--- title: "Use your own certificate for web" description: "Enable Apple Pay for your web integration with your own Apple Pay certificate." url: "https://docs.adyen.com/payment-methods/apple-pay/apple-pay-certificate/web" source_url: "https://docs.adyen.com/payment-methods/apple-pay/apple-pay-certificate/web.md" canonical: "https://docs.adyen.com/payment-methods/apple-pay/apple-pay-certificate/web" last_modified: "2023-11-24T15:52:00+01:00" language: "en" --- # Use your own certificate for web Enable Apple Pay for your web integration with your own Apple Pay certificate. [View source](/payment-methods/apple-pay/apple-pay-certificate/web.md) This page explains how to enable Apple Pay on your website with your own Apple Pay certificate. ## Requirements Before you begin, take into account the following requirements, limitations, and preparations. | Requirement | Description | | ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Integration type** | Make sure that you have built a Web Drop-in/Components integration using the Advanced or Sessions flow. | | **[Customer Area roles](/account/user-roles)** | Make sure that you have one of the following roles:- **Merchant admin** - **Manage API Credentials** | | **Setup steps** | Before you begin:- Make sure that you have an [Apple Developer account](https://developer.apple.com/) that is associated with either the [Apple Developer Program](https://developer.apple.com/programs/), or the [Apple Developer Enterprise Program](https://developer.apple.com/programs/enterprise/). - To get notifications when your Apple Pay certificate is about to expire, create a user with an email address that is linked to a group inbox or distribution list and has the **Account Holder** or **Admin** role. | ## How it works To add Apple Pay to your website with your own Apple Pay certificate, you must: 1. [Create merchant identifiers](#create-merchant-identifiers) in your Apple developer account, and enter them in your Customer Area. You must create separate merchant identifiers for test transactions and live transactions. 2. [Create a payment processing certificate](#create-payment-processing-certificate) for each merchant identifier, and add each certificate to the correct user in your Customer Area. Apple Pay uses this certificate to encrypt payment information, and we need to have this certificate to be able to decrypt and process the payment. 3. [Register and validate your merchant domain with Apple](#register-merchant-domain). 4. [Create a merchant identity certificate](#create-merchant-identity-certificate), convert it to a PEM file, and upload it to your server. This certificate is used to authenticate communication with the Apple Pay servers. 5. [Add Apple Pay as a payment method in your Customer Area](#add-apple-pay-as-a-payment-method). For information about server requirements for Apple Pay on the web, refer to the [Apple Developer portal](https://developer.apple.com/documentation/apple_pay_on_the_web/setting_up_your_server). ## Create merchant identifiers A merchant identifier uniquely identifies you as a merchant who is able to accept Apple Pay payments. You can use the same merchant identifier for multiple websites and iOS apps. To create merchant identifiers: 1. Log in to your Apple Developer account at [https://developer.apple.com](https://developer.apple.com/). 2. Follow the Apple Developer Account Help instructions to [create a merchant identifier](https://developer.apple.com/help/account/configure-app-capabilities/configure-apple-pay#create-a-merchant-identifier). Your merchant identifier must include the prefix **merchant.**. We recommend to use the prefix **merchant.com.adyen**. For example: **merchant.com.adyen.merchantAccount**.\ For test transactions, we recommend creating a merchant identifier with **.test** at the end. For example: **merchant.com.adyen.merchantAccount.test** 3. Log in to your Adyen [Customer Area](https://ca-test.adyen.com/) and go to **Developers** > **API credentials**. Select the web service user that will execute your Apple Pay transactions (**ws\@Company.****\[YourCompanyAccount]**). 4. In **Wallet payment methods** > **Apple Pay**, select **+ Add**. 5. Select **Use your own certificate** > **Continue**. 6. Enter the merchant identifier and select **Download CSR** > **Continue**. 7. Save the CSR. You will need it to create the payment processing certificate. ## Create payment processing certificate 1. Log in to your Apple Developer account at [https://developer.apple.com](https://developer.apple.com/). 2. Follow the Apple Developer Account Help instructions to create a payment processing certificate for [a website](https://developer.apple.com/help/account/configure-app-capabilities/configure-apple-pay#create-a-payment-processing-certificate): * Select a merchant identifier that you created [when you created your merchant identifiers](#create-merchant-identifiers). * Skip the step to create a certificate signing request. * In the step to select the certificate signing request file, select the CSR you created [when you created your merchant identifiers](#create-merchant-identifiers). * If at any time a question **Will payments associated with this Merchant ID be processed exclusively in China?** or similar appears, answer **No** and continue. * Download and save the generated payment processing certificate (CER or **.cer** file). 3. When you have completed the instructions from Apple, return to your Adyen Customer Area and go to **Developers** > **API credentials**. Select the web service user that will execute your Apple Pay transactions (**ws\@Company.****\[YourCompanyAccount]**). 4. Select the merchant identifier. 5. Upload the payment processing certificate and select **Continue**. ### Renew a payment processing certificate When your certificate expires, you have to renew it. Apple Pay requires time to fully activate your new payment processing certificate. During that time period, transactions may still use the old certificate. To renew a certificate: 1. Log in to your Adyen [Customer Area](https://ca-test.adyen.com/) and go to **Developers** > **API credentials**. 2. Select the relevant web service user. 3. Under **Apple Pay Certificates** select **Add**. 4. Enter the merchant identifier and download the CSR. Write down the start of the `KeyID` to help you locate it in step 6. 5. Go to the Apple development environment and follow the steps described there to get the CER. 6. In the **Apple Pay Certificates** section, select the certificate with the `KeyID` you noted in step 4. This will have the **Input needed** status. 7. Select the **eye icon** ![](/user/themes/adyen/images/illustrations/eye.svg). 8. In the dialog that pops up, click **Continue**, and upload the certificate. 9. Activate the new certificate on Apple's Developer Portal. Until this is completed, the old certificate will still be used. After the activation of the new certificate, the old certificate will continue to be used for about 4 hours after the activation of the new certificate. 10. Verify that the new certificate is in use for payments (see steps below). ### Verify which certificate is in use Apple gradually rolls out new certificates. This means that the old certificate remains active and might be used while the new certificate is being rolled out. To see which certificate is in use for a payment, follow these steps: 1. In the [/payments](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments) request, find the Base64-encoded JSON object `paymentMethod.applePayToken`: **Example /payments request** ```json { "paymentMethod" : { "applePayToken" : "eyJkYXRhIjoiSjc4QmtKTUp3TXFBM2dt........=", "type" : "applepay" } } ``` 2. Decode the `paymentMethod.applePayToken` object: **Example of a decoded applePayToken** ```json { "data": "J78BkJMJwM....=", "header": { "transactionId": "8996...", "ephemeralPublicKey": "MFkwEwYH....=", "publicKeyHash": "i4c9tRzBEIK4...." }, "signature": "MIAGCSqGSIb3D....=", "version": "EC_v1" } ``` The `publicKeyHash` contains the `KeyID` value of the certificate that was used for the payment. 3. In your [Customer Area](https://ca-test.adyen.com/), go to **Developers** > **API credentials**, and find the relevant web service user that made the payments. Under wallet payment methods, go to **Apple Pay Certificates**, and check the `KeyID`. If you see the `KeyID` for your old certificate, this may be due to the gradual rollout of Apple Certificates, and it does not mean that your setup is not successful. Four hours after the activation the rollout should be completed and you will no longer see payments using the old certificate. When you see the new certificate for an authorized payment, this confirms that all steps have been completed successfully. To remove the old certificate from the [Customer Area](https://ca-test.adyen.com/), go to **Apple Pay Certificates**, select the certificate with the applicable `KeyID`, and click the bin icon **. ## Register and validate your merchant domain This step doesn't apply when you are using our Salesforce Commerce Cloud plugin. Refer to our [Apple Pay documentation for the plugin](/plugins/salesforce-commerce-cloud/sfra/set-up-payment-methods?plugin=Salesforce%20SFRA\&integration=cartridge\&version=2latest\&tab=use_your_own_apple_pay_certificate_1_2#set-up-apple-pay-on-the-web) instead. 1. Log in to your Apple Developer account at [https://developer.apple.com](https://developer.apple.com/). 2. Follow the Apple Developer Account Help instructions to [register a merchant domain](https://developer.apple.com/help/account/configure-app-capabilities/configure-apple-pay-on-the-web#register-a-merchant-domain), but note the following: * In the step to select a merchant identifier, make sure you select the merchant identifier you created in [Step 1](#create-merchant-identifiers). ## Create a merchant identity certificate This step doesn't apply when you are using our Salesforce Commerce Cloud plugin. Refer to our [Apple Pay documentation for the plugin](/plugins/salesforce-commerce-cloud/sfra/set-up-payment-methods?plugin=Salesforce%20SFRA\&integration=cartridge\&version=2latest\&tab=use_your_own_apple_pay_certificate_1_2#set-up-apple-pay-on-the-web) instead. For each transaction, you need to [request an Apple Pay payment session](https://developer.apple.com/documentation/apple_pay_on_the_web/apple_pay_js_api/requesting_an_apple_pay_payment_session) using your Merchant Identity Certificate. In this step, you will create that certificate. 1. Log in to your Apple Developer account at [https://developer.apple.com](https://developer.apple.com/). 2. Follow the Apple Developer Account Help instructions to [create a merchant identity certificate](https://developer.apple.com/help/account/configure-app-capabilities/configure-apple-pay-on-the-web#create-a-merchant-identity-certificate), but note the following: * In the step to select a merchant identifier, make sure you select the merchant identifier you created in [Step 1](#create-merchant-identifiers). * Follow the instructions from Apple to create a CSR yourself. The CSR you received from us cannot be used for creating a merchant identity certificate. * Download and save the generated merchant identity certificate (**.cer** file). 3. When you have completed the instructions from Apple, add the merchant identity certificate to your keychain. 4. Export the certificate from your keychain as a p12 file. 5. Convert the p12 file to a PEM file using the following command: ```bash openssl pkcs12 -in your-file.p12 -out apple-pay-cert.pem -nodes -clcerts ``` 6. Upload the **apple-pay-cert.pem** file to your server. When requesting an Apple Pay payment session, use the full path to the **apple-pay-cert.pem** file. ## Add Apple Pay in your Customer Area [Add Apple Pay in your Customer Area](/payment-methods/add-payment-methods). You need to provide your: * **Merchant name**: the merchant account for which you want to set up Apple Pay. * **Merchant identifier**: the [merchant identifier you created](#create-merchant-identifiers). ## See also * [Apple Pay](/payment-methods/apple-pay) * [Apple Pay for Web](/payment-methods/apple-pay/web)