Appendix 3 - Acquirer Services Authentication
The interactions for Acquirer batch services use a mutual authentication mechanism on TLS 1.2 protocol, through the exchange of public certificates, issued by a CA (certifying authority), used for verification by both actors with respect to the keys in their possession. For this mechanism to be applicable, the following is therefore necessary:
the Client must be configured to send requests over TLS 1.2 protocol, indicating a store containing the chain of certificates necessary to verify the reliability of the server on which the request is made; in addition, a store containing at least the private and public key with which the client authenticates with the machine contacted.
the API must be configured to accept requests over TLS 1.2 protocol, it must be configured to use a collection of keys on which to apply certificate verification, it must be configured to provide a public certificate, used by the Client for the authentication of the machine to which the request is directed.
To generate both UAT and PROD Certificate Signed Request it is necessary to use the following configuration template:
Placeholder fields (i.e. stateOrProvinceName, localityName, organizationName, commonName, emailAddress) must be customized according to actual Sender information (emailAddress must match the one specified in the agreement with PagoPA).
UAT Environment
The command to invoke for generating the csr file and its private key (using OpenSSL) is as follows (customize COMPANY_NAME):
openssl req -new -config certificate_configuration_template.cnf -keyout COMPANY_NAME_UAT.key -out COMPANY_NAME_UAT.csrPROD Environment
The command to invoke for generating the csr file and its private key (using OpenSSL) is as follows (customize COMPANY_NAME):
openssl req -new -config certificate_configuration_template.cnf -keyout COMPANY_NAME_PROD.key -out COMPANY_NAME_PROD.csrLast updated