Generate Apple Pay certificates and validate domain for JavaScript Library

Sign the certificates

You will need to contact our Support Team to enable Apple Pay on your Trust Payments account. You will be asked to provide the following information as part of this process:

Your site reference(s).
The domain of your payment page.
Your Apple Pay Merchant ID(s).
Your Webservices JWT Username.

The Support team will return two certificate signing requests (PEM files) per Merchant ID, and you will need to follow the steps below for each Merchant ID to enable Apple Pay on your account.

Preparing the Payment Processing Certificate

Sign into the Apple Developer Center: https://developer.apple.com/account/ (link to external site)

In the Member Center, select Certificates, Identifiers & Profiles.
Under Identifiers, select Merchant IDs.
Select the merchant ID from the list, and click Edit.

Trust Payments supports Apple merchant IDs up to (but not exceeding) 50 characters in length.
In the Payment Processing Certificate section, click Create Certificate.
Click Choose File, select the Payment Processing CSR file emailed to you by the Support Team earlier, and click Continue.
Download the certificate by clicking Download, and click Done.
Do not change the name of this CER file.

Preparing the Merchant Identity Certificate

In the Member Center, select Certificates, Identifiers & Profiles.
Under Identifiers, select Merchant IDs.
Select the merchant ID from the list, and click Edit.

Trust Payments supports Apple merchant IDs up to (but not exceeding) 50 characters in length.
In the Merchant Identity Certificate section, click Create Certificate.
Click Choose File, select the Merchant Identity Certificate CSR file emailed to you by the Support Team earlier, and click Continue.
Download the certificate by clicking Download, and click Done.
Do not change the name of this CER file.

Contact Support with the certificates

Having followed the steps above, you should now be in possession of two Apple Pay certificates (two CER files).
Compress these two files into a single .zip file, attach this to an email and send it on to our Support team (support@trustpayments.com).
Once Support have received the certificates and have confirmed this by email, you can proceed with the next steps.

You must ensure you send the certificates in a .zip file when emailing Support.

Register and verify your domain

In the Member Center, select Certificates, Identifiers & Profiles.
Under Identifiers, select Merchant IDs.
Select the merchant ID from the list, and click Edit.
Under Merchant Domains, click Add Domain.
Enter the fully qualified domain name, ensuring it matches the name sent to the Trust Payments Support Team, then click Save.
Click Download, place the downloaded file in the specified location.
Once the validation file is hosted and can be accessed externally, you can click the Verify button on the developer portal, to allow Apple to connect to your webserver and validate the domain.
Click Done.

Having problems validating your domain?

If you receive the following error message when validating the domain while on Apple’s Developer Portal:

Verification failed for domain
Unable to establish a secure connection to ‘https://yourdomain.com/.well-known/apple-developer-merchantid-domain-association.txt’
Domain certificate is untrusted.

Solution
Apple requires that the server receives a high security rating in order to successfully validate a domain.
(For example, if using SSL Labs to check your certificate, an A grade would be required as a minimum:
https://www.ssllabs.com/ssltest/index.html (link to external site)

Now you have set up the certificates and have had your domain validated by Apple, you can update your checkout to process Apple Pay transactions.

Click here to continue.

Further reading on this topic