Skip to main content
DocsCertificate ManagementGetting Started

Getting Started

This page introduces Certificate Management on the PayNet Developer Portal.

It explains what the service does, when certificates are required, and how participants should prepare before managing or renewing certificates.

What is Certificate Management?

Certificate Management is a service that manages the issuance, signing, and lifecycle of PKI (Public Key Infrastructure) certificates for PayNet participants.

The service is responsible for:

  • Signing participant public keys (via Certificate Signing Requests, CSR)
  • Managing certificate validity and renewal
  • Supporting PayNet product security requirements

Certificate Management is strictly a PKI service responsible for X.509 certificate issuance and lifecycle management. It does not handle SSL/TLS or mTLS connections, which are implemented by the consuming systems.


info

Private keys are always generated and stored by participants.

PayNet never receives or stores private keys.


Why PKI Certificates Are Required

PKI certificates are required to establish trust between participant systems and PayNet services. They are commonly used to:

  • Authenticate system identities
  • Ensure data integrity and confidentiality

The responsibility for configuring SSL/TLS using the issued certificates lies entirely with the participant’s system.

Before you begin

Before managing or renewing certificates, ensure that you have:

  • A registered Developer Portal account
  • Access to the One Stop Portal (OSP)
  • Appropriate roles and permissions to manage certificates
  • Clarity on the environment you are operating in (UAT or Production)
  • The ability to securely generate and store private keys
  • Basic familiarity with CSR (Certificate Signing Request) concepts



Certificate Renewal: Two Types of Signed Certificates

There are two types of certificate renewal processes. Refer to the appropriate type below for detailed renewal guidance:

PayNet signed
PayNet-signed
This certificate is issued and signed by PayNet. Participants can generate and manage the Certificate Signing Request (CSR) directly through the Developer Portal or PayNet Certificate Management system.
Learn moreSupported Products
CA signed
Authorised CA-Signed
In compliance with Bank Negara Malaysia (BNM) requirements, participants must use authorised CA-signed certificates for production (live) transactions. authorised CA-signed certificates provide verified identity assurance and encryption to ensure a secure, reliable, and trusted digital payment ecosystem across Malaysia’s financial network.
Learn moreSupported Products



Product Certificate Renewal Support

The following list outlines the products and services that support certificate renewal through the Certificate Management portal.

ProductsServicesSystem Verification / UATProduction / Live
DuitNow V3Transfer, QR, Request, Online Banking, Wallet, AutoDebit, ConsentPayNet-signedAuthorised CA -signed
DuitNow PayPayPayNet-signedPayNet signed
FPXFPXPayNet-signedPayNet signed

DuitNow V1 & V2

For DuitNow V1 & V2 renewal certificate, please contact PayNet support.



Next Step – Certificate Renewal

In this step, you’ll learn how to perform Certificate Renewal with PayNet-signed certificates.

Learn more