CSR Wizard   

Frequently Asked Questions

  • What is a Certificate Signing Request (CSR)?
  • The Certificate Signing Request (CSR) file is required to obtain a valid client certificate from Visa Developer if you are using a product (API) that implements Two-Way SSL authentication and/or Message Level Encryption (MLE). Separate CSR files are required for Two-Way SSL and MLE, each distinct for both Certification and Production environments in Visa Developer Center (VDC).

  • What is Two-Way SSL authentication?
  • Two-Way SSL stands for “Two-Way Secure Sockets Layer,” a method of authentication where both client and server authenticate each other. In Two-Way SSL authentication, also known as Mutual SSL (mTLS) or Mutual Authentication, the server verifies the client’s credentials by making sure the client certificate is valid (non-expired and issued by a trusted Certificate Authority), as well as the client’s digital signature is valid.

    For more information, please visit the Two-Way SSL page on VDC.

  • What is Message Level Encryption (MLE)?
  • Message Level Encryption provides enhanced security, protecting individual messages or data and ensuring only the intended recipient can receive them. SSL is designed to provide point-to-point security, which falls short for web/restful services because of a need for end-to-end security. MLE would provide that the message remains encrypted, even during these intermediate "hops (aka nodes)" where the traffic itself is decrypted before it arrives at Visa servers.

    MLE is required for APIs that primarily deal with sensitive transaction data (financial/non-financial) which could fall into one or several of the following categories:

    • PII (Personal Identification Information)
    • PAN (Personal Account Number)
    • PAI (Personal Account Information)

    For more information, please visit the Message Level Encryption page on VDC.

  • What is the CSR Wizard?
  • The CSR Wizard simplifies the process of creating a Certificate Signing Request (CSR) by providing users with a guided experience. The CSR Wizard auto-populates most of the required fields for a CSR with information from the project on VDC.

    This optional online tool allows users to request new certificates for both Two-Way SSL and Message Level Encryption in both Certification and Production environments on VDC. There are multiple tools that can be used to generate a CSR. The CSR Wizard helps generate command lines for creating CSRs using OpenSSL or Java Keytool.

  • Can the CSR Wizard create and upload a CSR?
  • No. The CSR Wizard does not create a CSR itself or upload it to Visa for a client. Instead, it creates command lines for a client to run and generate a CSR using Open SSL or Java Keytool in their own computing environment. The rest of the client experience remains unchanged.

  • Where can users access the CSR Wizard?
  • VDC will integrate the CSR Wizard into the “Going Live” workflow as well as for any instance of certificate creation, either request or renewal, from the project home page on Visa Developer Center. The CSR Wizard tool allows users to request new certificates for both Two-Way SSL and Message Level Encryption (MLE) in both Certification and Production environments on VDC.

  • What is “Going Live”? Where can users access this workflow?
  • The Going Live workflow is located on VDC and enables user to initiate the going live process, complete the necessary forms, obtain credentials, promote the project to the next higher environment, and make API calls.

    For more information, please visit the Going Live page on VDC.

  • Is the CSR Wizard tool optional?
  • Yes. The CSR Wizard is an optional online tool that assists VDC users in efficiently generating command lines for creating CSRs in Certification and Production environments of a Visa Developer project. Users who prefer to generate CSRs manually can continue to do so using their preferred tool, following the CSR generation content and sample command lines provided on the following web pages: Two-Way SSLMessage Level Encryption, and Going Live.

  • Which users will be affected by these changes?
  • Users will be impacted by these changes if they have a Visa Developer project for a Visa product or its API(s) implementing Two-Way SSL authentication and/or Message Level Encryption (MLE), or if they are requesting and/or replacing a new certificate in Certification and Production environments on VDC.

  • Why is the CSR Wizard unavailable in Sandbox environment on VDC?
  • In the Sandbox environment, a user may either continue to use Visa's default auto-generation feature provided, as shown below, or choose the "Submit my own CSR" option after manually generating a CSR using OpenSSL or Java Keytool. The auto-generation feature is not provided in Certification and/or Production environments.

  • What is acceptable for “Common Name” field?
  • This field must be a fully qualified domain name. Format should be hostname.domainname.com. This cannot have wildcard characters for hostname, and hostname should not be “www”. For example: services.company.com

    The input must be a valid domain name that meets the following criteria:

    i)      The total length must be between 6 and 64 characters

    ii)     Labels must start and end with an alphanumeric character (letters or digits)

    iii)    Labels can contain hyphens, but cannot start or end with a hyphen

    iv)    The domain must have at least two labels separated by dots (“.”)

    v)     The top-level domain (TLD) must be at least two characters long and consist of letters only

  • Are the pre-populated fields editable?
  • Users can edit most fields pre-populated by the CSR Wizard. The only field that cannot be changed is the “UID”.

  • Can users upload a manually generated CSR using the CSR Wizard?
  • No. This tool does not create the CSR itself. The CSR Wizard generates the “command lines” for a user to create a CSR using either OpenSSL or Java Keytool.

  • Is the CSR Wizard only available on Visa Developer Center?
  • Currently, the CSR Wizard tool is only available for Visa Developer Center (VDC) users.

  • Do all users have access to the CSR Wizard?
  • Users working on a Visa Developer project involving a Visa product or its API(s) that implement Two-Way SSL authentication and/or Message Level Encryption (MLE) can access the CSR Wizard tool for any instance of VDC certificate creation from the user's project home page in Certification and Production environments. This tool helps users efficiently generate command lines for creating a CSR, which is needed to request or replace a certificate in both Certification and Production environments on VDC.

  • Which type of certificates does the CSR Wizard support?
  • The CSR Wizard assists users with requesting and replacing certificates for Two-Way SSL authentication and/or Message Level Encryption (MLE) on VDC.

  • Are there instructions to help use the CSR Wizard?
  • Instructions for the CSR Wizard are provided on the following web pages: Going Live and Message Level Encryption.

Looking for term definitions? See the Glossary.

Can't find what you're looking for?

Ask the Community

Need to Talk to Visa?

Contact Us