Some Apple Pay developers may be approaching the expiration date of their Payment Processing Certificate. Apple sends notifications to the team agent of your Apple Developer Account at 30 days, 15 days and 7 days prior to the upcoming expiration date.
The payment processing certificate is used to encrypt the Apple Pay token. The payment processing certificate is valid for 25 months from activation. If you do not replace the CSR and activate the new certificate prior to the expiration date, all Apple Pay transactions will fail. From a UI/UX perspective, you will notice the payment sheet dismisses with Payment Not Complete! after Touch ID has taken place.
Here are a couple of tips on this process:
• You will need to understand who is handling decryption of the Apple Pay token prior to replacing the CSR. Many Gateway providers handle decryption on behalf of their merchants, in which case you’d need to engage your Gateway provider directly to obtain a new CSR.
• Once you’ve uploaded the new CSR in the Apple Developer Portal, you will need to explicitly click “Activate” in order for the certificate to be used.
• We highly recommend placing a test transaction after the new cert has been activated to ensure decryption occurs successfully.
What is a CSR?
A CSR is a certificate signing request. The CSR contains a public key with a few other unique identifiers that is presented to another entity for signature. In this case, Apple will use the public key in the CSR to encrypt the Apple Pay token. Whoever is handling decryption of the token should own the corresponding private key.