Invalid CSR algorithm / size. Expected RSA 2048
I am trying to integrate Apple Pay with braintree
. I followed the instructions below to enable apple payment in the brain tree. In the first step, if you click on the Certificate Signing Request, it will download the file braintree_app_pay.certSigningRequest
that is used in Apple Membership.
When I choose to create a payment process certificate, I get the following error.
source to share
Full disclosure: I work at Braintree. If you have further questions, do not hesitate to contact our support team .
Make sure you select the Apple Pay Certificate option under Production (even if it's sandboxed, see Apple Braintree Configuration Documentation for details) when choosing the type of certificate to add to the Apple Developer Portal. Apple Pay CSRs must be generated using ECC, not RSA.
The CSR prompt screen should look like this. While you will be downloading the CSR obtained from Braintree instead of generating one, take a look at Apple's specs for the key:
source to share
In addition to what @zepp said, you must specify this when creating the CRS and you can do this by following the procedure below
- Go to Access Keychain
- Click on certificate help
- Click on Request a Certificate at the Certification Authority ( click on the image )
- Enter all the information and click the "Let me fill in the key pair information" button, then click "Continue"
- Set KeySize to 256 and Algorithm for ECC ( click for image )
- Then click continue.
source to share
This issue doesn't apply to Apple Pay or Braintree - I ran into the same issue when trying to generate a CSR to get Apple's Safari Certification.
It's important to know that you need to select your iCloud keychain before using the command Request Certificate from Certificate Authority
. If you do not do this, a different keychain may be active, leading to misuse of keys.
source to share
Follow these steps [If you are using Apple Pay with Stripe or any other payment gateway]:
- Double click CSR (downloaded from Stripe) [Certificate Assistant Opens]
- Click Continue
- Select "Request a certificate from an existing CA" and continue.
- On the Certificate Information screen, enter the user's email address, common name, leave the CA email address blank, select Saved to Disk. marked. Let me provide information on a key pair '[choose your location and save]
- On the Key Pair Information screen, select the "ECC" algorithm & select Key Size: 256 bits and continue.
Now use this CSR in your payment processing certificate.
source to share
I don't understand because the site braintree
says You must use the CSR we provide. Do not create a CSR file yourself
.
And with this CSR file, it always failed on Apple's download page.
Edit: I am finally uploading success followed by steps from @ anjali-jariwala's answer. It's just that in the last step I choose RSA
& 2048
as the alert requirement.
source to share
From the Apple Developers Forum
From the Keychain Access drop-down menu, select Keychain Access> Certificate Assistant> Request Certificate from Authority Certificate.
In the Certificate Information window, enter the following information:
- In the User Email Address field, enter your email address.
- In the Common Name field, create a name for your private key (for example, John Doe Dev Key).
- The CA email address field should be left blank.
- In the "Request Is" group, select the "Saved to Disk" option.
- Select "Let me provide key pair information."
- Click Continue in Keychain Access and choose a location for the file.
- Set the key pair information as follows:
- Algorithm: ECC
- Key size: 256 bit Click
- Continue to Keychain Access to complete the CSR generation process.
source to share