Hi, Visa developer team,
when I read https://developer.visa.com/pages/working-with-visa-apis/two-way-ssl , under “Configuring Two-Way SSL Keystore with Java Keytool” section, the sample code only required import DigiCertGlobalRootCA.crt. However when I read
“Configuring a Two-Way SSL Keystore Using an Auto-generated CSR" section, it also involves VDPCA-SBX.pem, so my question is in jks as truststore case, we only need DigiCertGlobalRootCA.crt as the only certificate from Visa for SSL, is my understanding correct?
Thank you so much
Solved! Go to Solution
Thank you for your questions, @cbinton. An agent will get back to you as soon as possible. In the meantime, if any community member knows the solution, please feel free to reply here! -Jenn
Here are the steps on how to Update Java Key Store with Root Certificate and Client Certificate using Java Keytool, Add the VDP CA Root Public Certificate to the keystore, and Add the project specific certificate to the keystore.
Please see my Java Keytool commands in the below forum post link. After creating your clientkeystore.jks file and the certreq1.csr file. You will need to add the following certificates to your clientkeystore.jks file.
Please refer to this community forum post for instructions (as I've answered a similar question in this previous forum post): https://community.developer.visa.com/t5/Two-way-SSL-X-Pay-Token/Always-getting-quot-Expected-input-c...
Here are a couple of notes related to certificates: certificates are required to establish a two-way SSL connection. You will need a root certificate (VICA-SBX.pem), your application certificate (cert.pem), and also your private key.
The private key gets created when you generate your CSR, or you can download the private key from the Visa Developer website, if you chose "create a CSR for me" option, while creating your Visa Developer App.
Once you have all three files in your local directory, you will need to combine them into a key store. You can decide whether to use java key store (JKS) or PKCS (P12) key store, depending on what your development environment requires. There are sections in “getting started” ->“Using two-way SSL” (https://developer.visa.com/pages/working-with-visa-apis/two-way-ssl), that describe how to create each type of key store, please follow those steps. Note, that the root certificate is not needed for a P12 file, you can create a P12 file out of two files: private key and cert.pem.