Guides
Dashboard ↗

Apple Pay certificate management

Apple Pay Certificate Management

Apple Pay requires two types of certificates to process payments. Both can be rotated from the ProcessOut Dashboard without downtime — ProcessOut uses the new certificate only after you activate it.

Certificate types

CertificatePurpose
Payment ProcessingEncrypts payment tokens; ProcessOut decrypts them server-side using the paired private key
Merchant IdentityAuthenticates your server to Apple when creating payment sessions (Apple Pay on the Web)

Rotating the Payment Processing Certificate

Rotate this certificate when it is expiring, or when you need to re-key for security reasons.

  1. In your ProcessOut Dashboard, open Providers → Apple Pay and select your configuration.
  2. Under Payment Processing Certificate, click Rotate certificate. ProcessOut generates a new CSR and makes it available for download.
  3. Download the CSR file.
  4. In the Apple Developer Portal, navigate to your Merchant ID and click Create Certificate under Apple Pay Payment Processing Certificate.
  5. Upload the CSR file. Apple signs it and provides a .cer certificate file.
  6. Download the .cer from Apple Developer Portal.
  7. Upload the .cer in the ProcessOut Dashboard. ProcessOut validates and activates the new certificate.

Rotating the Merchant Identity Certificate

Rotate this certificate when it is expiring or has been revoked.

  1. In your ProcessOut Dashboard, open Providers → Apple Pay and select your configuration.
  2. Under Merchant Identity Certificate, click Rotate certificate. ProcessOut generates a new Certificate Signing Request (CSR) and makes it available for download.
  3. Download the CSR file.
  4. Log in to the Apple Developer Portal and navigate to Certificates, Identifiers & Profiles → Merchant IDs.
  5. Select your Merchant ID, then under Apple Pay Merchant Identity Certificate, click Create Certificate.
  6. Upload the CSR file you downloaded in step 3. Apple signs it and provides a .cer certificate file.
  7. Download the .cer file from Apple Developer Portal.
  8. Back in the ProcessOut Dashboard, upload the .cer file. ProcessOut validates and activates the new certificate.

The new certificate becomes active immediately. The previous certificate is retained as a fallback until it expires.

Notes:

  • Both rotation flows are zero-downtime: the existing certificate remains active until you upload the new one.
  • If you need both certificates at the same time (initial setup), complete both flows before testing payments.
  • Merchant Identity Certificates are used only for Apple Pay on the Web. Apple Pay in native iOS apps uses a separate in-app Payment Processing Certificate managed through Xcode / App Store Connect.

The two flows are intentionally parallel — same 7 steps, different section in Apple Developer Portal. Let me know if you want the tone adjusted (more concise, more beginner-friendly, etc.) or if you want me to target a specific page/section in the docs system.

Updated about 2 hours ago