Hi @vrongre,
The Certificate Signing Request (CSR) is a prerequisite to get your application certificate (cert.pem), which is required to establish a two-way SSL connection. You'll also need a root certificate (VICA-SBX.pem) and your private key.
There's two options to generate a Certificate Signing Request (CSR):
Have Visa generate a CSR for you (this is often recommended)
Select "generate a CSR from me" when you create a new Visa Developer application. Select this option, and Visa will generate a CSR for you, and you'll be prompted to save your private key file when it's downloaded through your browser. Once you save your private key, go to your Visa app page and download your client certificate (cert.pem), as well as your root certificate (VICA-SBX.pem). You'll then have everything you need to create a key store.
Generate your own CSR
You can choose to create your own CSR. The Visa Developer Getting Started Guide provides detailed steps on how to generate CSRs: https://developer.visa.com/vdpguide#twowayssl. Please note, you have to fill out all the required fields in your Certificate Request. Also know that the organization name and unit fields do not accept punctuation characters – your CSR will be invalid if you use these characters. Once you have a CSR file, go ahead and create a Visa app, choose "Submit my own CSR", and upload your CSR file. During the CSR creation process, take note of the file containing your private key. Once you upload your CSR, go to your Visa app page, and download your client certificate (cert.pem), as well as your root certificate (VICA-SBX.pem). You'll then have everything you need to create a key store.
Continuing to the Key Store
Once you have a private key and two certificate files in your local directory, you'll need to combine them into a key store. You can decide whether to use Java Key Store (JKS) or PKCS (P12) key store, depending on what your development environment requires. There are sections in “getting started” ->“Using two-way SSL” (https://developer.visa.com/vdpguide#twowayssl), that describe how to create each type of key store, please follow those steps. Note, that the root certificate is not needed for a P12 file, you can create a P12 file out of two files: private key and cert.pem