How to use existing csr file that created SSL with letsencrypt .It's ok or do i need to create new.

Solved! Go to solution
zinminthu
Regular Visitor

How to use existing csr file that created SSL with letsencrypt .It's ok or do i need to create new.

I confused with CSR file when i need to create CSR file to upload in Go live. because i have already csr file in my server that does not include company name , domain name , city , state like this when i created this. So i just want to know , can i use this or create new one to upload in Visa Go live Section.?

1 REPLY 1
API_Managers
Visa Developer Support Specialist

Re: How to use existing csr file that created SSL with letsencrypt .It's ok or do i need to create n

Hey @zinminthu,

 

You'll need to follow the Certificate Signing Request instructions on the Going Live guide here - 

https://developer.visa.com/pages/going-live#certificate_signing_request

 

I've copied and pasted the CSR instructions below for you too.

 

Certificate Signing Request
The Certificate Signing Request (CSR) file is required to obtain a certificate if you are using a product (API) that uses Two-Way Mutual SSL authentication. A different CSR file is required for the certification and production environments. If an API requires certification prior to going live in the production environment, you will follow this process twice. Once to obtain credentials for certification, and then again to obtain credentials for production. Credentials for certification and production will be provided once a signed relevant contract is in place between you and Visa.

 

Create a CSR File for Visa Developer Project
Two common tools for requesting mutual authentication credentials are Keytool (for Java1 implementations) and OpenSSL.

 

Using Keytool

To create a credential request using Java Keytool:

1. Create a new clientkeystore.jks, using the following keytool command:

keytool -genkeypair -alias client -keyalg RSA -keysize 2048 -keystore clientkeystore.jks -storepass <password> -keypass <password> -dname "CN=<common name>, OU=<organizational unit>, O=<organization name>, L=<city/locality name>, ST=<state name>, C=<country name>, UID=<CSR unique Id>"

 

Note: Be sure to keep this keystore file and password secure. You will need these to make runtime API calls in the certification or production environment.

 

Note: Only the following ACSII characters are allowed for all fields.

  • Space character
  • Upper case A to Z
  • Lower case a to z
  • Digits 0 to 9
  • Dash (-)


Country Name

Two-letter International Standards Organization (ISO) 3166-1 country code. For example: US

 

State Name

Name of the state or province where the server is located. Spell out the name completely (Note: do not abbreviate). For example: California

 

Locality Name

A valid city name. For example: San Francisco

 

Organization Name

Name of your organization. For example: Bank of USA

 

Organizational Unit Name

Name of your division within your organization. For example: Debit Card Processing Unit

 

Common Name

This field must be a fully qualified domain name. Format should be alias/hostname.domainname.com. This cannot have wildcard characters for hostname and hostname should not be “www”. For example: services.visa.com

 

UID

This should be the CSR Unique Id appended with ”-CERT” or “-PROD” to indicate the environment:

  • Certification environment: <UID>-CERT
  • Production environment: <UID>-PROD

 

To get the CSR Unique Id, go to the dashboard, select the Project Name for which you need to generate the CSR, and click on Settings.

 

2. Create a new CSR using the following keytool command:

keytool -certreq -alias client -keystore clientkeystore.jks -storepass <password> -keypass <password> -file certreq1.csr

 

3. Upload the CSR file (certreq1.csr) in the Going Live section of your project.

 

Using OpenSSL

To create a credential request using OpenSSL

 

1. Generate Key Pair

openssl genrsa -out example-key.pem 2048

 

For information about supplying a password to protect the key file, see the OpenSSL documentation.

 

Note: Be sure to keep this key file and password secure. You will need these to make runtime API calls in the certification or production environment.

 

2. Create a new CSR using the following OpenSSL command:

openssl req -new -sha256 -key example-key.pem -out example.csr -subj "/CN=<common name>/OU=<organization unit>/O=<organization name>/L=<city/locality name>/ST=<state name>/C=<country name>/UID=<CSR unique Id>"

 

Note: For all fields, only the following ACSII characters are allowed.

Space character

  • Upper case A to Z
  • Lower case a to z
  • Digits 0 to 9
  • Dash (-)

 

Country Name

Two-letter International Standards Organization (ISO) 3166-1 country code. For example: US

 

State Name

Name of the state or province where the server is located. Spell out the name completely (Note: do not abbreviate). For example: California

 

Locality Name

A valid city name. For example: San Francisco

 

Organization Name

Name of your organization. For example: Bank of USA

 

Organizational Unit Name

Name of your division within your organization. For example: Debit Card Processing Unit

 

Common Name

This field must be a fully qualified domain name. Format should be alias/hostname.domainname.com. This cannot have wildcard characters for hostname and hostname should not be “www”. For example: services.visa.com

 

UID

This should be the CSR Unique Id appended with”-CERT” or “-PROD” to indicate the environment:

  • Certification environment: <CSR UID>-CERT
  • Production environment: <CSR UID>-PROD

 

To get the CSR Unique Id, go to dashboard, select the Project Name for which you need to generate the CSR, and click on Settings.

 

Upload the CSR file (example.csr) in the Going Live section of your project.

 




Thanks,

Tee



Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.