Apple pay web authentication failed (SSL connection)

I have setup the server settings TLS, HTTPS

I have performed the following steps but not working for me:

1. I have validated my domain

2. Generate Certificate Signing Request (CSR) using keychain. It created public and private key in MAC keychain

3. Uploaded CSR (from point 2) to apple Pay Merchant Identity Certificate. It gave me merchant_id.cer

4. Generated .p12 with merchant_id.cer, public and private key using keychain

Now I am using this .p12 to create the ApplePaySession (paymentSession) using server side code in C# but getting error from apple side.

Exception: The SSL connection could not be established

Inner Exception: Authentication failed, The credentials supplied to the package were not recognized at System.Net.SSPIWrapper.AcquireCredentialsHandle

Sample Code:


var request = new MerchantSessionRequest()
{
    DisplayName = "StoreName",
    Initiative = "web",
    InitiativeContext = "applepaypoc.xxxxxx.com",
    MerchantIdentifier = "merchant.com.xxxxxx.applepaypoc",
};
string certPath = Path.Combine(Directory.GetCurrentDirectory(), "wwwroot\\files", "NewP12.pfx");

X509Certificate2 certificate = new X509Certificate2(certPath, "xxxxx");

HttpClientHandler handler = new HttpClientHandler();
handler.ClientCertificates.Add(certificate);
handler.SslProtocols = System.Security.Authentication.SslProtocols.Tls12;

var resCode = string.Empty;

using (HttpClient client = new HttpClient(handler))
{
    try
    {
        HttpResponseMessage response = await client.PostAsJsonAsync(request.ValidationURL, validationPayload);

        response.EnsureSuccessStatusCode();

        resCode = response.StatusCode.ToString();

        string responseBody = await response.Content.ReadAsStringAsync();
        return responseBody;
    }
    catch (HttpRequestException e)
    {
        return $"resCode = {resCode} ///// Response Message: {e.Message} ///// Response Inner Exception: {e.InnerException.Message}";
    }
}

**Ref: **

https://developer.apple.com/documentation/technotes/tn3103-apple-pay-on-the-web-troubleshooting-guide

https://tech.justeattakeaway.com/2016/10/10/bringing-apple-pay-to-the-web/

Answered by DTS Engineer in 796169022

Hi @rk25,

You wrote:

Now I am using this .p12 to create the ApplePaySession (paymentSession) using server side code in C# but getting error from apple side.

Exception: The SSL connection could not be established

Inner Exception: Authentication failed, The credentials supplied to the package were not recognized at System.Net.SSPIWrapper.AcquireCredentialsHandle

This is not an Apple error, but is likely due to your C# environment not having access to either the public or private key for the certificate. I'd suggest researching how to resolve that inner exception on your system platform, then applying that knowledge to the Apple Pay certificates.

Additionally, we have the following resources that may help you diagnose issues in your Apple Pay implementation:

Because macOS uses RC2-40-CBC cipher to encrypt the certificate, other platforms may need to use a legacy option for openssl, or convert the certificate to a modern encryption cypher, like AES-256-CBC.

For the unsupported cipher on other platforms, we should suggest for the dev to re-sign/convert the P12 with a modern cipher, then use the openssl command in the guide as-is.

1. Before conversion; uses legacy RC2-40-CBC cipher:

% openssl pkcs12 -in ApplePayMerchantID_and_privatekey.p12 -out ApplePay.crt.pem -nokeys
> …:unsupported:… Algorithm (RC2-40-CBC : 0)…

2. Convert to AES-256-CBC cipher:

% openssl pkcs12 -legacy -in ApplePayMerchantID_and_privatekey.p12 -nodes -out ApplePayMerchantID_and_privatekey-decrypted.tmp

% openssl pkcs12 -in ApplePayMerchantID_and_privatekey-decrypted.tmp -export -out ApplePayMerchantID_and_privatekey-converted.p12

% rm ApplePayMerchantID_and_privatekey-decrypted.tmp

Note: The exported ApplePayMerchantID_and_privatekey-converted.p12 certificate file now contains the same keys, but encrypted using AES-256-CBC.

3. After conversion; uses modern AES-256-CBC cipher:

% openssl pkcs12 -in ApplePayMerchantID_and_privatekey-converted.p12 -out ApplePay.crt.pem -nokeys

Cheers,

Paris

It's a request

var request = new MerchantSessionRequest() { DisplayName = "StoreName", Initiative = "web", InitiativeContext = "applepaypoc.xxxxxx.com", MerchantIdentifier = "merchant.com.xxxxxx.applepaypoc", };

validationPayload

Hi @rk25,

You wrote:

Now I am using this .p12 to create the ApplePaySession (paymentSession) using server side code in C# but getting error from apple side.

Exception: The SSL connection could not be established

Inner Exception: Authentication failed, The credentials supplied to the package were not recognized at System.Net.SSPIWrapper.AcquireCredentialsHandle

This is not an Apple error, but is likely due to your C# environment not having access to either the public or private key for the certificate. I'd suggest researching how to resolve that inner exception on your system platform, then applying that knowledge to the Apple Pay certificates.

Additionally, we have the following resources that may help you diagnose issues in your Apple Pay implementation:

Because macOS uses RC2-40-CBC cipher to encrypt the certificate, other platforms may need to use a legacy option for openssl, or convert the certificate to a modern encryption cypher, like AES-256-CBC.

For the unsupported cipher on other platforms, we should suggest for the dev to re-sign/convert the P12 with a modern cipher, then use the openssl command in the guide as-is.

1. Before conversion; uses legacy RC2-40-CBC cipher:

% openssl pkcs12 -in ApplePayMerchantID_and_privatekey.p12 -out ApplePay.crt.pem -nokeys
> …:unsupported:… Algorithm (RC2-40-CBC : 0)…

2. Convert to AES-256-CBC cipher:

% openssl pkcs12 -legacy -in ApplePayMerchantID_and_privatekey.p12 -nodes -out ApplePayMerchantID_and_privatekey-decrypted.tmp

% openssl pkcs12 -in ApplePayMerchantID_and_privatekey-decrypted.tmp -export -out ApplePayMerchantID_and_privatekey-converted.p12

% rm ApplePayMerchantID_and_privatekey-decrypted.tmp

Note: The exported ApplePayMerchantID_and_privatekey-converted.p12 certificate file now contains the same keys, but encrypted using AES-256-CBC.

3. After conversion; uses modern AES-256-CBC cipher:

% openssl pkcs12 -in ApplePayMerchantID_and_privatekey-converted.p12 -out ApplePay.crt.pem -nokeys

Cheers,

Paris

Apple pay web authentication failed (SSL connection)
 
 
Q