Request the mutual authentication certificates

Batch Service Authentication

The communication between Batch Service and PagoPA endpoints uses TLS 1.2 with mutual authentication. The client certificate for acquirers will be issued by PagoPA using its own private certification authority, please follow the next steps in order to get your certificates (one for UAT environment, one for PROD environment).

Personalize the configuration template

Use the PagoPA configuration template to generate both UAT and PROD Certificate Signing Request. Run the following command to download it:

wget https://raw.githubusercontent.com/pagopa/cstar-cli/main/integration_check/certificate_configuration_template.cnf

After the download you must edit the configuration template according to actual Sender information.

Below the section that must be customized:

[ dn ]
countryName         = IT
stateOrProvinceName = Yourcity
localityName        = Yourcity
organizationName    = COMPANY_NAME S.p.A.
commonName          = Certificato client Batch Service - COMPANY_NAME S.p.A.
emailAddress        = youremail@COMPANY_NAME.it

To obtain a compliant csr file please don't remove any field of the configuration template.

For PROD environment emailAddress must match the one specified in the agreement with PagoPA.

If you have not yet signed the agreement please do not proceed with the request in PROD environment!

Generate a certificate request file

Use the following command to generate the csr file and the related private key (please remember to customize COMPANY_NAME):

UAT Environment

openssl req -new -config certificate_configuration_template.cnf -keyout COMPANY_NAME_UAT.key -out COMPANY_NAME_UAT.csr

PROD Environment

openssl req -new -config certificate_configuration_template.cnf -keyout COMPANY_NAME_PROD.key -out COMPANY_NAME_PROD.csr

Once the csr file is created, send it by email to [email protected] with the following subject:

certificate COMPANY_NAME

PreviousOpen routesNextObtain an API key

Last updated