Shopify Generates Invalid CSR File for Apple Pay

hundley10
Visitor
3 0 1

When configuring the iOS Buy SDK for Apple Pay, Shopify generates an invalid CSR file. When uploading the file to the Apple developer portal I get the error "CSR algorithm/size incorrect. Expected: RSA(2048)".

 

Inspecting the CSR file shows that the signature algorithm is ECDSA.  Apple requires RSA, and will not accept the file generated by Shopify.

 

Does Shopify need to update their code to be compatible with Apple?  We currently cannot enable Apple Pay on our iOS app.

Reply 1 (1)
ShopifyDevSup
Shopify Staff
Shopify Staff
1200 190 418

Hi @hundley10!

We can see in the Apple Developer Docs the following requirement for generating a CSR for Apple Pay:

When creating an Apple Pay Payment Processing Certificate, you must specify the Key Pair information. Select ECC and 256 bit key pair

The Elliptic Curve Digital Signature Algorithm (ECDSA) is a Digital Signature Algorithm (DSA) which uses keys derived from elliptic curve cryptography (ECC). Shopify is generating the correct certificate based on Apple's own documentation.

A Google search on this error reveals any number of reasons this can happen, from the keychain on the user's MacOS already containing a key to the user's Apple Developer account already having a key generated for mainland China.

 

The error is not very self-explanatory but it is out of scope for Shopify Support. You may want to reach out to Apple's developer support to find a solution.

Developer Support @ Shopify
- Was this reply helpful? Click Like to let us know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit Shopify.dev or the Shopify Web Design and Development Blog