Hello,

Thanks for posting your question to the Visa Community Forum. If you are currently in Sandbox then the UID is not needed in the CSR while the project is in Sandbox.

To generate/create a CSR, please follow the getting started guide https://developer.visa.com/vdpguide#get-started-overview. The instructions provided on how to generate/create a CSR file is in chronological order. Please follow the getting started guide and on the left navigation guide, select Two-Way SSL (Mutual Authentication) https://developer.visa.com/vdpguide#twoway_ssl_mutual_authentication. This guide will walk you through on how to auto generate the CSR or create your CSR.

Please let me know if you have other questions.

Thank you,

Diana

Visa Developer Team

Hi Alex,

Please refer the documentation Diana has advised in her reply.

Also make sure following is the format of your openssl command when generating the CSR file.

You have to include all the parameters, subject details in to the single line command.

Also please note that there is "-PROD" as a suffix to UID value.

Openssl req -new -key C:\TestPrivateKey.pem -out C: \TestCSR.pem -subj "/emailAddress=ProjectOwnerEmail@domain.com/UID=yourProjectUIDValue-PROD/CN=Your-FQDN/O=YourOrg/OU=YourOU/C=SG/ST=YourState/L=YourCity" -config "C:\temp\openssl.cnf"

Thanks

Lakshan

Thanks again.

No need to reply to my previous post.

I created an openssl.cfg by copying an example I found.  It doesn't include a RANDFILE= line 

I ran this command to create a private key and the csr and there were no errors.

openssl req -new -keyout PrivateKey.pem -out Request.csr  -subj "/emailAddress=me@myjob.com/UID=xxxxxxx-8950-49ba-bd12-5f07b67961b5-CERT/CN=www.myjob.com/O=My Company LLC/OU=Payments/C=US/ST=MyState/L=MyCity" -config "openssl.cnf"

For those who are curious, I found this sample config file and used it without edit

#
# OpenSSL configuration file.
#

# Establish working directory.

dir = .

[ ca ]
default_ca = CA_default

[ CA_default ]
serial = $dir/serial
database = $dir/certindex.txt
new_certs_dir = $dir/certs
certificate = $dir/cacert.pem
private_key = $dir/private/cakey.pem
default_days = 365
default_md = md5
preserve = no
email_in_dn = no
nameopt = default_ca
certopt = default_ca
policy = policy_match

[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional

[ req ]
default_bits = 1024 # Size of keys
default_keyfile = key.pem # name of generated keys
default_md = md5 # message digest algorithm
string_mask = nombstr # permitted characters
distinguished_name = req_distinguished_name
req_extensions = v3_req

[ req_distinguished_name ]
# Variable name Prompt string
#------------------------- ----------------------------------
0.organizationName = Organization Name (company)
organizationalUnitName = Organizational Unit Name (department, division)
emailAddress = Email Address
emailAddress_max = 40
localityName = Locality Name (city, district)
stateOrProvinceName = State or Province Name (full name)
countryName = Country Name (2 letter code)
countryName_min = 2
countryName_max = 2
commonName = Common Name (hostname, IP, or your name)
commonName_max = 64

# Default values for the above, for consistency and less typing.
# Variable name Value
#------------------------ ------------------------------
0.organizationName_default = My Company
localityName_default = My Town
stateOrProvinceName_default = State or Providence
countryName_default = US

[ v3_ca ]
basicConstraints = CA:TRUE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always

[ v3_req ]
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash