FROM CACHE - en_header

Shopify Generates Invalid CSR File for Apple Pay

hundley10
Visitor
3 0 1
‎01-30-2023 04:27 PM

When configuring the iOS Buy SDK for Apple Pay, Shopify generates an invalid CSR file. When uploading the file to the Apple developer portal I get the error "CSR algorithm/size incorrect. Expected: RSA(2048)".

 

Inspecting the CSR file shows that the signature algorithm is ECDSA.  Apple requires RSA, and will not accept the file generated by Shopify.

 

Does Shopify need to update their code to be compatible with Apple?  We currently cannot enable Apple Pay on our iOS app.

553 Views
Report
Reply 1 (1)
ShopifyDevSup
Shopify Staff
Shopify Staff
1200 190 418
‎02-03-2023 07:40 PM

Hi @hundley10!

We can see in the Apple Developer Docs the following requirement for generating a CSR for Apple Pay:

When creating an Apple Pay Payment Processing Certificate, you must specify the Key Pair information. Select ECC and 256 bit key pair

The Elliptic Curve Digital Signature Algorithm (ECDSA) is a Digital Signature Algorithm (DSA) which uses keys derived from elliptic curve cryptography (ECC). Shopify is generating the correct certificate based on Apple's own documentation.

A Google search on this error reveals any number of reasons this can happen, from the keychain on the user's MacOS already containing a key to the user's Apple Developer account already having a key generated for mainland China.

 

The error is not very self-explanatory but it is out of scope for Shopify Support. You may want to reach out to Apple's developer support to find a solution.

Developer Support @ Shopify
- Was this reply helpful? Click Like to let us know!
- Was your question answered? Mark it as an Accepted Solution
 - To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

469 Views
0 Likes
Report
Community Browser
Terms of Service Privacy Policy