Manage encryption certificates

• You've created a credit card payments app extension.
• You're a Partner organization owner.

1. Log in to your Partner Dashboard as an organization owner.

1. Go to Settings, and navigate to the Partner certificates management section.

2. Click Manage Certificates to access the encryption certificates dashboard.

   

All of the features that are described in the following sections are available from this dashboard.

To create a certificate in the partner’s dashboard, you need to create a Certificate Signing Request (CSR), and upload it to your dashboard. Shopify uses this CSR to generate and sign a certificate that you can use in your credit card payments app configuration.

The CSR needs to be generated with the elliptic-curve algorithm:

The <SUBJECT> of the CSR must use the following format: /C=<COUNTRY>/ST=<STATE>/L=<CITY>/O=<ORGANIZATION>/CN=<COMMON_NAME.

Make sure to replace the <COUNTRY>, <STATE>, <CITY>, <ORGANIZATION>, and <COMMON_NAME> with correct values. This allows the Shopify team to identify you as the owner of the certificate. Here is an example: /C=CA/ST=ON/L=Ottawa/O=Shopify/CN=ShopifyPaymentsPartnerPlatform.

From the certificate management dashboard, click Create Certificate, and then fill out the form.

When the form is filled, save the form.

A confirmation popup will show, and you can click on “Create Partner Certificate” to confirm the request, or “Cancel”.

You'll receive an email to confirm that you requested a new certificate in your partner dashboard. Check the email address that you use to log in to your Partner Dashboard, and click Approve request.

Shopify will create your certificate, and you'll be redirected to main page of the encryption certificate dashboard. Certificates created by Shopify are valid for one year. Read the certificate rotation process to make sure that you’re ready to update your app with a new certificate before they expire.

After a certificate is created, you can download the certificate in a file.

Go to your certificate management dashboard, click on the encryption certificate that you want to download. Then, click Download.

After clicking this link, an email will be sent to you with a link to download the certificate. This link expires after seven days.

You might need to revoke your certificate in case of emergency. For example, you must revoke the certificate if your private key is compromised.

To revoke a certificate, go to the encryption certificate dashboard, and click on the certificate that you want to revoke. Then, click Revoke certificate.

A certificate can be in one of multiple states during its lifecycle:

Since the certificate approval process can take some time, we strongly suggest that you prepare in advance for certificate rotation, and that you always have a backup certificate ready in case of emergency certificate rotation.

To rotate a certificate on a credit card payments app, you need to follow the steps to generate a new certificate. Once the certificate is created, wait for a Shopify team member to approve it. Finally, when the certificate is approved, you can go to your credit card payments app extension configuration and select the new certificate, create a new version and publish that version with the new certificate.