Showing results for 
Search instead for 
Did you mean: 

How to Create .pem File for Apple Pay

I am creating payment functionality with Apple Pay. I have used the CSR file to create a merchant_id.CER file from Apple developer portal.

using curl 

curl --data '{"merchantIdentifier":"merchant.xxxxx", "domainName":"", "displayName":"xxxxx xxx xxxxx", "initiative": "web", "initiativeContext": ""}' -H "Content-Type: application/json" -X POST --cert ./certificates/merchant_id.cer
It's returning an error
curl: (58) could not load PEM client certificate, LibreSSL error error:09FFF06C:PEM routines:CRYPTO_internal:no start line, (no key found, wrong pass phrase, or wrong file format?)
I looked at sample project for Apple Pay JS and i noticed a pem file.
How Do We Create a pem file using cer file?
Based on Apple Documentation - It looks like we need a private key (root of the csr file) to create the pem file 

To create a Payment Processing certificate

In Member Center, select Certificates, Identifiers & Profiles. Under Identifiers, select Merchant IDs. Select the merchant ID from the list, and click Edit. In the Payment Processing Certificates section. click Create Certificate.


I also want to create the .pem file. I have the merchant_id.cer and apple_pay.cer but don't know how to create it.

I have create the files. I followed the following link

if you do not want to create the separate files from p12 file then you can use the below command to create a single file.

$ openssl pkcs12 -in Certificates.p12 -out apple-pay-cert.pem -nodes -clcerts

you can test the created fine using the curl command.

$ curl -gv --data '{"merchantIdentifier":"", "initiativeContext":"", "initiative":"web", "displayName":"Apple Pay Testbed"}' --cert /path/to/pem/apple-pay-cert.pem

modify the different values according to your setup.

Using curl I am getting the proper response but when I host my core code on server the it is not working.

Below is the code sample.

var certificateBytes = await System.IO.File.ReadAllBytesAsync(certificatePath);
var certificate = new X509Certificate2(certificateBytes);
// Prepare the request data
var requestData1 = new
merchantIdentifier = "",
initiativeContext = "",
initiative = "web",
displayName = "Stagger.AllFilters.Com"
var jsonRequestData = JsonConvert.SerializeObject(requestData1);
var content = new StringContent(jsonRequestData, Encoding.UTF8, "application/json");

// Create the HTTP client
var handler = new HttpClientHandler()
ClientCertificateOptions = ClientCertificateOption.Manual,
SslProtocols = SslProtocols.Tls12 | SslProtocols.Tls13,
AutomaticDecompression = DecompressionMethods.Deflate | DecompressionMethods.GZip,

var client = new HttpClient(handler);

// Send the request
var response = await client.PostAsync(requestData.validationUrl, content);

// Read the response
var responseContent = await response.Content.ReadAsStringAsync();
if (response.IsSuccessStatusCode)
return Ok(responseContent);
return BadRequest(responseContent);