Does Two-way ssl trusttore only require DigiCertGlobalRootCA.crt?

Solved! Go to solution
cbinton
Helper

Does Two-way ssl trusttore only require DigiCertGlobalRootCA.crt?


Hi, Visa developer team,

when I read https://developer.visa.com/pages/working-with-visa-apis/two-way-ssl , under “Configuring Two-Way SSL Keystore with Java Keytool” section, the sample code only required import DigiCertGlobalRootCA.crt. However when I read
“Configuring a Two-Way SSL Keystore Using an Auto-generated CSR" section, it also involves VDPCA-SBX.pem, so my question is in jks as truststore case, we only need DigiCertGlobalRootCA.crt as the only certificate from Visa for SSL, is my understanding correct?


Thank you so much

8 REPLIES 8
cbinton
Helper

Re: Does Two-way ssl trusttore only require DigiCertGlobalRootCA.crt?

follow-up:

 

1. compared with these step:

Screen Shot 2022-06-24 at 12.42.18 PM.png

in jks as truststore case, there is no need to do step 4 and 5, right?  Thank you

cbinton
Helper

Re: Does Two-way ssl trusttore only require DigiCertGlobalRootCA.crt?

and if possible, is there any complete sample code for jks as truststore case?  thanks

jenn_kh
Community Moderator

Re: Does Two-way ssl trusttore only require DigiCertGlobalRootCA.crt?

Thank you for your questions, @cbinton. An agent will get back to you as soon as possible. In the meantime, if any community member knows the solution, please feel free to reply here! -Jenn

cbinton
Helper

Re: Does Two-way ssl trusttore only require DigiCertGlobalRootCA.crt?

Hi,  Jenn, any update?

cbinton
Helper

Re: Does Two-way ssl trusttore only require DigiCertGlobalRootCA.crt?

hi , @jenn_kh , any update?

just want to confirm DigiCertGlobalRootCA.crt is the only certificate for SSL truststore from Visa
API_Products
Visa Developer Support Specialist

Re: Does Two-way ssl trusttore only require DigiCertGlobalRootCA.crt?

Hi @cbinton,

 

Here are the steps on how to Update Java Key Store with Root Certificate and Client Certificate using Java Keytool, Add the VDP CA Root Public Certificate to the keystore, and Add the project specific certificate to the keystore.

 

Please see my Java Keytool commands in the below forum post link. After creating your clientkeystore.jks file and the certreq1.csr file. You will need to add the following certificates to your clientkeystore.jks file.

 

Please refer to this community forum post for instructions (as I've answered a similar question in this previous forum post): https://community.developer.visa.com/t5/Two-way-SSL-X-Pay-Token/Always-getting-quot-Expected-input-c... 

 




Thanks,

Tee



Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.

cbinton
Helper

Re: Does Two-way ssl trusttore only require DigiCertGlobalRootCA.crt?

hi, Diana, thanks for your reply, I am still confusing on what are the difference between DigiCertGlobalRootCA.crt. an VDPCA-SBX.pem ?

In another Visa postman test doc https://community.developer.visa.com/t5/Two-way-SSL-X-Pay-Token/How-to-run-the-Hello-World-API-with-...

it also mentioned to download DigiCertGlobalRootCA.crt. an VDPCA-SBX.pem, but never used in postman helloworld test

API_Products
Visa Developer Support Specialist

Re: Does Two-way ssl trusttore only require DigiCertGlobalRootCA.crt?

Hi @cbinton,

 

Here are a couple of notes related to certificates: certificates are required to establish a two-way SSL connection. You will need a root certificate (VICA-SBX.pem), your application certificate (cert.pem), and also your private key.

 

The private key gets created when you generate your CSR, or you can download the private key from the Visa Developer website, if you chose "create a CSR for me" option, while creating your Visa Developer App.

 

Once you have all three files in your local directory, you will need to combine them into a key store. You can decide whether to use java key store (JKS) or PKCS (P12) key store, depending on what your development environment requires. There are sections in “getting started” ->“Using two-way SSL” (https://developer.visa.com/pages/working-with-visa-apis/two-way-ssl), that describe how to create each type of key store, please follow those steps. Note, that the root certificate is not needed for a P12 file, you can create a P12 file out of two files: private key and cert.pem.

 

You can also refer to our Visa Developer Quick Start Guide for Developers here: https://developer.visa.com/pages/working-with-visa-apis/visa-developer-quick-start-guide 




Thanks,

Tee



Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.