Guides
Start typing to search…

How to Generate Apple Pay Certificates

How to integrate Apple Pay API on an IOS App

https://developer.apple.com/documentation/passkit/apple-pay

📘

The integration of the Apple Pay API on your IOS App is solely provided by Apple. Approvely is unable to assist in development questions related to the native Apple Pay API

Generate Your Decryption Keys

Run the following commands to generate your keys:

Shell

openssl ecparam -out private.key -name prime256v1 -genkey openssl req -new -sha256 -key private.key -nodes -out request.csr

Apple Developer Certificate Manager Setup

  • Go to the Apple Developer Certificate Manager.

  • Make sure you have a Merchant ID. Navigate to Identifiers => Merchant IDs to verify you have one. If not, create one.

  • Go to Certificates => All, then click the + button in the top right.

  • Select Apple Pay Payment Processing Certificate and proceed through the setup.

  • Upload the .csr file you created (request.csr).

    Note: .csr is the same as .certSigningRequest

  • Download the file, which will download as apple_pay.cer. You need this file to create the key.


Create the Key File

`openssl x509 -inform DER -outform PEM -in apple_pay.cer -out temp.pem   openssl pkcs12 -export -out key.p12 -inkey private.key -in temp.pem`

Important: You will need to password protect your .p12 file. Keep that password somewhere secure.

Convert to PEM Files

You now have the two files you need to decrypt Apple Pay tokens, but before you can do that, you need to convert them into .pem files.

Run the following commands to convert them to .pem files:

`openssl x509 -inform DER -outform PEM -in apple_pay.cer -out certPem.pem   openssl pkcs12 -in key.p12 -out privatePem.pem -nocerts -nodes`

Expected Output Files

After completing all steps, you should have:

Certificate File (certPem.pem)

\-----BEGIN CERTIFICATE-----   MIIEfzCCBCagAwIBAgIIcDQ4Fbx2jWYwCgYIKoZIzj0EAwIwgYAxNDAyBgNVBAMM   K0FwcGxlIFdvcmxkd2lkZSBEZXZlbG9wZXIgUmVsYXRpb25zIENBIC0gRzIxJjAk   BgNVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKDApB   cHBsZSBJbmMuMQswCQYDVQQGEwJVUzAeFw0xOTAyMjMxNDU2NDFaFw0yMTAzMjQx   NDU2NDFaMIGxMTAwLgYKCZImiZPyLGQBAQwgbWVyY2hhbnQuY29tLmdyYXRpdHVk   ZS5ncmF0aXR1ZGUxRjBEBgNVBAMMPUFwcGxlIFBheSBQYXltZW50IFByb2Nlc3Np   iWlORp7+MRSeIt3sEdnWIhY29xvHSdXgMT6kpaUupattcKtlHnLiYlTJHRRCO20x   2thoxaQriM+gFSnAyzrdaOnVTJHRRCO20xxcarcjHFr9GHRVsoysRC/ThwAqMaTs   XEV5VwHqpLuvzOca/+A5Q1MEkhH4lgNrqs5AhKkI1WZv2AWErjxkXBehvZy5C51n   RNcJ4KOAHTePfdrkQ3YVcyMnTlz2QBT8K/uLkoG/H1U8nNfaxwA5m6FDLoVXatC2   oGI+ctCv5Ge2SsEPaUqJ7zE3BU4UsbRvwiXwbWW42YZ2V2wvASdTiXw3/nv7apD4   H+PXFQuC86CSKNKV58jFZZNQoTlU0K+0rBR63ps4bBonVg4Bp2EBntFu5Du/rXMo   U5qxOgbh3/ZNtUT52AQicdJ0c+IgVYP6sGhVGorxMS0lFQ67qaj6luRaqzVovcGl   wa7DzQxcl0HZh2M/Wj9v2d+oGjlINlD9SAlWA/dWXrQF6kzEMoOJKBakO1SRVwD2   9UMDoM5JUK+iBteSFp6iHB7wyfb8VMwzzU3aSWDC+zrsbGXgQsFJ9ZClMyu/aiWs   rbugF9EtKocCWbODlxbRBp310XkPVcOKamZ0UI8P3+AvuMeXdnrFzUUBZnXU8bWM   RuIiK0QZobngHsRO3J/oT1h9URFflg7MrvbAyHTBPv5bSztOPcxOEIfwd+opq6Bc   MXZ+0fErpK5YW7jcahrPRp63e3FZjiKrHWZPFXXOH3N30VKRMDsKbZepNWu4glVb   YwKcj8BAm4LvxkCLODZVIsqYZbNTzyTWbKiz7G53Rt6XqFaQVlqlSxvA97SUfq62   RNcJ4KOAHTePfdrkQ3YVcyMnTlz2QBT8K/uLkoG/H1U8nNfaxwA5m6FDLoVXatC2   8nG5lEs5hYJ2WG9Yo39m1gyCHeNse5sOrph9Dq7tro5mO+nX3XaVaIi3MHFl9Hq6   uMetisso8rg633J/YpJipiz6MOdpf7Q7LqX6M0i3x4BJZfIa3xZPsUoEYObyGTJI   OtAJHpvnTIoDhBApBiH/sDq97pzcsl4VkngxxEiTEjXYQEIhcVQpG6lU6rX9+ekQ   qDRXQRMETBev1j7Y1w/v2K0CIAlnnXPVX52g5FTadoFyVq2a91sA4ao44VabMaz8   W5k1   -----END CERTIFICATE-----\`

Private Key File (privatePem.pem)

`Bag Attributes       localKeyID: 90 C8 20 E7 8A 2A E5 7E 33 06 FD C5 43 47 9F 15 2F DE 73 90   Key Attributes: <No Attributes>   -----BEGIN PRIVATE KEY-----   8nG5lEs5hYJ2WG9Yo39m1gyCHeNse5sOrph9Dq7tro5mO+nX3XaVaIi3MHFl9Hq6   YwKcj8BAm4LvxkCLODZVIsqYZbNTzyTWbKiz7G53Rt6XqFaQVlqlSxvA97SUfq62   qDRXQRMETBev1j7Y1w/v2K0CIAlnnXPVX52g5FTadoFyVq2a91sA4ao4   -----END PRIVATE KEY-----`

Generate Merchant ID Certificate

Finally, to generate the merchant ID certificate...

Generate Merchant ID Certificate

In Apple Pay Developer Console

  1. In Certificates, Identifiers & Profiles, click Identifiers in the sidebar, then select Merchant IDs from the pop-up menu on the top right.
  2. On the right, select your merchant identifier.
  3. Under Apple Pay Merchant Identity Certificate, click Create Certificate.

Generate Certificate Request

  1. Launch Keychain Access located in /Applications/Utilities.
  2. Choose Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority.
  3. In the Certificate Assistant dialog, enter an email address in the User Email Address field.
  4. In the Common Name field, enter a name for the key (for example, "Gita Kumar Dev Key"). Remember this name.
  5. Leave the CA Email Address field empty.
  6. Choose "Saved to disk," then click Continue.

Upload Certificate Request

  1. In Apple Developer Console, click Choose File.
  2. In the dialog that appears, select the certificate request file (a file with a .certSigningRequest file extension), then click Choose.
  3. Click Continue.
  4. Click Download - This will download a merchant_id.cer file.

Export Private Key from Keychain Access

  1. Open Keychain Access (Applications > Utilities > Keychain Access)
  2. Find your certificate (search for the common name field from above)
  3. Right-click on the private key and select "Export"
  4. Choose the Personal Information Exchange (.p12) format
  5. Save the file (e.g., as "merchant_id.p12")
  6. You'll be asked to create a password for this export (remember it)

Now you should have 2 main files: merchant_id.cer and common_name.p12

Convert and Combine Certificates


# Extract the private key with Bag Attributes from the p12 file openssl pkcs12 -in main.merchant.coinflow_2025.p12 -out private_key_temp.pem -nodes  # Convert the Apple certificate to PEM format openssl x509 -inform der -in merchant_id.cer -out certificate_temp.pem  # Combine them into the final file cat certificate_temp.pem private_key_temp.pem > merchant-id-cert.pem  # Clean up temporary files rm private_key_temp.pem certificate_temp.pem\`

At the end of this you should have a file that looks like this:


`-----BEGIN CERTIFICATE-----   K2dMZezpllc1LpfVw4WNJ+mKuVCk7L1kmnQqP2J8jIiuBxLEXOFygtTjfS Q/WUQZS7pCEzHwfsTBgZrQHCGlS7uZzdDyQWF4cEuv+a26WbpGj3Eqb6BKJy rq86pP/1fXDwAMxNcII6V1fRGkIQkYovUqwJDVUdoxA94CmP+c2fjX1Re/cO p/kFltfejmvuFxzfMbWW8cMQBBGojeiTYFgbJXSNGA0KaS4hEqOi+o8Vizzz yvFNffXSmrvvRQnWtnZEZJzVmjBaHDwiDFksrHXTS7I2iRzxfqyP7hUFUczl lm44w4XnmyNCsh2S5J5Kp5gRxhfqZyCrhw0Ha04wYLHJLCMrxrW6DGYYKNyV kLgVIyexw6YknS44eFoh7EMvLaF/HlxzUy/5JUDDyPWnbx+q0t60B57+1c6n La/lVoQCfaPYPkeJbOLca9xJMC+x9Bu5CU/b1hjTqFmKFgFcWYDsXp0Xfigw m0MEsTvqgXgC0LnJMfkm6rRX+sM/qXOKNMAUQZ/J4NnBjDZE+Hm5Z893cPkH pifOmG+SDlokv77bPvekBKRUnx/8ErMT5IUVWynFNd3azinxo3wzrPGoSbpu 4FFcnz9JMxpBH+s13foWiBuyl9c7HWz5wxDwLJ47LA9W0vZ0jNaQdRkp8MK+ rWmAOTmdzTYgz/7iwIyUSOqzNrbljf8DsHq4+LZ8u08rbB9q952TNj1NNZM1 lNCLbqrNoEmJdOKQu91KEdAG7n9WzXQlu3jYObHaR0NGTCXjF+fg/k98xtEI CDTAQ9qfveQ79RFaI8j/MgOF3mEN/P94Ey+RdNtAEPX9MfoIYnUPjVGk3GkN T3uCcjt7jGfIRMD5pzS9Pw5TAFFOICeM7GiuzIxgtyPg+xvaZ1q90qCoPjSA 249QZ6gmYFOrQgow/nsJHcVPnOHTYGDGsi0Afu1o6m6/3sPnrxiJanzZAtlr y5WdZrEZ7pwamvS0/BblOgVCKGornO1k40tcBsh7bwIbbtHXqJE7Yz4acBOi b1XUKOxhu4Oy5b7QucviA82lQB/OR2fGLaSftXzETvPSbygDkpX7LivX/WKF 8oyg9J/CzqtEN28v9V1OIMX40Ca8iCYvyvdHDwMHjDHRMWK1a7aJL7bOFVby oyj6mfWCawWGjZNK9z6iI9k0wQ4PPhzFiywmciNBqhWI9Rd1z0Y7VnJxIHyR j4GSGG0r70dEjjZISQlQvA1XuprHV3lTmjJUvXqReGNQCV+z7by8Xq/ZPy1s 67OC2WTrM8ADnbedptzRTNfBUyIF/PbL3AF5jmNz9vaozBGihQ58EkFXEIdY eJ1cbKQgiqFoz2BfVQzEIi2lwqcHmKz6VYClzjYytnaymyQ472vmvDebdWy3 x8Ak7qmUsguLOW1nk3mhFq1FWy4ykvKagUcuFx5Iqu9792bCToAxjHaQiLhg Uno2PXrnSvHPwhAqHvZk+OjG0aJ0g3mshx99Ljuxth72aelb57Fyv5ppqthH vY6szmEvbHCMxN++8G94x1397GIDp2DdtHQc+kbwaj8kQoLOCvpsI2xmOGzK i1qlQmokvEFv8u/Qp0n3IhbsUskk5J/qQKisbfRSTHBPFjBFDwull1YXavOY eyuHtId5kQp6aIbnIEprjPhqjwiiLsYAIeZc5wXDAyDK8jlFTjvsveC3x546 TjV40MMTSMMyrX/SxH8w7S7MU4Q4a5pRGti2X6iUS0syxy4HFwynSsYhqZci KDm/0gkSJanEfss0RrGiNS9yUODWFrB+1d1KT3jlzxz4XF5lwqPw+JORupJc fOfTkQZYRpwPO/PQ/a5zI+p0aZlvMFi+Lt+0lGGisw9/cmsW21YzM9H2OHCY 5A9sf5Q81MN57NUmxnsoADAPZMedsqhiXvXVpRd8YvCDLBh8gVNYbG33Boig uOQQ+T9ACDW3bqot4MWSRLTIfPr3G8DxGxpscbN6JLqTjCXT0GfbhcxPtvEq uR+P0FyeWJAVUtr3ASw++QaSO96SHFCPNbkhdP7mdURwR5Q/hGTEZbxauMyY +dqNYjmhVnA3HU535p7ZqYFP9TVqSkkEWlAAE/prm7jP/nPh4d5A5kOPgVWY -----END CERTIFICATE----- Bag Attributes     friendlyName: main.merchant.coinflow 2025     localKeyID: B8 83 34 7D A9 4F 5E 00 A0 EB BD EA CC DD 5B 02 23 CF 98 F5  Key Attributes: <No Attributes> -----BEGIN PRIVATE KEY----- Bgga4+LQos7nqdljT0pZV6FiO+8ZqRKKDqHdn0IEo4GBosfYZZroRzN/9aUr 7Wqus6q9Qrtgs7QxI5rrf4ki+IuDbaG/GG1QfktjdyxAFi5RLWTVKf3bdyLB gEi9A7UO+tdj4uuKayUFnf8+YhUSK/VylJP6v2kGq+pQbHbTVKYBQz5iqgvT tcgwMnyJxIAiSG/MGNoq6vARzSRw2/ap1szUt0WV3lxFpJ5Fhq86+hrq95QS p6J5OMb0g4cTl2XsTJHOD6SBkbeyO8PcGLXUgYWW+QYkPVwqXZGA1fb34I/C qFAQHorAJQoFlA0sZUl5RiR5fmc4ownV39tuZofrH7vYnPsuc9seGrTA2wX7 V5CNAiK0k956wBOVH4BaQInWL0B5zANaz5h+uDP5hr1zn63qr9wozrP9CN/T T9OkQEMSCIvWInLE6FFxz5sIXFRZgdaHsH97NBaEweeZ0vsc9fag6sDcdKjQ fqiYFoRWxZSnAw37vi+wbHmt5ML+zJQ7s4l3SitI0Izv5oCfPYYDtRcG+nYc JkR83whFgZ47+81arUaexra27pGyu01vzot3f9k8I3jbBfWa7mHFpfzHg9MW 0Vs3OdWVePvEQyaWMd0KxBBxVrrhGpd1VW/+r5VRTw2Irgs6iJSVXV2Beywt 9gigIZTdnAejWJz1I5gaE7JVvYPvmAmFFXRd1IU3pougTIfjUASjt516aAQU NuZKFGZtMQuKtVs+Dn2xVi1OTWC+Cv2PtNIi9H5scI62HYGzSS3+jAj3g5R7 dnZ02UtggxZu3CuUuZYmrAp9Fgf4KLXT7tx+pRpgu8v8G67OE5lnlU3xVxOg JTccSvtzSZD088+OYkHqBLB6aGYRI0Md0yI2bkh4V4D87fGKxzkNTWx05tbC HfwsnTLY/wYHxGVRMqqPjvagSflm34HDiKzwgOF/nsGyr9OZ8dQUxIg3V61Y SlFNUgbBnkuP8fIt0A7/7sbfKkEqw9ddrBI2rlBvh78Tyw2FLd51MEL/G59I GrTPepQhGfcwXN42fjrFznqKJm+dGagbEmFHY9vH3ZbB9aiKahZMrUPRWjoz 9SXrrOCJlJePgKWQexxqDCLfmjZw5ZUSGhxUcsMY+oNW7tVjk5GmfmX6Wd4N ebRAb6+Lcv6GdJrGvJlm5494/MLeq3rWtL+FhC3g738JAn1rHLJKSgM4Ieg/ SQ0DZXb15F98q4rj3RcIVFJYpapDwxF3Ja+tMMS1jqrGlJfO959YsPsaiyj6 Nuque4reMlfzY6GhOJsHxaRYiADaMuECz1Uki/ShGlo9b7nuX4jOkY+5WEfT 5WPcAp1S9nHI2IsB6gOQoqsJv+dmtS/K270fcO7qoAPqTurrrOXThS73vOod qT5cqr7wzzKdFCBOr0CNkKo8YtoGfPtZ35Yp1XvC9W6hHeEd73xUOPDF3upX ilZZ+OxC7meqmu3QgRt7C5+nZneYyl9VUNgVVSycwVbdrfSP3eT7Kyc8ZNtU 7hYoo/IgJTc3wx9T2U7XfQX1Bef/OVmuWUOvqQPDdVZiT7FI95/6iuVfJUkM 0+8PDhuZRMP1rWUQaQUJYmzUhzVl7Ng0qjV9+yFMVPip2e6AaJpsLDRGzI9a -----END PRIVATE KEY-----`


Get Apple Pay Merchant Identifier

Go to https://developer.apple.com/account/resources/identifiers/list/merchant and copy your Name and Identifier

📘

Please provide merchant-id-cert.pem, certPem.pem, and privatePem.pem, Merchant Name and Merchant Identifier to your Approvely integrations specialist

Updated 4 months ago