certificates, Identifiers & Profiles, click Identifiers in the sidebar, then select Merchant IDs from the pop-up menu on the top right.
- On the right, select your merchant identifier.
- Under Apple Pay Merchant Identity Certificate, click Create Certificate.
Generate Certificate Request
- Launch Keychain Access located in
/Applications/Utilities. - Choose Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority.
- In the Certificate Assistant dialog, enter an email address in the User Email Address field.
- In the Common Name field, enter a name for the key (for example, “Gita Kumar Dev Key”). Remember this name.
- Leave the CA Email Address field empty.
- Choose “Saved to disk,” then click Continue.
Upload Certificate Request
- In Apple Developer Console, click Choose File.
- In the dialog that appears, select the certificate request file (a file with a
.certSigningRequestfile extension), then click Choose. - Click Continue.
- Click Download - This will download a
merchant_id.cerfile.
Export Private Key from Keychain Access
- Open Keychain Access (Applications > Utilities > Keychain Access)
- Find your certificate (search for the common name field from above)
- Right-click on the private key and select “Export”
- Choose the Personal Information Exchange (.p12) format
- Save the file (e.g., as “merchant_id.p12”)
- You’ll be asked to create a password for this export (remember it)
Now you should have 2 main files: merchant_id.cer and common_name.p12
Convert and Combine Certificates
At the end of this you should have a file that looks like this:
Get Apple Pay Merchant Identifier
Go to https://developer.apple.com/account/resources/identifiers/list/merchant and copy your Name and Identifier
📘 Please provide merchant-id-cert.pem, certPem.pem, and privatePem.pem, Merchant Name and Merchant Identifier to your Coinflow integrations specialist
Verify your Merchant Domain
- Go to “Identifiers and click into your identifier:
- Scroll down to “Manage Domains”
- Click “Add Domain”
- Download site association file
- Upload site association file to your website per the instructions
- Click “Verify”
📘 Please confirm with your Coinflow integrations specialist that you have completed this step.
