How do I generate an X509 .cer certificate from the PayPal API Certificate to use within my code?
- Generate your .p12 file. The next steps describe how to convert your PEM certificate to a PKCS12 certificate.
- If you already have the Certificates (Local Computer) node in your Microsoft Management Console (MMC), skip to Step 3. Otherwise, import your .p12 file into your LOCAL_MACHINE keystore. To do this, select Start > Run, then enter MMC to bring up the Microsoft Management Console. If it's not there, add the Certificates Snap-in by clicking File > Add/Remove Snap-in. Then, complete the following tasks:
- Click Add, then select Certificates.
- Click Add, then select Computer account.
- Select Local Computer (the computer this console is running on).
- Click Finish.
- Click Close.
- Click OK. You should see Certificates (Local Computer) under the Console Root.
- Expand the Certificates (Local Computer) node, then expand the Personal folder. Click the Certificates folder within the Personal folder.
- In the right pane of your MMC, right-click any white space below the certificates you see. When the right-click menu comes up, select All Tasks > Import. Follow the on-screen wizard to browse your hard drive for your .p12 file and import it via the wizard.
Note: You'll need your private key password to do this. This is the password you used when you generated your .p12 file with OpenSSL. - Once you've imported the .p12 file into your LOCAL_MACHINE keystore, use MMC to export it as an X.509 .cer file by doing the following:
- Find your imported certificate (.p12) via MMC certificates. You should be able to identify it, as it will use your PayPal API username.
- Once you see it, right-click it and select All Tasks > Export.
- Follow the on-screen wizard to export it to an X.509 .cer file. For Export File Format, select DER encoded binary X.509 (.CER). Give it a file name, including .cer extension (such as "mycert.cer").
- Finish the wizard.
See also:
PayPal SOAP API Basics