Apple Pay Certificates
Copy page
Copy page as Markdown for LLMs
Open in ChatGPT
Ask questions about this page
Open in Claude
Ask questions about this page
To accept Apple Pay payments, you need to set up certificates that allow secure communication between Apple and Amazon Payment Services. This guide shows you how to create and configure these certificates step by step.
How Apple Pay Certificates Work
The Apple Pay certificate setup process follows these steps:
Certificate Generation
Create Payment Processing and Merchant Identity certificates through Apple Developer Portal.
Domain Validation
Validate your website domains with Apple (web integration only).
Certificate Upload
Upload Payment Processing Certificate to Amazon Payment Services.
Integration Testing
Test certificate configuration to ensure everything works correctly.
Prerequisites
Before setting up Apple Pay certificates, ensure you have:
-
Apple Developer Account
Active Apple Developer Program membership ($99/year) -
Development Environment
- Mac computer with Keychain Access
- Valid SSL certificate for your website
- Access to upload files to your web server
-
Security Credentials
Access to your Amazon Payment Services account to upload certificates
For business accounts, you'll need a DUNS number. Get one free at dnb.com.
Integration Steps
Create Apple Developer Account
- Go to developer.apple.com
- Click Account and sign in with your Apple ID
- Enable two-factor authentication (required)
- Click Join the Apple Developer Program
- Choose Individual or Company account type
- Pay the $99 annual fee
- Wait for approval (1-2 days for individual, up to 7 days for company)
Create Merchant ID
- Log in to Apple Developer Portal
- Go to Certificates, Identifiers & Profiles
- Click Identifiers → Add (+)
- Select Merchant IDs → Continue
- Enter:
- Description: "Your Store Apple Pay"
- Identifier:
merchant.com.yourstore.payments
- Click Continue → Register
- Save your Merchant ID for later
Generate Payment Processing Certificate
Create Certificate Request on Mac:
- Open Keychain Access on your Mac
- Go to Keychain Access → Certificate Assistant → Request a Certificate from a Certificate Authority
- Fill in:
- Email: Your Apple Developer email
- Common Name: "Apple Pay Payment Processing Certificate"
- CA Email: Leave blank
- Select Saved to disk and Let me specify key pair information
- Choose ECC and 256 bits
- Save the file to your desktop
Create Certificate in Apple Developer Portal:
- In Apple Developer Portal, select your Merchant ID
- Under Apple Pay Payment Processing Certificate, click Create Certificate
- Select No for China processing
- Upload your certificate request file
- Click Continue → Download
Convert to .p12 Format:
- Double-click the downloaded certificate to install it
- Open Keychain Access → My Certificates
- Find your certificate and select both the certificate and key
- Right-click → Export 2 items
- Save as .p12 format with a strong password
- Remember this password!
Upload to Amazon Payment Services
- Log in to your Amazon Payment Services account
- Go to Integration Settings → Apple Pay
- Click Upload Certificate
- Select your
.p12file - Enter your certificate password
- Click Save
- Verify the status shows Active
Certificates expire after 1 year. Set a calendar reminder to renew 30 days before expiration.
Additional Steps for Web Integration
If you're integrating Apple Pay on a website, complete these additional steps:
Validate Your Domain
- In Apple Developer Portal, select your Merchant ID
- Under Merchant Domains, click Add Domain
- Enter your domain (e.g.,
checkout.yourstore.com) - Click Save
- Click Download to get the validation file
- Upload this file to your website at:
https://yourdomain.com/.well-known/apple-developer-merchantid-domain-association - Test the URL in your browser to make sure it works
- Click Verify in Apple Developer Portal
The validation file expires in 24 hours if not verified. Download a new one if needed.
Create Merchant Identity Certificate
- Create another certificate request in Keychain Access (same process as Payment Processing Certificate)
- Use Common Name: "Apple Pay Merchant Identity Certificate"
- In Apple Developer Portal, under Apple Pay Merchant Identity Certificate, click Create Certificate
- Upload your certificate request
- Download and install the certificate
- Export as
.p12format
For server use, convert to PEM format:
# Extract private key
openssl pkcs12 -in merchant_identity.p12 -out merchant_identity.key.pem -nocerts -nodes
# Extract certificate
openssl pkcs12 -in merchant_identity.p12 -out merchant_identity.crt.pem -clcerts -nokeys
For mobile app integration, you only need to complete the main integration steps (1-4). Domain validation and Merchant Identity Certificate are not required for mobile apps.
Testing Your Setup
Test if your certificates work by running this command (web integration only):
curl -d '{"merchantIdentifier":"merchant.your.identifier", "initiativeContext":"yourdomain.com", "initiative":"web", "displayName":"Your Store"}' \
--cert merchant_identity.crt.pem \
--key merchant_identity.key.pem \
https://apple-pay-gateway.apple.com/paymentservices/startSession
If successful, you'll get a JSON response with session data.
Check Certificate Status
To check your Apple Pay integration status, refer to the Check Transaction Status section.
Handling Certificate Issues
If you encounter certificate issues, contact our support team for assistance.
Troubleshooting
Common Issues:
| Problem | Solution |
|---|---|
| "Invalid certificate" | Re-download from Apple Developer Portal |
| "Certificate expired" | Create a new certificate |
| "Domain validation failed" | Check your validation file is accessible |
| "Merchant ID mismatch" | Verify your merchant identifier |
Video Tutorial
Watch our comprehensive video guide that walks through the entire certificate setup process:
Go-Live
Test your integration using Apple's test cards and sandbox environment.
Make sure to visit our go-live checklist to go live with your integration.
Support
Need assistance with Apple Pay certificate setup? Our technical support team is here to help merchantsupport-ps@amazon.com.