I have setup the server settings TLS, HTTPS
I have performed the following steps but not working for me:
1. I have validated my domain
2. Generate Certificate Signing Request (CSR) using keychain. It created public and private key in MAC keychain
3. Uploaded CSR (from point 2) to apple Pay Merchant Identity Certificate. It gave me merchant_id.cer
4. Generated .p12 with merchant_id.cer, public and private key using keychain
Now I am using this .p12 to create the ApplePaySession (paymentSession) using server side code in C# but getting error from apple side.
Exception: The SSL connection could not be established
Inner Exception: Authentication failed, The credentials supplied to the package were not recognized at System.Net.SSPIWrapper.AcquireCredentialsHandle
Sample Code:
var request = new MerchantSessionRequest()
{
DisplayName = "StoreName",
Initiative = "web",
InitiativeContext = "applepaypoc.xxxxxx.com",
MerchantIdentifier = "merchant.com.xxxxxx.applepaypoc",
};
string certPath = Path.Combine(Directory.GetCurrentDirectory(), "wwwroot\\files", "NewP12.pfx");
X509Certificate2 certificate = new X509Certificate2(certPath, "xxxxx");
HttpClientHandler handler = new HttpClientHandler();
handler.ClientCertificates.Add(certificate);
handler.SslProtocols = System.Security.Authentication.SslProtocols.Tls12;
var resCode = string.Empty;
using (HttpClient client = new HttpClient(handler))
{
try
{
HttpResponseMessage response = await client.PostAsJsonAsync(request.ValidationURL, validationPayload);
response.EnsureSuccessStatusCode();
resCode = response.StatusCode.ToString();
string responseBody = await response.Content.ReadAsStringAsync();
return responseBody;
}
catch (HttpRequestException e)
{
return $"resCode = {resCode} ///// Response Message: {e.Message} ///// Response Inner Exception: {e.InnerException.Message}";
}
}
**Ref: **
https://tech.justeattakeaway.com/2016/10/10/bringing-apple-pay-to-the-web/
Hi @rk25,
You wrote:
Now I am using this .p12 to create the ApplePaySession (paymentSession) using server side code in C# but getting error from apple side.
Exception: The SSL connection could not be established
Inner Exception: Authentication failed, The credentials supplied to the package were not recognized at System.Net.SSPIWrapper.AcquireCredentialsHandle
This is not an Apple error, but is likely due to your C# environment not having access to either the public or private key for the certificate. I'd suggest researching how to resolve that inner exception on your system platform, then applying that knowledge to the Apple Pay certificates.
Additionally, we have the following resources that may help you diagnose issues in your Apple Pay implementation:
- Apple Pay Merchant Integration Guide
- Configuring Your Environment
- Setting Up Your Server
- TN3173: Troubleshooting issues with your Apple Pay merchant identifier configuration
- TN3174: Diagnosing issues with the Apple Pay payment sheet on your website
Because macOS uses RC2-40-CBC cipher to encrypt the certificate, other platforms may need to use a legacy option for openssl, or convert the certificate to a modern encryption cypher, like AES-256-CBC.
For the unsupported cipher on other platforms, we should suggest for the dev to re-sign/convert the P12 with a modern cipher, then use the openssl command in the guide as-is.
1. Before conversion; uses legacy RC2-40-CBC cipher:
% openssl pkcs12 -in ApplePayMerchantID_and_privatekey.p12 -out ApplePay.crt.pem -nokeys
> …:unsupported:… Algorithm (RC2-40-CBC : 0)…
2. Convert to AES-256-CBC cipher:
% openssl pkcs12 -legacy -in ApplePayMerchantID_and_privatekey.p12 -nodes -out ApplePayMerchantID_and_privatekey-decrypted.tmp
% openssl pkcs12 -in ApplePayMerchantID_and_privatekey-decrypted.tmp -export -out ApplePayMerchantID_and_privatekey-converted.p12
% rm ApplePayMerchantID_and_privatekey-decrypted.tmp
Note: The exported ApplePayMerchantID_and_privatekey-converted.p12 certificate file now contains the same keys, but encrypted using AES-256-CBC.
3. After conversion; uses modern AES-256-CBC cipher:
% openssl pkcs12 -in ApplePayMerchantID_and_privatekey-converted.p12 -out ApplePay.crt.pem -nokeys
Cheers,
Paris
