To use iDEAL Payments, you must complete the iDEAL application process. You can start by choosing the "Registration" link at https://ideal.rabobank.nl. The process involves providing the required information about your business and completing some tests in the Rabobank iDEAL test environment. After the assessment and approval of your application and signing your contract, you will be able to activate iDEAL on your site.
You will need a signing certificate for an iDEAL applicaition. It is possible to use a self-signed certificate or purchase a certificate from a Certificate Authority (CA).
If you are going to use a self-signed certificate, you can create your public and private keys as follows:
You may also generate the key pair using other software. If so, please use the manual that comes with your software.
Generate an “RSA private key” using the following command (define a password for the field [privateKeyPass]):
openssl genrsa –aes-128 –out priv.pem –passout pass:[privateKeyPass] 2048
Create a certificate based on the “RSA private key” (use the same password as in the previous step for the field [privateKeyPass]):
openssl req –x509 –sha256 –new –key priv.pem –passin pass:[privateKeyPass]
-days 1825 –out cert.cer
The previous OpenSSL command will generate a certificate in the
X.509format, with a validity period of 5 years (1825 days), the maximum for iDEAL signing certificates.
priv.pemfile contains the private key; it needs to be kept secret. The
cert.cerfile contains the certificate with the public key; you need to communicate this file to Rabobank iDEAL.
Suppose you select to buy a certificate from a Certificate Authority (CA), rather than generate the certificate yourself. In that case, you should note the following: the CA signing certificate (and the rest of the certificate chain) must use hashing algorithms and key lengths that are at least as secure or better than those of the Merchant certificate. Therefore CA-certificates used to sign certificates for electronic signatures must use at least SHA-256 for hashing and 2,048 bits for RSA keys. Signing certificates should also have a maximum validity period of 5 years.