Invalid CSR File for Apple Pay

hundley10
Tourist
4 0 2

The CSR file that Shopify generates to enable Apple Pay seems to be invalid.  When uploading to the Apple developer portal, I get the error "CSR algorithm/size incorrect. Expected: RSA(2048)".  Is this a known issue?

Replies 2 (2)

hundley10
Tourist
4 0 2

More info: checking the CSR with OpenSSL shows the signature algorithm is ECDSA.  Apple requires RSA.  Shopify is generating CSRs with the wrong algorithm, making them unusable.

meta_merritt
Shopify Partner
6 0 0

@hundley10 Did you ever find a solution to this??  This has been going on for over a year now and I'm beyond mind blown Shopify has not updated their CSR file to use the correct algorithm Apple Developer only accepts, which is RSA 2048 bit and NOT ECC 256 bit.  Until they get this fixed absolutely no one using Storefront API to an iOS mobile app is using Apple Pay.  Bonkers!  @ShopifyDevSup  PLEASE....PLEASE get this fixed.  You say this is out of scope when in fact it's not.  The argument is Apple's Developer documentation states to use ECC 256 bit to create a .csr file and therefore it is out of Shopify's scope.  IF YOU READ CAREFULLY, this Apple documentation specifically refers to a "payment processing certificate", NOT a Merchant ID certificate.  Shopify requires the uploading of the Merchant ID certificate for Apple Pay to work, in order for this to happen they need to make the downloadable .csr file compliant to be RSA 2048 for a successful upload for the Merchant ID cert file.  

 

Screenshot 2024-04-11 at 11.19.47 AM.png