CSR algorithm/size is incorrect.Expected RSA 2048

Question

I am trying to integrate apple pay with braintree. I have followed up the following instructions to enable apple pay in the brain tree. In the first step, if you click on certificate signing request, it downloads a braintree_app_pay.certSigningRequest file which is used in the apple membership.

When I choose to create payment process certificate, I am getting the following error.

Answer 1

complimenting what @zepp said, you need to specify when creating CRS, and you can that by following the process below

1. Go to Keychain Access
2. Click on Certificate Assistance
3. Click on Request Certificate from Certificate Authority (click for image)
4. Enter all information and click on "Let me specify key pair Information"checkbox, then click on Continue
5. Select KeySize to be 256 and Algorithm to be ECC (click for image)
6. Then click on continue.

Answer 2

_{Full disclosure: I work at Braintree. If you have any further questions, feel free to contact our Support team.}

Make sure you're selecting the Apple Pay Certificate option under Production (even if this is for a Sandbox; see the Braintree Apple Pay configuration docs for details) when choosing the type of certificate to add in the Apple Developer portal. Apple Pay CSRs should be generated with ECC, not RSA.

Here's what the CSR prompt screen should look like. Although you'll be uploading the CSR obtained from Braintree instead of generating one, note Apple's specifications for the key:

Answer 3

Please follow below steps[If use Apple Pay with stripe or any other payment gateway]:

1. Double click on CSR (Downloaded from Stripe), [It will open Certificate Assistant]
2. Click on Continue
3. Select 'Request a certificate from an existing CA', and Continue
4. In Certificate Information screen, Enter User Email Address, Common Name, Leave CA Email Address empty, Select 'Saved to disk & checked Let me specify key pair information' [Select your specific location and save]
5. In Key Pair Information screen, select 'ECC' algorithm & select Key size : 256 bits and continue.

Now use this CSR in your payment processing certificate.

Answer 4

This issue is not specific to Apple Pay or Braintree - I ran into the same issue when trying to create a CSR for getting a Safari certificate from Apple.

What's important to know is that you need to select the iCloud keychain before using the Request Certificate from Certificate Authority command. If you don't, another keychain may be active, causing wrong keys to be used.