Re: CSR Verification

Solved! Go to solution
alex23_mj
Regular Visitor

CSR Verification

Hi there, 

 

I'm trying to verify my CSR for Visa checkout so I can promote my project, but I haven't had any luck. Been using openssl and filling in the necessary info, however, when using Visa's CSR UID I keep getting an "invalid CSR UID" message. If anybody's done this, please help 😄

 

Thanks !

11 REPLIES 11
API_Products
Visa Developer Support Specialist

Re: CSR Verification

Hello,

 

Thanks for posting your question to the Visa Community Forum. If you are currently in Sandbox then the UID is not needed in the CSR while the project is in Sandbox.

 

To generate/create a CSR, please follow the getting started guide https://developer.visa.com/vdpguide#get-started-overview. The instructions provided on how to generate/create a CSR file is in chronological order. Please follow the getting started guide and on the left navigation guide, select Two-Way SSL (Mutual Authentication) https://developer.visa.com/vdpguide#twoway_ssl_mutual_authentication. This guide will walk you through on how to auto generate the CSR or create your CSR.

 

Please let me know if you have other questions.

 

Thank you,

Diana

Visa Developer Team




Thanks,

Diana



Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.

LakshanFernando
Community Moderator

Re: CSR Verification

Hi Alex,

Please refer the documentation Diana has advised in her reply.

Also make sure following is the format of your openssl command when generating the CSR file.

 

You have to include all the parameters, subject details in to the single line command.

Also please note that there is "-PROD" as a suffix to UID value.

 

 

Openssl req -new -key C:\TestPrivateKey.pem -out C: \TestCSR.pem -subj "/emailAddress=ProjectOwnerEmail@domain.com/UID=yourProjectUIDValue-PROD/CN=Your-FQDN/O=YourOrg/OU=YourOU/C=SG/ST=YourState/L=YourCity" -config "C:\temp\openssl.cnf"

 

Thanks

Lakshan

bradt
Regular Visitor

Re: CSR Verification

I am using OpenSSL on Windows 10.  I downloaded and installed OpenSSL-Win64 (OpenSSL Light).  However, I don't have an openssl.cnf file.  Did your install include the file or did you create the file?

LakshanFernando
Community Moderator

Re: CSR Verification

Hi,

You can create a config file for your own using a template that can be searched and downloaded from the internet. 

And you can explicitly specify the path to it  in your openssl command.

 

 

Thanks

Lakshan 

bradt
Regular Visitor

Re: CSR Verification

Thanks for the quick response to my last question.

 

Do you get this error

11892:error:2406F079:random number generator:RAND_load_file:Cannot open file:crypto\rand\randfile.c:88:Filename=./.rnd

 

And can it be ignored?  I found a post on the openssl github site that indicates it isn't necessary and recommends removing RANDFILE= from openssl.cnf.

 

bradt
Regular Visitor

Re: CSR Verification

Thanks again.

No need to reply to my previous post.

I created an openssl.cfg by copying an example I found.  It doesn't include a RANDFILE= line 

 

I ran this command to create a private key and the csr and there were no errors.

 

openssl req -new -keyout PrivateKey.pem -out Request.csr  -subj "/emailAddress=me@myjob.com/UID=xxxxxxx-8950-49ba-bd12-5f07b67961b5-CERT/CN=www.myjob.com/O=My Company LLC/OU=Payments/C=US/ST=MyState/L=MyCity" -config "openssl.cnf"

 

 

For those who are curious, I found this sample config file and used it without edit

 

#
# OpenSSL configuration file.
#

# Establish working directory.

dir = .

[ ca ]
default_ca = CA_default

[ CA_default ]
serial = $dir/serial
database = $dir/certindex.txt
new_certs_dir = $dir/certs
certificate = $dir/cacert.pem
private_key = $dir/private/cakey.pem
default_days = 365
default_md = md5
preserve = no
email_in_dn = no
nameopt = default_ca
certopt = default_ca
policy = policy_match

[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional

[ req ]
default_bits = 1024 # Size of keys
default_keyfile = key.pem # name of generated keys
default_md = md5 # message digest algorithm
string_mask = nombstr # permitted characters
distinguished_name = req_distinguished_name
req_extensions = v3_req

[ req_distinguished_name ]
# Variable name Prompt string
#------------------------- ----------------------------------
0.organizationName = Organization Name (company)
organizationalUnitName = Organizational Unit Name (department, division)
emailAddress = Email Address
emailAddress_max = 40
localityName = Locality Name (city, district)
stateOrProvinceName = State or Province Name (full name)
countryName = Country Name (2 letter code)
countryName_min = 2
countryName_max = 2
commonName = Common Name (hostname, IP, or your name)
commonName_max = 64

# Default values for the above, for consistency and less typing.
# Variable name Value
#------------------------ ------------------------------
0.organizationName_default = My Company
localityName_default = My Town
stateOrProvinceName_default = State or Providence
countryName_default = US

[ v3_ca ]
basicConstraints = CA:TRUE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always

[ v3_req ]
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash

 

nancyjehy
Newbie

Re: CSR Verification

Tesco Payslipview Portal for its employees is www. payslipview. com. From here they can access their payslipsview every month. Tesco has a vast number of employees and it helps in employee data management.

 
sitimiyuwo
Newbie

Re: CSR Verification

PayMyDoctor is the online payment process. It also provides the best process such as patient engagement and care coordination, management and electronic health record technology. Many physician users get the best solutions and huge extended care organizations. However, it is one of the best services and also saves time to patient’s complete information are available in the pay my doctor site.

API_Products
Visa Developer Support Specialist

Re: CSR Verification

Hi bradt,

 

Thanks for providing us with your solution!

 

                             

 

 




Thanks,

Diana



Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.