Create a certificate for Verify with Wallet on the Web in Apple Business
You need to have Apple issue you a certificate before you can use Verify with Wallet on the Web. To get the certificate, complete the following steps:
Have at least one brand.
Confirm you own the domain that you use for Verify with Wallet on the Web.
Complete a request form.
Create and upload a certificate signing request (CSR).
Download and add the Apple-issued certificate to the website that you use for Verify with Wallet on the Web.
CSR requirements
For the domains you want to use, you need to have an Apple-issued certificate. To get this certificate, you first create a certificate signing request (CSR) that’s at least 2048-bit, in a .pem format, and contains the following:
Content | Description |
|---|---|
Common name | The fully qualified domain name (FQDN). |
Country | The country code (2 digits). |
State or locality | The officially recognized state, province, region, or locale. |
Organization name | The official name of the organization. |
Organization unit (optional) | The official name of the department within the organization. |
Email address | The email address of the DNS or IT administrator. |
Issue authority certificates
To verify a payload from a user’s state, country, or region issuing authority, you need to download and use its IACA certificate from their website.
Get your certificate
All users with the role of Organization Administrator receive an email notification after you verify your domain and Apple approves the request form for Verify with Wallet on the Web. You can then sign in to Apple Business to get your certificate.
Start with the certificate name, which is prefilled by default. You can edit the certificate name, which can be up to 50 characters and can contain letters, numbers, and dashes. Certificate names can’t contain spaces.
Enter a name for the certificate.
Select the domain for this certificate.
Create your CSR. If you’re not using a third-party partner or developer to create this for you and you’re unsure how to create a CSR, see the following:
Create a certificate signing request on the Apple Developer website
Manually Generate a Certificate Signing Request (CSR) Using OpenSSL on ssl.com
After you create the CSR, select your .pem certificate file, then select Upload CSR to upload it to Apple Business.
Select Generate Certificate to generate the certificate for the website.
Apple generates a certificate for that website.
Select Download Certificate, then select a location to save the certificate.
Select Save.
Contact your network administrator to add the certificate to your website.
Revoke a certificate
If you encounter critical security issues or want to disable Verify with Wallet on the Web on your website, you can revoke the assigned certificate. When you do, that website can no longer accept IDs from Apple Wallet.
In Apple Business, sign in with a user whose role has permissions to manage locations.
To view roles and permissions, see Intro to roles and permissions.
In your browser, choose Brands > Verify with Wallet.
Select the brand, then select the certificate.
Select Revoke, read the dialog, and if you still want to revoke the certificate, select Revoke.
Certificate expiration and renewal
The Apple-issued certificate expires after 397 days. To avoid disruptions in using Verify with Wallet on the Web:
All users with the role of Administrator receive a reminder email 30 days prior to the certificate expiration date.
You need to create another CSR and get a new signed certificate before the current one expires.
Note: Apple Business automatically deletes certificates 90 days after their expiration.
In Apple Business, sign in with a user whose role has permissions to manage locations.
To view roles and permissions, see Intro to roles and permissions.
In your browser, choose Brands > Verify with Wallet.
Select the brand that contains the expiring certificate, then select Create Certificate.
Follow the same steps you used previously to get your certificate and use it on your website.