CSR algorithm/size is incorrect.Expected RSA 2048

Question

I am trying to integrate apple pay with braintree. I have followed up the following instructions to enable apple pay in the brain tree. In the first step, if you cl

Answer 1

Please follow below steps[If use Apple Pay with stripe or any other payment gateway]:

1. Double click on CSR (Downloaded from Stripe), [It will open Certificate Assistant]
2. Click on Continue
3. Select 'Request a certificate from an existing CA', and Continue
4. In Certificate Information screen, Enter User Email Address, Common Name, Leave CA Email Address empty, Select 'Saved to disk & checked Let me specify key pair information' [Select your specific location and save]
5. In Key Pair Information screen, select 'ECC' algorithm & select Key size : 256 bits and continue.

Now use this CSR in your payment processing certificate.

Answer 2

I don't get it, because it's said You must use the CSR we provide. Do not create a CSR file yourself on braintree website.

And with this CSR file, it's always failed on apple's upload page.

Edit: I finally upload success with follow steps of @anjali-jariwala 's answer. Just in last step, I choose RSA & 2048 as alert requirement.

Answer 3

complimenting what @zepp said, you need to specify when creating CRS, and you can that by following the process below

1. Go to Keychain Access
2. Click on Certificate Assistance
3. Click on Request Certificate from Certificate Authority (click for image)
4. Enter all information and click on "Let me specify key pair Information"checkbox, then click on Continue
5. Aelect KeySize to be 256 and Algorithm to be ECC (click for image)
6. Then click on continue.

Answer 4

_{Full disclosure: I work at Braintree. If you have any further questions, feel free to contact our Support team.}

Make sure you're selecting the Apple Pay Certificate option under Production (even if this is for a Sandbox; see the Braintree Apple Pay configuration docs for details) when choosing the type of certificate to add in the Apple Developer portal. Apple Pay CSRs should be generated with ECC, not RSA.

Here's what the CSR prompt screen should look like. Although you'll be uploading the CSR obtained from Braintree instead of generating one, note Apple's specifications for the key:

Answer 5

This issue is not specific to Apple Pay or Braintree - I ran into the same issue when trying to create a CSR for getting a Safari certificate from Apple.

What's important to know is that you need to select the iCloud keychain before using the Request Certificate from Certificate Authority command. If you don't, another keychain may be active, causing wrong keys to be used.

Answer 6

From Apple Developer Forum

Within the Keychain Access drop down menu, select Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority.

1. In the Certificate Information window, enter the following information:

   • In the User Email Address field, enter your email address.
   • In the Common Name field, create a name for your private key (e.g., John Doe Dev Key).
   • The CA Email Address field should be left empty.
   • In the "Request is" group, select the "Saved to disk" option.
   • Select "Let me specify key pair information".
2. Click Continue within Keychain Access and select the file location.
3. Set the Key Pair Information to the following:
   • Algorithm: ECC
   • Key Size: 256 bits Click
4. Continue within Keychain Access to complete the CSR generating process.