SSL Certificate Setup Guide
This guide explains how to generate and configure SSL client certificates for Transfer API authentication.
Overview​
SSL Client Certificate Authentication is a secure alternative to MAC authentication where your private key never leaves your server and authentication happens at the SSL/TLS layer.
Prerequisites​
- OpenSSL installed on your system
- Confirmed choice of certificate authentication with Paysera
Step 1: Generate Private Key​
First, generate a strong private key. This key must be kept absolutely secure and never shared with anyone, including Paysera.
openssl genrsa -out private.pem 2048
This creates a 2048-bit RSA private key. Output:
Generating RSA private key, 2048 bit long modulus
...........+++
.................+++
e is 65537 (0x10001)
- Never share this file with anyone
- Store it in a secure location
- Set appropriate file permissions (chmod 600)
- Back it up securely
Step 2: Generate Certificate Request (CSR)​
Create a Certificate Signing Request to send to Paysera:
openssl req -new -key private.pem -out certificate_request.csr
You'll be prompted for information:
Country Name (2 letter code) [AU]: LT
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []: Vilnius
Organization Name (eg, company) [Internet Widgits Pty Ltd]: UAB Some Company
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []: example.com
Email Address []: info@example.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
Important: Leave both "challenge password" and "optional company name" fields empty by pressing Enter.
Step 3: Submit CSR to Paysera​
View your CSR file:
cat certificate_request.csr
Send the entire content (including -----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST-----) to Paysera via email or your client manager.
Only send the CSR file, NEVER the private key!
Step 4: Receive Signed Certificate​
Paysera will review your CSR, sign the certificate, and send you:
client_certificate.pem- Your signed certificateca_certificate.pem- CA certificate chain (if needed)
Step 5: Configure Your Application​
Now configure your application to use the certificates for API calls.
- PHP
- Python
- Node.js
<?php
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://wallet.paysera.com/transfer/rest/v1/transfers');
curl_setopt($ch, CURLOPT_SSLCERT, '/path/to/client_certificate.pem');
curl_setopt($ch, CURLOPT_SSLKEY, '/path/to/private.pem');
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
$response = curl_exec($ch);
curl_close($ch);
?>
import requests
response = requests.get(
'https://wallet.paysera.com/transfer/rest/v1/transfers',
cert=('/path/to/client_certificate.pem', '/path/to/private.pem'),
verify=True
)
const https = require('https');
const fs = require('fs');
const options = {
hostname: 'wallet.paysera.com',
port: 443,
path: '/transfer/rest/v1/transfers',
method: 'GET',
cert: fs.readFileSync('/path/to/client_certificate.pem'),
key: fs.readFileSync('/path/to/private.pem'),
rejectUnauthorized: true
};
const req = https.request(options, (res) => {
res.on('data', (d) => {
process.stdout.write(d);
});
});
req.end();
Testing Your Setup​
Test your API connection:
curl --cert client_certificate.pem \
--key private.pem \
https://wallet.paysera.com/transfer/rest/v1/transfers
Support​
Need help with complex integrations?
Contact: tech_support@paysera.com