Re: Does Two-way ssl trusttore only require DigiCertGlobalRootCA.crt?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, Visa developer team,
when I read https://developer.visa.com/pages/working-with-visa-apis/two-way-ssl , under “Configuring Two-Way SSL Keystore with Java Keytool” section, the sample code only required import DigiCertGlobalRootCA.crt. However when I read
“Configuring a Two-Way SSL Keystore Using an Auto-generated CSR" section, it also involves VDPCA-SBX.pem, so my question is in jks as truststore case, we only need DigiCertGlobalRootCA.crt as the only certificate from Visa for SSL, is my understanding correct?
Thank you so much
Solved! Go to Solution
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Does Two-way ssl trusttore only require DigiCertGlobalRootCA.crt?
follow-up:
1. compared with these step:
in jks as truststore case, there is no need to do step 4 and 5, right? Thank you
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Does Two-way ssl trusttore only require DigiCertGlobalRootCA.crt?
and if possible, is there any complete sample code for jks as truststore case? thanks
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Does Two-way ssl trusttore only require DigiCertGlobalRootCA.crt?
Thank you for your questions, @cbinton. An agent will get back to you as soon as possible. In the meantime, if any community member knows the solution, please feel free to reply here! -Jenn
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Does Two-way ssl trusttore only require DigiCertGlobalRootCA.crt?
Hi, Jenn, any update?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Does Two-way ssl trusttore only require DigiCertGlobalRootCA.crt?
just want to confirm DigiCertGlobalRootCA.crt is the only certificate for SSL truststore from Visa
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @cbinton,
Here are the steps on how to Update Java Key Store with Root Certificate and Client Certificate using Java Keytool, Add the VDP CA Root Public Certificate to the keystore, and Add the project specific certificate to the keystore.
Please see my Java Keytool commands in the below forum post link. After creating your clientkeystore.jks file and the certreq1.csr file. You will need to add the following certificates to your clientkeystore.jks file.
Please refer to this community forum post for instructions (as I've answered a similar question in this previous forum post): https://community.developer.visa.com/t5/Two-way-SSL-X-Pay-Token/Always-getting-quot-Expected-input-c...
Thanks,
Diana
Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Does Two-way ssl trusttore only require DigiCertGlobalRootCA.crt?
In another Visa postman test doc https://community.developer.visa.com/t5/Two-way-SSL-X-Pay-Token/How-to-run-the-Hello-World-API-with-...
it also mentioned to download DigiCertGlobalRootCA.crt. an VDPCA-SBX.pem, but never used in postman helloworld test
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Does Two-way ssl trusttore only require DigiCertGlobalRootCA.crt?
Hi @cbinton,
Here are a couple of notes related to certificates: certificates are required to establish a two-way SSL connection. You will need a root certificate (VICA-SBX.pem), your application certificate (cert.pem), and also your private key.
The private key gets created when you generate your CSR, or you can download the private key from the Visa Developer website, if you chose "create a CSR for me" option, while creating your Visa Developer App.
Once you have all three files in your local directory, you will need to combine them into a key store. You can decide whether to use java key store (JKS) or PKCS (P12) key store, depending on what your development environment requires. There are sections in “getting started” ->“Using two-way SSL” (https://developer.visa.com/pages/working-with-visa-apis/two-way-ssl), that describe how to create each type of key store, please follow those steps. Note, that the root certificate is not needed for a P12 file, you can create a P12 file out of two files: private key and cert.pem.
You can also refer to our Visa Developer Quick Start Guide for Developers here: https://developer.visa.com/pages/working-with-visa-apis/visa-developer-quick-start-guide