SRT1905
New Contributor

VDP root CA for Production environment

Hello!

 

I've been exploring the Two-Way SSL guide and stumbled across this section.

https://developer.visa.com/pages/working-with-visa-apis/two-way-ssl#configuring_twoway_ssl_keystore_... 

 

Suppose that I want to configuring the keystore with OpenSSL.

The guide states that all I need are certificate file from VDP and private key file.

I see the following note after the last step:

Note: The Visa Developer sandbox does not validate the VDP root CA, so you do not have to include it in your P12 keystore. However, the root certificate is required when you create your Java Key Store, because you cannot add the client certificate to the JKS file without the root certificate. During the actual SSL handshake, the VDP sandbox does not validate the root certificate, so both JKS with the root cert and P12 without the root certificate will work equally well.

 

I'm confused about part "During the actual SSL handshake, the VDP sandbox does not validate the root certificate, so both JKS with the root cert and P12 without the root certificate will work equally well.".

It says that VDP sandbox does not validate the root certificate.

Will this validation occur on production environment? Do I have to create a bundle using certificate chain specifically for production (even for P12 bundle)?

 

Thank you.

2 REPLIES 2
jenn_kh
Community Moderator

Re: VDP root CA for Production environment

Thank you for reaching out, @SRT1905. Our agent will get back to you as soon as possible. Until then, if any community member knows the solution, please share it here! -Jenn

SLi
Visa Developer Support Specialist
Visa Developer Support Specialist

Re: VDP root CA for Production environment

Hi @SRT1905,

 

The root certificate validation will happen in the certification and production environments. When you are ready to submit your sandbox project to the higher environments, you will be provided new certificates for the certification or production environment with instructions to create the keystores and import the root certificate authority. Please let us know if you have any further questions.


Best,
Stacey

Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.