Key Management
Exchange Certificate
Below are the steps required for Merchants to generate the private key and certificate.
Certificate Generation (Windows Platform)
Generation of Private Key and CSR at Merchant’s/TPA’s End.
- Generation of Private Key
openssl genrsa -out <file_name_pvt>.key 2048
Note: EX00000298 is used for the filename during key generation for illustration purpose only.
- Generation of CSR
openssl req -out <file_name_csr>.csr -key <file_name_key>.key -new -sha256
- Information that will be incorporated into the certificate request. Please leave a challenge password and an optional company name blank.
- Sample of Private Key
- Sample of CSR File
Certificate Generation (Linux Platform)
Generation of Private Key and CSR at Merchant’s/TPA’s End.
- Generation of Private Key
openssl genrsa -out <file_name_key>.key 2048
Note: EX00000298 file name is use for illustration purpose only.
- Generation of CSR
openssl req -out <file_name_csr>.csr -key <file_name_key>.key -new -sha256
- Information that will be incorporated into the certificate request. Please leave a challenge password and an optional company name blank.
- Sample of Private Key
- Sample of CSR File
Procedure for Merchant Certificate Request in UAT Environment
Note: We are acccepting a self-signed cert for testing environment and highly encourage to submit the cert via Paynet Developer Portal's Project section.
Merchant should generate their own PKI key pair and ensure that the PKI private key is store in a secure device. The PKI key pair can be generated using OpenSSL tool.
OpenSSL is compatible for Windows, Linux and Unix-based OS and can be obtained from the following site of OpenSSL (http://www.openssl.org). Information on the “certificate generating utility” can be viewed at http://www.openssl.org/docs/apps/req.html. Refer to PKI Key Pair Generation Using Open SSL document for more details.
The PKI certificate is in .cer format with 2048 bytes while the signing algorithm is in RSA.
The signed value is in hexadecimal format.
Merchant to submit the CSR file to PayNet for approval.
PayNet Security Administrator to approve the request.
PayNet to upload and authorize Merchant Certificate in FPX Webview.
Merchant will receive the new certificate from PayNet. Merchant to store the new exchange certificate in the server.
Procedure for Merchant Certificate Request in Production Environment
Merchant should generate their own PKI key pair and ensure that the PKI private key is store in a secure device. The PKI key pair can be generated using OpenSSL tool.
OpenSSL is compatible for Windows, Linux and Unix-based OS and can be obtained from the following site of OpenSSL (http://www.openssl.org). Information on the “certificate generating utility” can be viewed at http://www.openssl.org/docs/apps/req.html. Refer to PKI Key Pair Generation Using Open SSL document for more details.
The PKI certificate is in .cer format with 2048 bytes while the signing algorithm is in RSA.
The signed value is in hexadecimal format.
Merchant to Submit the CSR file to MSC Trustgate for approval via the following URL:
https://onsite.msctrustgate.com/services/PaymentsNetworkMalaysiaSdnBhdFPX/digitalidCenter.htm
PayNet Security Administrator to approve the request.
PayNet to upload and authorize Merchant Certificate.
Merchant will receive the new certificate from MSC Trustgate. Merchant to store the new exchange certificate in the server.
FPX Certificate
Download and install latest FPX Certificate
You may download latest FPX certificate under resources section.
Renewal of FPX Certificate
Below is the naming convention that has to be followed for renewal process:
- UAT → change from fpxuat.cer to fpxuat_current_cer