What can we help you with?

How do I add new SSL certificates for batch.cybersource.com to my Java KeyStore?


000002053


227

07/12/2024 12:45 PM

1.1

 

Instructions

 


The following instructions describe the steps required to obtain and update your Batch Upload implementation's Java KeyStore with root and intermediate level Entrust SSL certificates for batch.cybersource.com. Entrust is the SSL certificate authority (CA) that signs batch upload certificates.

 

These instructions:

  • Apply to merchants using the Offline Transaction File Submission product, also referred to as, programmatic Batch Upload.
  • Do not apply to merchants who upload batches exclusively via the Business Center.


To obtain the certificates

Download from: Where can I find the most recent SSL certificates for batch.cybersource.com? 

If there is difficulty obtaining these files, you may obtain them directly from the host as follows:

Obtain files from the host system.

  1. Navigate to the host your application must communicate with.

For Batch Upload (Offline Transaction File Submission) this will be:

Environment

URL

Live/Production

https://batch.cybersource.com/upload/UploadBatchFile

Test/CAS

https://batchtest.cybersource.com/upload/UploadBatchFile

You must select your .p12 key if prompted. If you haven't imported your .p12 key, go to Tools > Internet Options > Content > Certificates > Import within the Internet Explorer (IE) toolbar.

  1. Download the root and intermediate certificates.

There are 3 certificates that must be downloaded:

  • Entrust Root Certification Authority
  • Entrust Root Certification Authority - G2
  • Entrust Certification Authority - L1M
Download the Root Certificate (Entrust Root Certification Authority)
  1. Click on File > Properties > Certificates > Certification Path tab
  2. Select highest level of the certification path tree: 'Entrust Root Certification Authority'
  3. Click View Certificate > Details tab > Copy to File... > Next > Next
  4. Enter a filename (suggested filename: entrust_L1M_root.crt)
  5. Click Next > Finish.
Download the Intermediate Certificate (Entrust Root Certification Authority - G2)
  1. Click on File > Properties > Certificates > Certification Path tab
  2. Select second level of certification path tree: 'Entrust Root Certification Authority – G2'
  3. Click View Certificate > Details tab > Copy to File... > Next > Next
  4. Enter a filename (suggested filename: entrust_L1M_chainroot.crt)
  5. Click Next > Finish.
Download the second Intermediate Certificate (Entrust Certification Authority - L1M)
  1. Click on File > Properties > Certificates > Certification Path tab
  2. Select third level of certification path tree: 'Entrust Certification Authority - L1M'
  3. Click View Certificate > Details tab > Copy to File... > Next > Next
  4. Enter a filename (suggested filename: entrust_L1M_intermediate.crt)
  5. Click Next > Finish.

 

To install the certificates

  1. Using the command line, navigate to the directory on your computer containing the certificates and type the following commands without line breaks:

 

    keytool -import -alias CybsEntrustRootCA -keystore JAVA_HOME/jre/lib/security/cacerts -file entrust_L1M_root_dec_29_2014.crt

keytool -import -alias CybsEntrustRootCA_G2 -keystore JAVA_HOME/jre/lib/security/cacerts -file entrust_L1M_chainroot_dec_29_2014.crt

keytool -import -alias CybsEntrustCA_L1M -keystore JAVA_HOME/jre/lib/security/cacerts -file entrust_L1M_intermediate_dec_29_2014.crt

     

    Further explanation:

    • keytool is a utility included in the Java SDK used to manage SSL certificates in Java.

    These instructions assume that your JDK's bin directory has been added to the PATH environment variable. If your system does not recognize keytool as a valid command you can browse to the bin directory via the command line and run the command from there. Note that in this case, you must manually set the path to the certificate using the -file command, explained below.

    • -import is a keytool command used to import certificates into the keystore.

    • -alias is a keytool command used to specify a name for a certificate being imported into the keystore.

    Aliases are unique in the keystore; you must choose a different alias for each certificate, e.g., 'CybsEntrustRoot', 'CybsEntrustIntermediate', 'CybsEntrustL1M'.

    • -keystore is a keytool command used to specify the keystore to act upon.

    • JAVA_HOME is the path to your Java installation.

    • cacerts is the default Java keystore.

    • -file is a keytool command used to specify the path to the certificate to be imported.

    The names of the certificates may differ from the names stated here depending on how you acquired them.

    if you did not navigate to the directory where the certificates are located, you can specify the full path to the certificate, e.g.,  -file C:/My/Cert/Folder/SampleCertificateName.crt

    1. Enter the password for the keystore. The default password is usually 'changeit' for Java's default keystore, cacerts.


    Was this article helpful?


    Articles Recommended for You