When configuring the iOS Buy SDK for Apple Pay, Shopify generates an invalid CSR file. When uploading the file to the Apple developer portal I get the error "CSR algorithm/size incorrect. Expected: RSA(2048)".
Inspecting the CSR file shows that the signature algorithm is ECDSA. Apple requires RSA, and will not accept the file generated by Shopify.
Does Shopify need to update their code to be compatible with Apple? We currently cannot enable Apple Pay on our iOS app.
We can see in the Apple Developer Docs the following requirement for generating a CSR for Apple Pay:
When creating an Apple Pay Payment Processing Certificate, you must specify the Key Pair information. Select ECC and 256 bit key pair
The Elliptic Curve Digital Signature Algorithm (ECDSA) is a Digital Signature Algorithm (DSA) which uses keys derived from elliptic curve cryptography (ECC). Shopify is generating the correct certificate based on Apple's own documentation.
A Google search on this error reveals any number of reasons this can happen, from the keychain on the user's MacOS already containing a key to the user's Apple Developer account already having a key generated for mainland China.
The error is not very self-explanatory but it is out of scope for Shopify Support. You may want to reach out to Apple's developer support to find a solution.