Guides
Start typing to search…

Apple Pay certificate creation

Go to the Apple Pay merchant ID management page

Click to create the payment certificate

Create on computer: CertificateSigningRequest.certSigningRequest file

Official Apple Pay certificate application documentation

Select the CertificateSigningRequest.certSigningRequest certificate created in the previous step and upload it to Apple Pay

Download the payment.cer file from Apple Pay and convert it into the payment_certificate.pem file. This file is the certificate required for decryption.

openssl pkcs12 -in payment.p12 -nocerts -nodes -out payment_privatekey.pem

Export the paymet.p12 file on the computer and convert it into the payment_privatekey.pem file. This file is the private key required for decryption.



  1. Export the paymet.p12 file

  1. Retrieve the payment_privatekey.pem file from the paymet.p12 file
openssl pkcs12 -in payment.p12 -nocerts -nodes -out payment_privatekey.pem

Create merchant certificate (only needed for web, the creation process is similar to the payment certificate)

The differences are as follows:


  1. Click the button shown in the image below to create it.

  1. Download/export the file: Download the merchant.cer file from Apple Pay and convert it into the merchant_certificate.pem file. This file is the certificate required to get the payment-session.
openssl x509 -inform der -in merchant.cer -out merchant_certificate.pem

Export the merchant.p12 file on the computer and convert it into the merchant_privatekey.pem file. This file is the private key required to get the payment-session.

openssl pkcs12 -in merchant.p12 -nocerts -nodes -out merchant_privatekey.pem

To ensure that the test and production environments are independent and easier to manage and troubleshoot, it is recommended to create separate merchant IDs and certificates for the sandbox and production environments when integrating Apple Pay. The specific requirements are as follows:

  1. Merchant ID and certificate isolation
  • The sandbox environment should use a separate merchant ID and payment certificate for testing transactions.
  • The production environment should use the official merchant ID and payment certificate for real transactions.
  1. Domain binding
  • The sandbox merchant ID should only be bound to the test environment domain (e.g., sandbox.example.com).
  • The production merchant ID should only be bound to the production environment domain (e.g., www.example.com).
  1. Creation process
  • The process for creating the merchant ID, certificate, and domain verification is identical for both the sandbox and production environments.
  • Simply select the target environment in the Apple Developer console to configure each.
    By using two sets of independent configurations, you can effectively avoid test transactions from affecting the production system and simplify certificate updates and troubleshooting.

Updated 24 days ago