On This Page

{#jumplink-list}  
[Markdown](/docs/cybs/en-us/platform/developer/all/rest/rest-getting-started/restgs-jwt-message-intro/restgs-security-p12-intro.md)  
Filter  
FILTER BY TAG

Create or Submit a P12 Certificate {#restgs-security-p12-intro}
===============================================================

This section describes how to create or submit a P12 certificate and how to extract its private key. A private key is necessary for you to construct JSON Web Tokens. *Create* a P12 certificate if you need a new certificate. *Submit* a P12 certificate if you want to use your own certificate.

Creating a P12 Certificate {#restgs-task-p12}
=============================================

Follow these steps to create a P12 certificate file if you are using JSON Web Tokens to secure communication:

1. Log in to the `Business Center`:
   * **Test:** [`https://businesscentertest.cybersource.com`](https://ebc2test.cybersource.com/ebc2/ "")
   * **Production:** [`https://businesscenter.cybersource.com`](https://ebc2.cybersource.com/ebc2/ "")
     {#restgs-task-p12_step-1}
     {#restgs-task-p12_step-1}
   2. On the left navigation panel, choose ![](/content/dam/documentation/cybs/en-us/common/images/ebc/ebc-icon-pymt-config.svg/jcr:content/renditions/original) Payment Configuration \&gt; Key Management.  
      ![](/content/dam/documentation/cybs/en-us/topics/platform/rest/getting-started/images/left-navigation.png/jcr:content/renditions/original) {#restgs-task-p12_step-2}
      {#restgs-task-p12_step-2}
   3. Click + Generate key on the Key Management page.  
      ![](/content/dam/documentation/cybs/en-us/topics/payments-processing/payment-services/sec-keys/images/generate-key.png/jcr:content/renditions/original) {#restgs-task-p12_step-3}
      {#restgs-task-p12_step-3}
   4. Under REST APIs, choose REST -- Certificate, and then click Generate key.  
      If you are using a *portfolio* account, the Key options window appears, giving you the choice to create a meta key. For more information about how to create a meta key, see *[Creating and Using Security Keys](https://developer.cybersource.com/docs/cybs/en-us/security-keys/user/all/ada/security-keys/keys-intro.md "")*.  
      ![](/content/dam/documentation/cybs/en-us/topics/payments-processing/payment-services/sec-keys/images/p12-key-select.png/jcr:content/renditions/original) {#restgs-task-p12_step-4}
      {#restgs-task-p12_step-4}
   5. Click Download key ![](/content/dam/documentation/cybs/en-us/common/images/ebc/ebc-bttn-download.svg/jcr:content/renditions/original) .  
      ![](/content/dam/documentation/cybs/en-us/topics/payments-processing/payment-services/sec-keys/images/p12-key-generate.png/jcr:content/renditions/original) {#restgs-task-p12_step-5}
      {#restgs-task-p12_step-5}
   6. Create a password for the certificate by entering one into the New Password and Confirm Password fields. Click Generate key.  
      ![](/content/dam/documentation/cybs/en-us/topics/platform/rest/getting-started/images/restgs-set-pass.png/jcr:content/renditions/original)  
      The *.p12* file downloads to your desktop.  
      If prompted by your system, approve the location to which the key downloads. {#restgs-task-p12_step-6}
      {#restgs-task-p12_step-6}

{#restgs-task-p12_steps}  
To create or upload another key, click **Generate another key**. To view all of your created keys, go to the Key Management page.

> IMPORTANT
> Securely store the *.p12* file and password in your system. These credentials are required in order to implement certain products, and you must be able to access them.

Submitting a P12 Certificate {#concept}
=======================================

Follow these steps to submit your own public PEM-formatted certificate signing request (CSR) if you are using JSON Web Tokens to secure communication. You also have the option to create a P12 certificate from your CSR to use for testing purposes.

1. Log in to the `Business Center`:

   * **Test:** [`https://businesscentertest.cybersource.com`](https://ebc2test.cybersource.com/ebc2/ "")
   * **Production:** [`https://businesscenter.cybersource.com`](https://ebc2.cybersource.com/ebc2/ "")
   2. On the left navigation panel, choose ![](/content/dam/documentation/cybs/en-us/common/images/ebc/ebc-icon-pymt-config.svg/jcr:content/renditions/original) Payment Configuration \&gt; Key Management.  
      ![](/content/dam/documentation/cybs/en-us/topics/platform/rest/getting-started/images/left-navigation.png/jcr:content/renditions/original)
   3. Click + Generate key on the Key Management page.  
      ![](/content/dam/documentation/cybs/en-us/topics/payments-processing/payment-services/sec-keys/images/generate-key.png/jcr:content/renditions/original)
   4. Under REST APIs, choose REST -- Certificate, and then click Generate key.  
      If you are using a *portfolio* account, the Key options window appears, giving you the choice to create a meta key. For more information about how to create a meta key, see *[Creating and Using Security Keys](https://developer.cybersource.com/docs/cybs/en-us/security-keys/user/all/ada/security-keys/keys-intro.md "")*.  
      ![](/content/dam/documentation/cybs/en-us/topics/payments-processing/payment-services/sec-keys/images/p12-key-select.png/jcr:content/renditions/original)
2. Enter your public PEM-formatted certificate in the text box, then click **Download key** ![](/content/dam/documentation/cybs/en-us/common/images/ebc/ebc-bttn-download.svg/jcr:content/renditions/original) .  
   If you need to generate your own CSR and private key, run this command. In this example, *merchant* is your organization or merchant ID (MID). You can extract the certificate value by opening the *example.csr* file using a text editor application.

   ```
   openssl req -new -newkey rsa:2048 -keyout private_key.pem -out example.csr -sha256 -nodes -subj "/CN=merchant"
   ```

   ![](/content/dam/documentation/cybs/en-us/topics/payments-processing/payment-services/sec-keys/images/submit-key-fill.png/jcr:content/renditions/original)

3. (Optional) To convert your submitted CSR into a *.p12* file, run this command. In this example, *merchant* is your organization or merchant ID (MID).  
   You can use the P12 certificate for testing using the [*REST API Reference*](https://developer.cybersource.com/api-reference-assets/index.md#payments "") on the Developer Center.

   ```
   openssl pkcs12 -export -name "$(printf 'serialnumber=%s,cn=%s' "$(openssl x509 -in merchant_certChain.pem -noout -serial | cut -d= -f2 | xxd -r -p)" "$(openssl x509 -in merchant_certChain.pem -noout -subject | sed -n 's/.*CN=\([^/]*\).*/\1/p')" )" -out merchant.p12 -inkey private_key.pem -in merchant_certChain.pem
   ```
4. When prompted, set a password for the *.p12* file.

{#concept_d25e18}  
To create or upload another key, click **Generate another key**. To view all of your created keys, go to the Key Management page.
IMPORTANT Securely store your key's password in your system. These credentials are required to implement certain products and you must be able to access them.

Extracting the Private Key from Your P12 Certificate {#restgs-security-extract-key}
===================================================================================

When you have your P12 certificate, extract the private key from the certificate. Use this key to sign your header when sending an API request.

> IMPORTANT  
> If you are using the SDK to establish communication, you do not need to extract the private key from the P12 certificate.

**Prerequisite**
:
You must have a tool such as OpenSSL installed on your system.

**Extract the Private Key**
:
Follow these steps to extract the private key using OpenSSL:

    1. Open the command-line tool and navigate to the directory that contains the P12 certificate.
       2. Enter this command:  
       `openssl pkcs12 -in [certificate name] -nodes -nocerts -out [private key name]`
       3. Enter the password for the certificate.  
       You set this password when you created the P12 certificate in the `Business Center`.

The new certificate is added to the directory with the private key name you supplied in Step 2.

Testing Your Private Key {#restgs_security_test}
================================================

After creating your key certificate, you must verify that it can successfully process API requests. This task explains how to test and validate your private key in the Developer Center and the `Business Center`.  
Follow these steps:

1. Go to the Developer Center's API Reference page:  
   [https://developer.cybersource.com/api-reference-assets/index.html#payments_payments_static-home-section](https://developer.cybersource.com/api-reference-assets/index.md#payments_payments_static-home-section "") {#restgs_security_test_step-1}
   {#restgs_security_test_step-1}
2. On the left navigation panel, click **[API Endpoints \& Authentication](https://developer.cybersource.com/api-reference-assets/index.md#static-api-endpoints-section "")**.{#restgs_security_test_step-2}
   {#restgs_security_test_step-2}
3. Under Authentication and Sandbox Credentials, go to the Authentication Type drop-down menu and choose **JSON Web Token**.{#restgs_security_test_step-3}
   {#restgs_security_test_step-3}
4. Enter your organization ID in the **Organization** field.{#restgs_security_test_step-4}
   {#restgs_security_test_step-4}
5. Enter your Password in the **Password** field.
6. Click **Browse** and upload your p12 certificate from your desktop.{#restgs_security_test_step-5}
   {#restgs_security_test_step-5}
7. Click **Update Credentials**.  
   A confirmation message states that your credentials are successfully updated.  
   ![](/content/dam/documentation/cybs/en-us/topics/platform/rest/getting-started/images/restgs-cert-test.png/jcr:content/renditions/original) {#restgs_security_test_step-6}
   {#restgs_security_test_step-6}
8. Go to the Developer Center's API Reference and navigate to **Payments \&gt; `POST` Process a Payment**.{#restgs_security_test_step-7}
   {#restgs_security_test_step-7}
9. Click **Send**.  
   ![](/content/dam/documentation/cybs/en-us/topics/platform/rest/getting-started/images/restgs-dev-center-ex.png/jcr:content/renditions/original)  
   A message confirms that your request was successful with the status code 201.  
   ![](/content/dam/documentation/cybs/en-us/topics/platform/rest/getting-started/images/rstgs-success-201.png/jcr:content/renditions/original) {#restgs_security_test_step-8}
   {#restgs_security_test_step-8}
10. Log in to the `Business Center`:  
    [`https://businesscentertest.cybersource.com`](https://ebc2test.cybersource.com/ebc2/ "") {#restgs_security_test_step-9}
    {#restgs_security_test_step-9}
11. On the left navigation panel, choose ![](/content/dam/documentation/cybs/en-us/common/images/ebc/ebc-icon-trxn-mgmt.svg/jcr:content/renditions/original) **Transaction Management \&gt; Transactions**.{#restgs_security_test_step-10}
    {#restgs_security_test_step-10}
12. Under Search Results, verify that the request ID from the test authorization response is listed in the Request ID column.  
    If the test authorization was successful, a success message is present in the corresponding Applications column.  
    ![](/content/dam/documentation/cybs/en-us/topics/platform/rest/getting-started/images/restgs-verify-key-pair.png/jcr:content/renditions/original) {#restgs_security_test_step-11}
    {#restgs_security_test_step-11}  
    RELATED TO THIS PAGE

* [Getting Started with REST](https://developer.cybersource.com/docs/cybs/en-us/platform/developer/all/rest/rest-getting-started/restgs-intro.md)
* [Response Codes](https://developer.cybersource.com/api/reference/response-codes.md)
* [API Field Reference Guide](https://developer.cybersource.com/docs/cybs/en-us/api-fields/reference/all/rest/api-fields/rest-api-fields-intro.md)
* [API Reference Sandbox](https://developer.cybersource.com/api-reference-assets/index.md#static-home-section)
* [Business Center Test](https://businesscentertest.cybersource.com/ebc2/)
* [Business Center Production](https://businesscenter.cybersource.com/ebc2/)
* [Customer Support](https://support.visaacceptance.com/)