Apple Pay Payment Processing Certificate: Everything Apple’s Docs Miss

Apr 18, 2025

2 min read

Resources

Filip Jabłoński

Apple Pay Payment Processing Certificate
Apple Pay Payment Processing Certificate

If your Apple Pay Payment Processing Certificate is expiring soon, don’t worry – here’s a quick checklist that will help you safely replace your certificate with minimal downtime and confusion.

Step-by-Step: Creating a New Apple Pay Payment Processing Certificate

The official Apple documentation provides a thorough step-by-step description of how to create a new Apple Pay Payment Processing Certificate. Make sure to follow Apple's official documentation.

Please note, however: The documentation won’t answer some important real-life questions you might have!

Key Facts That You Won’t Find in Apple Documentation

Check out crucial tips for replacing your Apple Pay Payment Processing Certificate.

Maximum Certificates

You can have up to two Payment Processing Certificates at the same time, but only one can actually be active and used for processing payments.

Apple Pay on the Web

If you’re also using Apple Pay on the Web, you’re safecreating a new Payment Processing Certificate will not revoke your:

  • Merchant Identity Certificate

  • Registered domain’s verification

Certificate Activation Timing

After you activate a new certificate in the Apple Developer Portal, the old one is immediately revoked—but this can take time to take full effect. In our experience, switching fully to the new certificate took up to one hour. During this transition, some payments were decrypted using the new certificate, while others still used the old certificate.

How to Prevent Downtime

Follow the tips below for a seamless transition.

  1. Choose the Right Moment

Schedule your certificate replacement during periods of lowest Apple Pay traffic on your service.

  1. Smart Certificate Handling

The payment payload sent by your clients includes a publicKeyHash property.
Use this on your backend (or your payment provider should handle it) to determine which certificate should be used to decrypt the payment data. This allows both old and new certificates to work transparently during the overlap period.

Questions?

If you have any questions or need assistance with this process, feel free to contact us!

Start your app monitor journey from today

Start for Free

Start your app monitor journey from today

Start for Free