I'm trying to verify my CSR for Visa checkout so I can promote my project, but I haven't had any luck. Been using openssl and filling in the necessary info, however, when using Visa's CSR UID I keep getting an "invalid CSR UID" message. If anybody's done this, please help
Solved! Go to Solution.
Thanks for posting your question to the Visa Community Forum. If you are currently in Sandbox then the UID is not needed in the CSR while the project is in Sandbox.
To generate/create a CSR, please follow the getting started guide https://developer.visa.com/vdpguide#get-started-overview. The instructions provided on how to generate/create a CSR file is in chronological order. Please follow the getting started guide and on the left navigation guide, select Two-Way SSL (Mutual Authentication) https://developer.visa.com/vdpguide#twoway_ssl_mutual_authentication. This guide will walk you through on how to auto generate the CSR or create your CSR.
Please let me know if you have other questions.
Visa Developer Team
Please refer the documentation Diana has advised in her reply.
Also make sure following is the format of your openssl command when generating the CSR file.
You have to include all the parameters, subject details in to the single line command.
Also please note that there is "-PROD" as a suffix to UID value.
Openssl req -new -key C:\TestPrivateKey.pem -out C: \TestCSR.pem -subj "/emailAddress=ProjectOwnerEmail@domain.com/UID=yourProjectUIDValue-PROD/CN=Your-FQDN/O=YourOrg/OU=YourOU/C=SG/ST=YourState/L=YourCity" -config "C:\temp\openssl.cnf"
Hello, I am also having this issue. I tried with different solution for the web again and again. But, Its constant that, I am having this error. I am stuck now. Please provide any relevant solution mybkexperience. Thanks in advance.
I am using OpenSSL on Windows 10. I downloaded and installed OpenSSL-Win64 (OpenSSL Light). However, I don't have an openssl.cnf file. Did your install include the file or did you create the file?
You can create a config file for your own using a template that can be searched and downloaded from the internet.
And you can explicitly specify the path to it in your openssl command.
Thanks for the quick response to my last question.
Do you get this error
11892:error:2406F079:random number generator:RAND_load_file:Cannot open file:crypto\rand\randfile.c:88:Filename=./.rnd
And can it be ignored? I found a post on the openssl github site that indicates it isn't necessary and recommends removing RANDFILE= from openssl.cnf.
No need to reply to my previous post.
I created an openssl.cfg by copying an example I found. It doesn't include a RANDFILE= line
I ran this command to create a private key and the csr and there were no errors.
openssl req -new -keyout PrivateKey.pem -out Request.csr -subj "/emailAddressemail@example.com/UID=xxxxxxx-8950-49ba-bd12-5f07b67961b5-CERT/CN=www.myjob.com/O=My Company LLC/OU=Payments/C=US/ST=MyState/L=MyCity" -config "openssl.cnf"
For those who are curious, I found this sample config file and used it without edit
# OpenSSL configuration file.
# Establish working directory.
dir = .
[ ca ]
default_ca = CA_default
[ CA_default ]
serial = $dir/serial
database = $dir/certindex.txt
new_certs_dir = $dir/certs
certificate = $dir/cacert.pem
private_key = $dir/private/cakey.pem
default_days = 365
default_md = md5
preserve = no
email_in_dn = no
nameopt = default_ca
certopt = default_ca
policy = policy_match
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ req ]
default_bits = 1024 # Size of keys
default_keyfile = key.pem # name of generated keys
default_md = md5 # message digest algorithm
string_mask = nombstr # permitted characters
distinguished_name = req_distinguished_name
req_extensions = v3_req
[ req_distinguished_name ]
# Variable name Prompt string
0.organizationName = Organization Name (company)
organizationalUnitName = Organizational Unit Name (department, division)
emailAddress = Email Address
emailAddress_max = 40
localityName = Locality Name (city, district)
stateOrProvinceName = State or Province Name (full name)
countryName = Country Name (2 letter code)
countryName_min = 2
countryName_max = 2
commonName = Common Name (hostname, IP, or your name)
commonName_max = 64
# Default values for the above, for consistency and less typing.
# Variable name Value
0.organizationName_default = My Company
localityName_default = My Town
stateOrProvinceName_default = State or Providence
countryName_default = US
[ v3_ca ]
basicConstraints = CA:TRUE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
[ v3_req ]
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash