On This Page

Step 2: Create a P12 Certificate

A P12 certificate and its private key are necessary for JSON Web Token message security. To create a P12 certificate, you must download a
.p12
 file from the
Business Center
 and extract its private key.

Create a P12 Certificate

Follow these steps to create a
.p12
 file if you are using JSON Web Tokens to secure communication.
  2. On the left navigation panel, choose
    Payment Configuration > Key Management
    .
  3. Click
    + Generate
     key.
  4. Under REST APIs, choose
    REST – Certificate
    , and then click
    Generate key
    .
    If you are using a portfolio account, the Key options window appears, giving you the choice to create a meta key. For more information about how to create a meta key, see Meta Key Creation and Management.
  5. Click
    Download key
     .
  6. Create a password for the certificate by entering the password into the
    New Password
     and
    Confirm Password
     fields, and then click
    Generate key
    .
    The
    .p12
     file downloads to your desktop.
    If prompted by your system, approve the location for where the key downloads.
You can create or upload another key by clicking
Generate another key
. To view all of your created keys, use the Key Management page.
IMPORTANT
Securely store the
.p12
 file and password in your system. These credentials are required to implement certain products and you must be able to access them.

Extract the Private Key from the P12 Certificate

When you have your P12 certificate, extract the private key from the certificate. Use this key to sign your header when sending an API request.
IMPORTANT
If you are using the SDK to establish communication, you do not need to extract the private key from the P12 certificate.

Prerequisite

You must have a tool such as OpenSSL installed on your system.

Extract the Private Key

Follow these steps to extract the private key using OpenSSL:
  1. Open the command-line tool and navigate to the directory that contains the P12 certificate.
  2. Enter this command:
    openssl pkcs12 -in [certificate name] -nodes -nocerts -out [private key name]
  3. Enter the password for the certificate.
    You set this password when you created the P12 certificate in the
    Business Center
    .
The new certificate is added to the directory using the private key name you supplied in Step 2.

Test the Shared Secret Key Pair

After creating your key certificate, you must verify that it can successfully process API requests. This task explains how to test and validate your key pair in the Developer Center and the
Business Center
.
  2. On the left navigation panel, click .
  3. Under Authentication and Sandbox Credentials, set the Authentication Type drop-down menu to
    JSON Web Token
    .
  4. Enter your organization ID in the
    Organization
     field.
  5. Enter your Password in the
    Password
     field.
  6. Click
    Browse
     and upload your p12 certificate from your desktop.
  7. Click
    Update Credentials
    .
    A confirmation message states that your credentials are successfully updated.
  8. On the developer center's left navigation panel, navigate to
    Payments >
    POST
     Process a Payment
    .
  9. Under Request: Live Console, click
    Send
    .
    A message confirms that your request was successful with the status code 201.
  10. Log in to the
    Business Center
    :
  11. On the left navigation panel, navigate to
    Transaction Management > Transactions
    .
  12. Under Search Results, verify that the request ID from the test authorization response is listed in the Request ID column.
    If the test authorization was successful, a success message is present in the corresponding Applications column.

Test Endpoints

When testing an API outside of the Developer Center's API Reference sandbox, send your test API requests to the test server:
https://apitest.visaacceptance.com
For example, to test an authorization request, you can send the request to this endpoint:
https://apitest.visaacceptance.com
/pts/v2/payments