The Certificate Signing Request (CSR) file is required to obtain a valid client certificate from Visa Developer if you are using a product (API) that implements Two-Way SSL authentication and/or Message Level Encryption (MLE). Separate CSR files are required for Two-Way SSL and MLE, each distinct for both Certification and Production environments in Visa Developer Center (VDC).
Two-Way SSL stands for “Two-Way Secure Sockets Layer,” a method of authentication where both client and server authenticate each other. In Two-Way SSL authentication, also known as Mutual SSL (mTLS) or Mutual Authentication, the server verifies the client’s credentials by making sure the client certificate is valid (non-expired and issued by a trusted Certificate Authority), as well as the client’s digital signature is valid.
For more information, please visit the Two-Way SSL page on VDC.
Message Level Encryption provides enhanced security, protecting individual messages or data and ensuring only the intended recipient can receive them. SSL is designed to provide point-to-point security, which falls short for web/restful services because of a need for end-to-end security. MLE would provide that the message remains encrypted, even during these intermediate "hops (aka nodes)" where the traffic itself is decrypted before it arrives at Visa servers.
MLE is required for APIs that primarily deal with sensitive transaction data (financial/non-financial) which could fall into one or several of the following categories:
For more information, please visit the Message Level Encryption page on VDC.
The CSR Wizard simplifies the process of creating a Certificate Signing Request (CSR) by providing users with a guided experience. The CSR Wizard auto-populates most of the required fields for a CSR with information from the project on VDC.
This optional online tool allows users to request new certificates for both Two-Way SSL and Message Level Encryption in both Certification and Production environments on VDC. There are multiple tools that can be used to generate a CSR. The CSR Wizard helps generate command lines for creating CSRs using OpenSSL or Java Keytool.
No. The CSR Wizard does not create a CSR itself or upload it to Visa for a client. Instead, it creates command lines for a client to run and generate a CSR using Open SSL or Java Keytool in their own computing environment. The rest of the client experience remains unchanged.
VDC will integrate the CSR Wizard into the “Going Live” workflow as well as for any instance of certificate creation, either request or renewal, from the project home page on Visa Developer Center. The CSR Wizard tool allows users to request new certificates for both Two-Way SSL and Message Level Encryption (MLE) in both Certification and Production environments on VDC.
The Going Live workflow is located on VDC and enables user to initiate the going live process, complete the necessary forms, obtain credentials, promote the project to the next higher environment, and make API calls.
For more information, please visit the Going Live page on VDC.
Yes. The CSR Wizard is an optional online tool that assists VDC users in efficiently generating command lines for creating CSRs in Certification and Production environments of a Visa Developer project. Users who prefer to generate CSRs manually can continue to do so using their preferred tool, following the CSR generation content and sample command lines provided on the following web pages: Two-Way SSL, Message Level Encryption, and Going Live.
Users will be impacted by these changes if they have a Visa Developer project for a Visa product or its API(s) implementing Two-Way SSL authentication and/or Message Level Encryption (MLE), or if they are requesting and/or replacing a new certificate in Certification and Production environments on VDC.
In the Sandbox environment, a user may either continue to use Visa's default auto-generation feature provided, as shown below, or choose the "Submit my own CSR" option after manually generating a CSR using OpenSSL or Java Keytool. The auto-generation feature is not provided in Certification and/or Production environments.
This field must be a fully qualified domain name. Format should be hostname.domainname.com. This cannot have wildcard characters for hostname, and hostname should not be “www”. For example: services.company.com
The input must be a valid domain name that meets the following criteria:
i) The total length must be between 6 and 64 characters
ii) Labels must start and end with an alphanumeric character (letters or digits)
iii) Labels can contain hyphens, but cannot start or end with a hyphen
iv) The domain must have at least two labels separated by dots (“.”)
v) The top-level domain (TLD) must be at least two characters long and consist of letters only
Users can edit most fields pre-populated by the CSR Wizard. The only field that cannot be changed is the “UID”.
No. This tool does not create the CSR itself. The CSR Wizard generates the “command lines” for a user to create a CSR using either OpenSSL or Java Keytool.
Currently, the CSR Wizard tool is only available for Visa Developer Center (VDC) users.
Users working on a Visa Developer project involving a Visa product or its API(s) that implement Two-Way SSL authentication and/or Message Level Encryption (MLE) can access the CSR Wizard tool for any instance of VDC certificate creation from the user's project home page in Certification and Production environments. This tool helps users efficiently generate command lines for creating a CSR, which is needed to request or replace a certificate in both Certification and Production environments on VDC.
The CSR Wizard assists users with requesting and replacing certificates for Two-Way SSL authentication and/or Message Level Encryption (MLE) on VDC.
Instructions for the CSR Wizard are provided on the following web pages: Going Live and Message Level Encryption.
Looking for term definitions? See the Glossary.