Certificate management

In order to build a secure payment system, we need to use SSL certificates either for enabling HTTPS or for BIP 70 payment request verification so as to confirm that the payment request was genuinely initiated by the merchant. Basically, the certificate has to be provided by a third-party certificate authority (CA) in order to confirm the merchant's identity.

To obtain SSL certificates, you have the choice between using commercial or private certificate authorities or the Let's Encrypt (https://letsencrypt.org/ project. For demonstration purposes, in this guide, we will use a self-signed certificate to avoid unnecessary details. To obtain such a certificate, you need to use OpenSSL as follows:

openssl req -x509 -newkey rsa:4096 -keyout keys/key.pem -out keys/cert.pem -days 365  -subj "/C=MA/ST=ByExample/L=Testbip70.com/O=Chapter3/OU=Org/CN=Testbip70.com" -nodes

openssl x509 -in keys/cert.pem -out keys/cert.der -outform DER

You will end up with three files – key.pem, cert.pem, and cert.der – in your keys/ directory.