Skip to content

Instantly share code, notes, and snippets.

@MiguelAlcaino
Last active August 19, 2024 11:20
Show Gist options
  • Save MiguelAlcaino/320780ac29210f312a7647fd5785566e to your computer and use it in GitHub Desktop.
Save MiguelAlcaino/320780ac29210f312a7647fd5785566e to your computer and use it in GitHub Desktop.
Apple Pay web integration with PHP (for Amazon payment services former Payfort)

I haven't seen any clear instructions to do this in internet, so I hope it comes handy to someone.

To get the to the certs section of the Apple Developer portal:

  • Go to https://developer.apple.com/account/resources/identifiers/list/merchant.
  • Select identifiers.
  • At the side of the magnifier icon (to filter), click on Merchant IDs.
  • Now click on the + icon to add a new record. Now Make sure that Merchant IDs is selected and click Continue.
  • In Description type a representative name for this Merchant ID record (I use Name of the Bussiness + ENV, like Awesome cakes test) and Identifier use the reverse-domain name style here (it's up to you it's just an id, I use merchant.com.awesomecakes.myapp.test).
  • Click on Continue and click Register.
  • Now you are back to the list of Merchant IDs and you'll see your new record there, click it and now you'll see the Edit and Configure MerchantID

Generate the p12 file to be submitted to Payfort out of an Apple Pay Payment Processing Certificate

Creating the .cer (Apple Pay Payment Processing Certificate) and .key (private key) files for use in Apple Pay integration typically involves the following steps:

Step 1: Generate a Certificate Signing Request (CSR)

Before obtaining the certificate and private key, you need to generate a Certificate Signing Request (CSR). The CSR includes your public key and essential information about your organization and domain. You can create a CSR using the openssl req command. Replace the placeholders with your actual information.

openssl req -new -newkey ec -pkeyopt ec_paramgen_curve:P-256 -nodes -keyout your_ecc_private_key.key -out your_ecc_csr.csr

This command generates a private key (your_ecc_private_key.key) and a CSR (your_ecc_csr.csr) in the current directory. You'll be prompted to enter information like your organization, common name (typically your domain name), and optional details.

Step 2: Submit the CSR to a Certificate Authority (CA)

Submit your CSR to a trusted Certificate Authority (CA) that supports Apple Pay certificate issuance. You may need to follow specific instructions provided by the CA.

Step 3: Receive the Apple Pay Payment Processing Certificate

The CA will validate your CSR and issue an Apple Pay Payment Processing Certificate (.cer file) that matches your CSR. They will typically provide you with the .cer file.

Step 4: Combine the Certificate and Private Key

Once you have received the .cer file, you can combine it with the private key generated in Step 1 to create a .p12 file. Use the following openssl pkcs12 command:

openssl pkcs12 -export -out your_apple_pay.p12 -inkey your_ecc_private_key.key -in your_apple_pay.cer

Replace your_apple_pay.p12, your_private_key.key, and your_apple_pay.cer with the desired output .p12 file path, your private key file path, and the Apple Pay Payment Processing Certificate file path, respectively. You'll be prompted to set an export password for the .p12 file.

Step 5: Provide the .p12 File to PayFort

The generated .p12 file should be provided to PayFort for your Apple Pay configuration.

Generate the .pem files to be used in the server to validate the merchant out of an Apple Pay Merchant Identity Certificate

Do the following steps in a new folder (different to the one used in the previous section)

Generate the CSR and Private Key:

Use the openssl req command to create the CSR and private key. Ensure you use the ECC (Elliptic Curve Cryptography) algorithm with a 256-bit key size, as it is a requirement for Apple Pay. Replace the placeholders with your actual information:

openssl req -new -newkey rsa:2048 -nodes -keyout your_rsa_private_key.key -out your_csr.csr
  • new: Create a new CSR.
  • newkey rsa:2048: Generate a new RSA key pair with a 2048-bit key size.
  • nodes: Do not encrypt the private key with a password (optional).
  • keyout your_rsa_private_key.key: Specify the path and filename for the RSA private key.
  • out your_csr.csr: Specify the path and filename for the CSR.

Click on the Create Certificate button under the "Apple Pay Merchant Identity Certificate" section and submit the your_csr.csr file and save the downloaded file.

With the downloaded file, go to your terminal and run the following command:

openssl pkcs12 -export -out your_merchant_identity.p12 -inkey your_rsa_private_key.key -in merchant_id.cer
openssl pkcs12 -in your_merchant_identity.p12 -out ApplePay.crt.pem -clcerts -nokeys
openssl pkcs12 -in your_merchant_identity.p12 -out ApplePay.key.pem -nocerts

Use the ApplePay.crt.pem and ApplePay.key.pem files in your server to verify the merchant identity.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment