Is there a way to create p12 for mle?

Dakuan
New Contributor

Re: How to run C# Sample Code for MLE

Hi there. 

I am try to use your code to call Card On File data inquiry endpoint and I got an error said" Expected input credential was not present". Details below:

COF-Code.PNG

The error is :

COF-error.PNG

 

Could you please advise. Thanks

 

Dakuan
New Contributor

Re: How to run C# Sample Code for MLE

By the way, you may need to check the header details below:
// Add headers
request.Headers["Authorization"] = GetBasicAuthHeader(VisaCardOnFileSettings.TwoWaySslUserId, VisaCardOnFileSettings.TwoWaySslPassword);
request.Headers["ex-correlation-id"] = GetCorrelationId();
request.Headers["keyId"] = VisaCardOnFileSettings.MleKeyId;

shameem
Visa Employee

Re: How to run C# Sample Code for MLE

Hi @Dakuan ,

 

We have tested the C# sample code in the tutorial and it works fine.

 

Kindly note for 2-Way SSL, you don't need to provide the Root and Intermediate certificate.

 

I would suggest you to take the sample code provided in this tutorial as it is, replace with your credentials and add the below function with the VDP Sample Payload.

 

public string CardOnFileDataService()
        {
            string localTransactionDateTime = DateTime.Now.ToString("yyyy-MM-dd'T'HH:mm:ss");
            string requestBody = "{\"requestHeader\":{\"requestMessageId\":\"6da6b8b024532a2e0eacb1af58581\",\"messageDateTime\":\"2019-02-3505:25:12.327\"},\"requestData\":{\"pANs\":[4072208010000000],\"group\":\"STANDARD\"}}";

            string requestURL = "cofds-web/v1/datainfo";

            return GetDecryptedPayload(DoMutualAuthCall(requestURL, "POST", "Card On File Data Service With MLE", getEncryptedPayload(requestBody), null));
        }

And using the below main function to execute the API call.

static void Main(string[] args)
{
   Program p = new Program();
   string decryptedPayload = p.CardOnFileDataService();
   Console.WriteLine("Decrypted Response\n" + decryptedPayload);
}

 

Please give it a try and let us know if you face any further issue.

 

Thank you

Dakuan
New Contributor

Re: How to run C# Sample Code for MLE

Thanks @shameem.
After replace your example, I still got same issue. 😞

The certificate that I am using here
var clientCertificate = new X509Certificate2(VisaCardOnFileSettings.TwoWaySslClientCertificateP12Path,
VisaCardOnFileSettings.TwoWaySslClientCertificateP12Password);
request.ClientCertificates.Add(clientCertificate);
I got this certificate via openssl, it was from the private key (I download when project created) and client cert, is that correct?

Also I have downloaded another key after I enabled mle, after click add CSR button. but seems like I am not using this key in the code. It could be the issue?

Thanks.
shameem
Visa Employee

Re: How to run C# Sample Code for MLE

Hi @Dakuan ,

 

This looks more like an issue with your p12 file created.

 

Could you please double check the .p12 contains both the private and the public key.  The below command should list the certificates in the .p12 file

openssl pkcs12 -info -in cert.p12

 

Kindly note that the the 2-Way SSL Certificate Subject contains the UID of your project and corresponding Key file with the same UID (in the file name) which you have downloaded, should be used to created the P12 file.

 

openssl pkcs12 -export -inkey key_<UID / PROJECT ID>.pem -in cert.pem -out cert.p12


The MLE private key is used for decrypting the response. Note that MLE Certificates and key contains the MLE Key ID so not to be confused with the 2Way SSL certificate.

//For MLE
public static string keyId = "<MLE_KEY_ID>";
public static string mleClientPrivateKey = "<PATH>/server_cert_<MLE_KEY_ID>.pem";
public static string mleServerPublicCertificate = "<PATH>/key_<MLE_KEY_ID>.pem"; 

 

I hope that helps.

 

Thank you

SeM
Regular Visitor

Is there a way to create p12 for mle?

I would've liked to use p12 files, to install the certificate to the store and use that from there, instead of using .pem files directly. Is that possible?

shameem
Visa Employee

Re: Is there a way to create p12 for mle?

Hi SeM,

Yes this is possible. You will need to load/read the PKCS#12 (P12) file programmatically and load the public & private keys or certificate by it's alias name.

By doing, you can pass the RSA (public or private) objects to the MLE functions for encryption and decryption.

I hope that helps.

Thank you.
SeM
Regular Visitor

Re: Is there a way to create p12 for mle?

Hello Shameem, thanks for the reply. The thing is that when I use OpenSSL to create the p12 bundle,

 

openssl pkcs12 -export -in server_cert_ae2c7ac6-764b-4792-b16e-de3205de79b3.pem -inkey private-key_rsa.key -out VisaCert.p12

 

we get error: No certificate matches private key

 

with the client_cert_*.pem, I was able to create the p12 bundle, but the problem is the encryption is wrong with the client certificate and in your example you were using server certificate to encrypt the message.

API_Products
Visa Developer Support Specialist

Re: Is there a way to create p12 for mle?

Hi @SeM,

 

Are you still experiencing an error? Please follow the Quick Start Guide for Developers

 step-by-step in its specific order. Additionally, you can try to test using the Visa Developer Center Playground, you can access the guide here: https://developer.visa.com/pages/visa-developer-center-playground. Please follow these steps and share your result with us.




Thanks,

Diana



Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.

SeM
Regular Visitor

Re: Is there a way to create p12 for mle?

Hi @API_Products,

I did a workaround to solve the problem, by referencing the ".pem" file directly into my project, which is actually not what I wanted, but it works, also that method was shown in an example project I found on your website.