Manage EMV Certificate

An officer has the capability to manage EMV certificates within their designated group and generate EMV key pairs through the following user interface. To create an EMV Scheme certificate, the user must follow these two steps:

  1. Generate EMV Key Pair

  2. Generate a certificate using the generated key pair.

Manage EMV Keypair

Generate EMV Key Pair

On the "Manage EMV Key Pairs" page, when you click on the "Generate EMV Key Pair" button, the following steps will be presented to you:

1. Enter the number of keys needed. 2. Public Key Exponent will be a prefixed component. 3. Select the key profile from the dropdown menu. 4. Choose the Signature Algorithm from the dropdown list.

  1. Select the Key Algorithm & Size for the respective signature algorithm from the dropdown list.

  1. Select the purpose, based on the requirement (live or test), from the dropdown.

  2. After providing all the details, click on "Proceed."

  1. You will need to authenticate the certificate generation using your Officer token, then press Authenticate to proceed.

  2. Click on "Generate Key Pair" to complete the key pair generation.

  3. Upon completion, the following UI will be shown:

  1. Select "View All" to see the created key pair grid or click on "+New" to create a new key pair.

Generate EMV scheme /Root Certificate:

Note: To initiate the creation of a Certificate request or Scheme Certificate, the user need to generate Key pair.

Select the "Certificate" radio button to generate a Root or Scheme certificate. Choose the certificate profile from the dropdown.

When you select a certificate profile , you will be prompted to enter its details. You need to enter the RID value, CA Public Key Index, and expiration date in the MMYY format. From the dropdown menu, select "MasterCard" as the type of certificate. Lastly, provide a description for the purpose of the certificate. Once you have provided all the details, click on the "Proceed" button.

You will need to authenticate the certificate generation using your Officer token, then press "Authenticate" to proceed.

Click on "Create" to complete the Certificate Generation Process.

Upon successful completion, you will receive a success message on the screen for the creation of the EMV Certificate. The certificates are created in SEP and HEP files. Users can download the files, and the downloaded SEP file and HEP file are displayed with the name "MSI" followed by the index number.

Click "View all" to see the created scheme certificates. Click "+New" to create another certificate.

Generate Certificate Request

Note: To initiate the creation of a Certificate request or Scheme Certificate, user need to generate EMV Key pair.

To generate a Certificate Request, click on the "CA Public Key Certificate/Issuer Public Key Certificate Request" icon in the Action column.

After clicking on the Flag icon, the screen shown below will appear:

To generate a certificate request, select the "Certificate Request" option. Enter the BIN (Bank Identification Number) provided by your bank, followed by the Issuer Public Key Index. Provide the Expiry Date in MMYY format. Once you have entered all the required information, click on the "Proceed" button to proceed with the request.

After selecting "Proceed," you will need to authenticate the certificate generation using your officer token and press the "Authenticate" button.

After successfully authenticating, click "Create" to generate the certificate request. Once complete, the following UI will be displayed:

After successfully creating a "Certificate Request", users will receive a success message on their screen. The certificates will be generated in SIP and HIP file formats. Users can download these files, and they will be displayed with the prefix of the BIN NO followed by the suffix of the Issuer Public Key Index. For clarity, this will be shown as follows: [BIN NO]_[Issuer Public Key Index]. The downloaded SIP and HIP files can then be used as needed.

Click "View" to see created certificate requests. Click "+New" to create another request.

Note: To obtain the Issuer Public Key certificate, you must upload the generated SIP and HIP files for them to be signed with the Scheme certificate.

Manage EMV Public keys

In this section, you can find the "EMV Public Keys" for certificates that are linked to each RID in a JSON file. By selecting an RID from the dropdown menu, the user can view a list of CA Public Keys that correspond to the selected RID.

Please provide the name and a description.

Click on "Proceed." you will then be prompted to authenticate the certificate generation:

Press "Authenticate" after authenticating with your Officer token to proceed.

Upon successful authentication, click on the "Create" button.

Upon clicking the "Create" button, EMV Public keys will be created in a JSON object as shown.

Generate Issuer Public Key Certificate

When a user chooses the "Generate Issuer Public Key Certificate" option within the "Manage EMV Certificate" section, the following user interface (UI) will be presented. This UI will display a grid listing all previously created EMV certifications, including both Issuer public key certificates and CA public key certificates, as shown below.

To generate an Issuer Public key certificate, the user needs to sign a "certificate request" by selecting the "+Sign EMV Certificate" option.

Upon selecting "+Sign EMV Certificate," the screen displayed will direct the user to perform the following actions shown in the below screen

Upload the SIP and HIP files and choose the Issuer Certificate from the dropdown menu.

To continue, kindly click on the "Proceed" button.

After selecting the "Proceed" button, you will be directed to the "Verify and Confirm" section. This section will display the SIP details for your review, as shown below. Here, you can confirm that the information is correct before proceeding by clicking the "Proceed" button again.

After clicking "Proceed," the authentication process will be initiated. The user will be required to provide their password for authentication purposes.

Additionally, the user has the option to edit SIP details, including the serial number, if necessary.

Clicking the "Sign" button after successful authentication will trigger a message confirming the successful signing of the EMV request.

The user can download the certificate in .C21 format by clicking "Download." The format number corresponds with the issuer index.

Last updated