XiSecure Onboarding

XiSecure uses client certificates for authentication to the XiSecure On-Demand platform and to control tokenization permission levels. These certificates are first generated during the project phase and expire at preset intervals.

Client certificates:

  • Are generated and signed during the onboarding process.

  • Are valid for two years (going forward, note that there may be some certifications that fell under the old rule of being valid for 365 days).

  • Can be renewed within 60 days of the expiration date. We recommend no less than 30 days prior to avoid tokenization interruptions.

  • Certificate requests are processed within 24 hours during the work week or the next business day if the weekend.

Do NOT modify certificate permissions without first consulting with your System Integrator or us. If the privatekey password is forgotten or potentially compromised, you should create a new CSR and request a replacement certificate.

New XiSecure onboarding request

IMPORTANT: For Merchants implementing XiSecure through a Paymetric Tokenization Partner solution, you may not need to create a separate XiSecure Client nor upload a CSR. Check with your Implementation Consultant.

  1. Create a new certificate signing request (CSR) and private key. Refer to Create CSR for instructions.

    The Private key and private key password must never be shared with the System Integrator or us. It should be generated by the Merchant. The Private key and private key password must be secured to maintain the integrity of the customer's tokenization security keys.

  2. The Private key and private key password must never be shared. The Private key and private key password must be secured to maintain the integrity of the customer's tokenization security keys.

  3. In the Merchant Portal, select menu path: Settings > XiSecure.

  4. Click Add New XiSecure Client.

  5. Enter your Merchant name in the XiSecure Client field without any spaces. Include underscores if desired. This name will be the certificate file name once it is signed. E.g. merchantname.pem

  6. Are you ready to submit the Onboarding setup request?

    1. YES, select menu path: Settings > Onboarding and continue to the next step.

    2. NO, continue with your configuration and submit the request later for all On-Demand Services at once.

  7. Select the XiSecure tab.

  8. Click Request Setup.

  9. You are prompted to enter onboarding notes.

  10. Click Request Setup again. Your requested is submitted and the status for the given environment changes to Requested.

  11. Once you receive the notification that your request has been processed, log into Merchant Portal, and go to Settings > XiSecure.

  12. The status should indicate Completed and you will see the signed client certificate (*.pem) file. There is a separate file for each environment. Click on the filename to download it.

  13. Continue with integration activities. Remember to store your certificates in a secure location.