Apple pay certificates Error "SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca, errno 0"

App & System Services Apple Pay
oborja OP
Created Aug ’24
Replies 1
Boosts 0
Views 653
Participants 1

Hello everyone,

**I created a certificat using openssl using the steps below **

  1. Generate a Certificate Signing Request (ecccertreq.csr)

Generate key pair in a key file Code

openssl ecparam -genkey -name prime256v1 -out ecckey.key

Generate CSR from key pair in key file Code

openssl req -new -sha256 -key ecckey.key -out ecccertreq.csr -subj '/O=Nahdi Merchant Identity'

  1. Upload the Payment Processing Certificate CSR

  2. Download the Apple signed Payment Processing Certificate

The certificate file (apple_pay.cer) appears in my Downloads folder

  1. Generate the .p12 file (ecckeystore.p12)

Convert apple_pay.cer to PEM Code

openssl x509 -inform DER -in apple_pay.cer -out apple_pay.pem
  1. Import merchant certificate and private key to generate .p12

Code openssl pkcs12 -export -out ecckeystore.p12 -inkey ecckey.key -in apple_pay.pem

But I am getting this error when testing using the curl_test.php file and also when trying to make a payment on our website, we already have a working certificat for another merchant id and we don't get the same error

Verbose info:

cURL Error
56 - OpenSSL SSL_read: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca, errno 0

Verbose information
*   Trying 17.141.128.71:443...
* TCP_NODELAY set
* Connected to apple-pay-gateway.apple.com (17.141.128.71) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: businessCategory=Private Organization; jurisdictionC=US; jurisdictionST=California; serialNumber=C0806592; C=US; ST=California; L=Cupertino; O=Apple Inc.; CN=apple-pay-gateway.apple.com
*  start date: Jul 24 19:05:42 2024 GMT
*  expire date: Oct 22 19:15:42 2024 GMT
*  subjectAltName: host "apple-pay-gateway.apple.com" matched cert's "apple-pay-gateway.apple.com"
*  issuer: C=US; O=Apple Inc.; CN=Apple Public EV Server RSA CA 1 - G1
*  SSL certificate verify ok.
> POST /paymentservices/paymentSession HTTP/1.1
Host: apple-pay-gateway.apple.com
Accept: */*
Content-Length: 131
Content-Type: application/x-www-form-urlencoded

* upload completely sent off: 131 out of 131 bytes
* OpenSSL SSL_read: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca, errno 0
* Closing connection 0
code-block
Answered by oborja in 799237022

I was using the wrong certificate, I used a payment processing certificate instead of a merchant identity certificate, so my problem is solved

Replies  1
Boosts  0
Views  653
Participants  1
oborja OP
Aug ’24
Accepted Answer

I was using the wrong certificate, I used a payment processing certificate instead of a merchant identity certificate, so my problem is solved

0
Apple pay certificates Error "SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca, errno 0"
First post date Last post date
 
 
Q