Our Partner & Developer boards on the community are moving to a brand new home: the .dev community forums! While you can still access past discussions here, for all your future app and storefront building questions, head over to the new forums.

MTLS Implementation

MTLS Implementation

paybright
Visitor
1 0 0

Hi,

 

I am looking to integrate with Shopify and I need to purchase a certificate that will be used in order for us to send queries to the shopify API and back. 

[Basic Outline]

https://shopify.dev/apps/payments/general-transaction-requirements#mtls-configuration

 

I am looking for some guidance on what is required in the certificate in order for shopify to accept the request.

I have already added the Self Signed Shopify Certificates. Now I just need some details on the certificate we need to use to send the request back. Anyone that can help?

Replies 3 (3)

mdestantini
Tourist
10 0 4

Where did you added Self Signed Shopify Certificates?
I have the same issue, did you solve it?

Sushant
Shopify Partner
77 2 16

Hi,

It took me a lot of time trying to do this at code level but could not implement it.

At the end, I was able to configure this at server level using Apache. Below is the configuration.

Configure your web server

Implement a set of Apache 2.4 directives, shown below, that require the client to support mutual TLS. They can be applied to specific directories or to all incoming connections. See the Apache2.4 SSL documentation for more information.

SSLVerifyClient require

SSLVerifyDepth 10

SSLCACertificateFile /etc/apache2/conf/shopify_root_cert.pem

Configure client access control

Your web server is now configured to use mutual TLS to require the client (Shopify) to provide its certificate to identify itself. The next step is to use the client’s identity for access control. This example for Apache 2.4 is applied to a specific directory.

<Directory "/payments">SSLOptions +StdEnvVars</Directory>

The above example sets the SSL library to create environment variables with information from the client’s certificate.

I hope this helps.

Any Likes and Accept as Solutions are greatly appreciated✌ Having trouble? Hire us! https://seventhtriangle.com/
Punarvasu
Shopify Partner
5 0 0

Hi,

 

Please Can you help me in this