Skip to main content

Generate CSR and Private Key

CSR Format Guidelines

Before you begin generating your CSR (Certificate Signing Request), please ensure that you follow these format guidelines to adhere to PayNet's standards:

Country Name (C)MY
Organization Name (O)

Applicant's organization name. For example:

XYZ Sdn. Bhd.
Organizational Unit (OU)

Indicate the name of the product or service. For example:

  • For FPX: PayNet FPX
  • For DuitNow: PayNet RPP
  • For DuitNow Pay: PayNet DNPAY
Common Name (CN)

Assign the appropriate value based on your application type:

  • For Banks: BIC Code
  • For Merchants: Merchant ID
  • For FPX Merchants: Exchange ID
  • For DuitNow Pay Acquirer: Developer Portal Project Id
Email Address (E)Business email address
tip

These information can be seen on the top of your Certificate Management dashboard and the CSR you generate must match these information

Company Info

Generate on Windows Platform

Generation of Private Key and CSR at Merchant’s/TPA’s End.

Step 1: Generation of Private Key

openssl genrsa -out <file_name_pvt>.key 2048
info

Note: EX00000298 is used for the filename during key generation for illustration purpose only.

C:\openssl\bin> openssl genrsa -out EX80000298.key 2048

WARNING: can't open config file: C:/OpenSSL/openssl.cnf
Generating RSA private key, 2048 bit long modulus
. . . . . . . . . . . . . . . . . . . . . . . . . . .+++
. . . . . . . . . . . . . . . . . . . . . . . . . .+++
unable to write 'random state'
e is 65537 (0x10001)

Step 2: Generation of CSR

openssl req -out <file_name_csr>.csr -key <file_name_key>.key -new -sha256
C:\openssl\bin> openssl req -out EX00000298.csr -key EX80000298.key -new-sha256

Step 3: Information that will be incorporated into the certificate request. Please leave a challenge password and an optional company name blank.

What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [XX]:MY
State or Province Name (full name) []: Kuala Lumpur
Locality Name (eg, city) [Default City]: 50600
Organization Name (eg, company) [Default Company Ltd]: XYZ Sdn. Bhd.
Organizational Unit Name (eg, section) []: PayNet FPX
Common Name (eg, your name or your server's hostname) []: EX00000298
Email Address []: johdoe@gmail.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password [ ]:
An optional company name [ ]:
  • Sample of Private Key
--BEGIN PRIVATE KEY--
MIIEVAIBADANBgkqhkiG9w0BAQEFAASCBKgwggSKAgEAAoIBAQDQnJqYYBVNBEAJ
MI3jfTmo7PHTjw7ngyc0Y1sQJpGCWYvorv4nNtfWqUraq5Y69nT131pMrXWak9tA
uuwrzTDeyeE0seHaNkj@CRuLA1SpnySTBKLQ4JbMiq0gsolvHBj4eItUgLqP8Vqb
ma17zTeBsCLdW7teulzrhPqgNxKMLBQswOnisDunxBpVRRmdoYAhF6AFdIL+XOKO
t5GYENOPFrfoPQNPqV+rTD8D6TT180lXhRICwKWBZCJCgGFNKYAao8B5I/sqKajE
ju4HlKnPdky5tnaEXoiBLtQxrJJUWLP+usZ0m+EHppGArGNgW0BXP67c/W8a6rMr
4hbH+ZABAgMBAAECggEALBYRUZqjpm/Rmd/cgPgf@yqXUCb1/dprzcoQmm+tYSTS
Qte0AnjEVy3hGDAKSj+HJHYAOaqMLa2KNTvRaMmwxctmhZ//pAbkkl/CpTiFFIEE
WNooG4CCHCpMw1Q+N/p3BUNoIuw9huaARFrQplcUn6XBGZGmIZfBIKQYQuKjteDR
BJCewIdh9fxRfkaa6vMdxbUK0hzwWYChwQmR/uqARKXDm1119QRTUG9Z4VpjvHNM
mI7X+ntwQTyc3KXgSedD5h80D/tDyQA16cbbX12EHY00A/zWBXXPUG/VlbMXiLjU
hrhvlnEmoiuqfEyfKowgAIlg77d0rK0crv02M5BHSQKBgQDcku16UrsHJCY2ZKym
AKALQXtn8w15RvZojHK2Hj+pUcHU9TUADrgyztem2LcyPdWSJo+CvmqCTc46fJNJ
Z4fiFv80UwbnfNlB5T6NjCuqotHwm23yyvv0m5pYVnPc5Pt/+IRz/MiugyrY/zsT
7U5q6h2QNH1peMGEE4gzvUgt9QKBgQDyHdddXRSZrzVEulHcw5PWeFSLAToaVeyj
ax34pSLB4yB9/gts0rn4t0/wH+KE3Vzv40g/xW/pjZIGMYlrsUZThzm00Qn64ZfN
SY6SsBQ2/OeLUXAe5IFCQrFNKjyjoWHvRfHtsvFcy+UKyQ+Ph4gKFwzPwgXL/rcI
OgB0smtrzwKBgB8FZvK6KeWSNVGVbRaX4Gv01KdE7pMs4MDJZ+SnEmr8vZb2uXJ9
n3g900R9PB6LxbqdQ7eukgoraSKenJRJRD004+nG64So8WESHYUIvqdr6Ly/D1KD
K7Dd/3IHDpp1dc2EpRQu7AZnGiKUmrltuYad@HSUFULVIdoyaQhlyX31AOGBAKTV
KTHD4XW0QqB4IK44WWY/+KGRrWglYpgMr5UjwaK90/Q4bMYMY3410p+EyQXj2pza
5LwUnuFGFNRVSJ0hXZwnQVGGG7tZlNTXKBXLd2niLUXeC3gwB91AptG/VSHPHW0n
g+B+hyfFClmnkD8hf84H18VsEhDeiwdCo+7bYIXHAOGBANTUbrrSHszHy98TNQI2
hdfge5b20Y650YVOzfGeBZZKGH88nsokEdnU02qxz1nPyc8twq@st6xEqsmKtZFH
B2nqtbf6y0g703uPFx63XDNiZ17zm7XZj6ZiDQGZgcqPgVQDc9MDMhHaiXcXbDl+
PyVhyMjcLV9kmpmhMaNz/LGK
-----END PRIVATE KEY‒‒‒‒‒
  • Sample of CSR File
-BEGIN CERTIFICATE REQUEST-
MIIDKJCCAHICAQAwgbQxCzAJBgNVBAYTAK1ZMRUWEWYDVQQIDAXLdWFsYSBMdW1w
dXIXGTAXBgNVBACMEFcuUCBLdWFsYSBMdW1wdXIXFTATBgNVBAoMDELwb20gU2Ru
IEJIZDEYMBYGA1UECwwPQ2VydCBNYW5hZ2VtZW50MRwwGgYDVQQDDBNERVZQT1JU
QUwUUEFZTKVULK1ZMSQwIgYJKoZIhvcNAQKBFhVmYWl6Lmhhc251bEBwYXluZXQu
bXkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDWAwggEKAoIBAQDQnJqyYBVNBeAJMI3j
fTmo7PHTjw7ngyc0Y1sQJpGCWYvorv4nNtfWqUraq5Y69nTl31pMrXWak9tAuuwr
ZTDeyeEoseHaNkj@CRuLA1SpnySTBKLQ4JbMiq0gsolvHBj4eItUgLqP8Vqbma17
zTeBsCLdW7teulzrhPqgNxkMLBQswonisDunxBpVRRmdoYAhF6AFdIL+xoK0t5G
ENOPFrfoPQNPqV+rTD8D6TTi80lXhRICwKWBZCJCgGfNKYAao8B51/sqKajEju4H
lKnPdky5tnaEXoiBLtQxrJJUWLp+usZOm+EHppGArGNgW0BXP67c/W8a6rMr4hbH
+ZABAgMBAAGgMDATBgkqhkiG9w0BCQIXBgwESXBvajAZBgkqhkiG9w0BCQCXDAWK
MjEwNDkwVyFzZTANBgkqhkiG9w0BAQsFAAOCAQEADWT3wdhXxlapEjGcMqPiCsN9
7Du6AwHeUwVDkYwvFJGYOCPmZPIuk10cX4ItlY+DnJfm5AKIN834RZ90SUL2pSe+
OdeTwNbZzxxfNYUG4FisrInoInRRbSgTSXHz9TMeWYSRywTjEwOmAj/Fk9uwMW5Q
8xw09t0n/d08NTNUeqgaHcwnbRJgUYMNhL60MQhUKOY5mplkx+gheNcaT8Gj9h9Y
vY7B7jyb5gqqGAhWBVt5UtUnz6x8D7606sAqh9LJdYkBUpm+FQopc40H8jEHTAOB
CLC02dJLGto6CS5xs1vu4rDmo3xgJKvm6jZaSr8h/+14oq8u/hn8n5pnB4VvMw==
-END CERTIFICATE REQUEST-

Generate on Linux Platform

Generation of Private Key and CSR at Merchant’s/TPA’s End.

Step 1: Generation of Private Key

openssl genrsa -out <file_name_key>.key 2048
info

Note: EX00000298 file name is use for illustration purpose only.

[user@fedora ~]$ openssl genrsa -out EX00000298.key 2048

Step 2: Generation of CSR

openssl req -out <file_name_csr>.csr -key <file_name_key>.key -new -sha256
[user@fedora ~]$ openssl req -out EX00000298.csr -key EX00000298.key -new -sha256
  • Information that will be incorporated into the certificate request. Please leave a challenge password and an optional company name blank.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [XX]:MY
State or Province Name (full name) []: Kuala Lumpur
Locality Name (eg, city) [Default City]: 50600
Organization Name (eg, company) [Default Company Ltd]: XYZ Sdn. Bhd.
Organizational Unit Name (eg, section) []: PayNet FPX
Common Name (eg, your name or your server's hostname) []: EX00000298
Email Address []: johdoe@gmail.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password [ ]:
An optional company name [ ]:
  • Sample of Private Key
--BEGIN PRIVATE KEY--
MIIEVAIBADANBgkqhkiG9w0BAQEFAASCBKgwggSKAgEAAoIBAQDQnJqYYBVNBEAJ
MI3jfTmo7PHTjw7ngyc0Y1sQJpGCWYvorv4nNtfWqUraq5Y69nT131pMrXWak9tA
uuwrzTDeyeE0seHaNkj@CRuLA1SpnySTBKLQ4JbMiq0gsolvHBj4eItUgLqP8Vqb
ma17zTeBsCLdW7teulzrhPqgNxKMLBQswOnisDunxBpVRRmdoYAhF6AFdIL+XOKO
t5GYENOPFrfoPQNPqV+rTD8D6TT180lXhRICwKWBZCJCgGFNKYAao8B5I/sqKajE
ju4HlKnPdky5tnaEXoiBLtQxrJJUWLP+usZ0m+EHppGArGNgW0BXP67c/W8a6rMr
4hbH+ZABAgMBAAECggEALBYRUZqjpm/Rmd/cgPgf@yqXUCb1/dprzcoQmm+tYSTS
Qte0AnjEVy3hGDAKSj+HJHYAOaqMLa2KNTvRaMmwxctmhZ//pAbkkl/CpTiFFIEE
WNooG4CCHCpMw1Q+N/p3BUNoIuw9huaARFrQplcUn6XBGZGmIZfBIKQYQuKjteDR
BJCewIdh9fxRfkaa6vMdxbUK0hzwWYChwQmR/uqARKXDm1119QRTUG9Z4VpjvHNM
mI7X+ntwQTyc3KXgSedD5h80D/tDyQA16cbbX12EHY00A/zWBXXPUG/VlbMXiLjU
hrhvlnEmoiuqfEyfKowgAIlg77d0rK0crv02M5BHSQKBgQDcku16UrsHJCY2ZKym
AKALQXtn8w15RvZojHK2Hj+pUcHU9TUADrgyztem2LcyPdWSJo+CvmqCTc46fJNJ
Z4fiFv80UwbnfNlB5T6NjCuqotHwm23yyvv0m5pYVnPc5Pt/+IRz/MiugyrY/zsT
7U5q6h2QNH1peMGEE4gzvUgt9QKBgQDyHdddXRSZrzVEulHcw5PWeFSLAToaVeyj
ax34pSLB4yB9/gts0rn4t0/wH+KE3Vzv40g/xW/pjZIGMYlrsUZThzm00Qn64ZfN
SY6SsBQ2/OeLUXAe5IFCQrFNKjyjoWHvRfHtsvFcy+UKyQ+Ph4gKFwzPwgXL/rcI
OgB0smtrzwKBgB8FZvK6KeWSNVGVbRaX4Gv01KdE7pMs4MDJZ+SnEmr8vZb2uXJ9
n3g900R9PB6LxbqdQ7eukgoraSKenJRJRD004+nG64So8WESHYUIvqdr6Ly/D1KD
K7Dd/3IHDpp1dc2EpRQu7AZnGiKUmrltuYad@HSUFULVIdoyaQhlyX31AOGBAKTV
KTHD4XW0QqB4IK44WWY/+KGRrWglYpgMr5UjwaK90/Q4bMYMY3410p+EyQXj2pza
5LwUnuFGFNRVSJ0hXZwnQVGGG7tZlNTXKBXLd2niLUXeC3gwB91AptG/VSHPHW0n
g+B+hyfFClmnkD8hf84H18VsEhDeiwdCo+7bYIXHAOGBANTUbrrSHszHy98TNQI2
hdfge5b20Y650YVOzfGeBZZKGH88nsokEdnU02qxz1nPyc8twq@st6xEqsmKtZFH
B2nqtbf6y0g703uPFx63XDNiZ17zm7XZj6ZiDQGZgcqPgVQDc9MDMhHaiXcXbDl+
PyVhyMjcLV9kmpmhMaNz/LGK
-----END PRIVATE KEY‒‒‒‒‒
  • Sample of CSR File
-BEGIN CERTIFICATE REQUEST-
MIIDKJCCAHICAQAwgbQxCzAJBgNVBAYTAK1ZMRUWEWYDVQQIDAXLdWFsYSBMdW1w
dXIXGTAXBgNVBACMEFcuUCBLdWFsYSBMdW1wdXIXFTATBgNVBAoMDELwb20gU2Ru
IEJIZDEYMBYGA1UECwwPQ2VydCBNYW5hZ2VtZW50MRwwGgYDVQQDDBNERVZQT1JU
QUwUUEFZTKVULK1ZMSQwIgYJKoZIhvcNAQKBFhVmYWl6Lmhhc251bEBwYXluZXQu
bXkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDWAwggEKAoIBAQDQnJqyYBVNBeAJMI3j
fTmo7PHTjw7ngyc0Y1sQJpGCWYvorv4nNtfWqUraq5Y69nTl31pMrXWak9tAuuwr
ZTDeyeEoseHaNkj@CRuLA1SpnySTBKLQ4JbMiq0gsolvHBj4eItUgLqP8Vqbma17
zTeBsCLdW7teulzrhPqgNxkMLBQswonisDunxBpVRRmdoYAhF6AFdIL+xoK0t5G
ENOPFrfoPQNPqV+rTD8D6TTi80lXhRICwKWBZCJCgGfNKYAao8B51/sqKajEju4H
lKnPdky5tnaEXoiBLtQxrJJUWLp+usZOm+EHppGArGNgW0BXP67c/W8a6rMr4hbH
+ZABAgMBAAGgMDATBgkqhkiG9w0BCQIXBgwESXBvajAZBgkqhkiG9w0BCQCXDAWK
MjEwNDkwVyFzZTANBgkqhkiG9w0BAQsFAAOCAQEADWT3wdhXxlapEjGcMqPiCsN9
7Du6AwHeUwVDkYwvFJGYOCPmZPIuk10cX4ItlY+DnJfm5AKIN834RZ90SUL2pSe+
OdeTwNbZzxxfNYUG4FisrInoInRRbSgTSXHz9TMeWYSRywTjEwOmAj/Fk9uwMW5Q
8xw09t0n/d08NTNUeqgaHcwnbRJgUYMNhL60MQhUKOY5mplkx+gheNcaT8Gj9h9Y
vY7B7jyb5gqqGAhWBVt5UtUnz6x8D7606sAqh9LJdYkBUpm+FQopc40H8jEHTAOB
CLC02dJLGto6CS5xs1vu4rDmo3xgJKvm6jZaSr8h/+14oq8u/hn8n5pnB4VvMw==
-END CERTIFICATE REQUEST-