Enabling Apple Pay on the Web

Enable Apple Pay on the Web by updating backend services to support the enhanced payment functions, and then by enabling the store function for the Aurora starter store.

Before you begin

  1. Review and ensure that you meet the requirements for using Apple Pay on the Web. For more information, see Getting Started with Apple Pay.
  2. Ensure that you register and verify your website for Apple Pay. For more information, see Website Registration and Verification for Apple Pay.
  3. Understand the Apple Pay on the Web sequential flows to get familiar with how the Aurora starter store interacts with Apple Pay on the Web: Apple Pay on the Web sequential flows.

Procedure

  1. Update backend services to support the enhanced payment functions.

    Apple Pay on the Web and HCL Commerce integration enable multiple interactions between HCL Commerce web pages and HCL Commerce server, HCL Commerce server and Apple Pay server, and HCL Commerce server and Payment Service Providers (PSP) such as IBM Payment Gateway server, which ensures seamless payment and checkout method.

    1. Create the merchant information by running the following sample SQL commands, replacing the identifiers with those that match your environment.
      For example,
      insert into merchant (merchant_id, member_id, name, state) values (10001, 7000000000000000251, 'AuroraESite', 1);
insert into storemerch (store_id, merchant_id) values (10201, 10001);
insert into merchconf (merchconf_id, merchant_id, paymentsystem, payconfgrp) values (10001, 10001, 'ApplePay', 'default');
insert into merchconfinfo (merchconfinfo_id, merchconf_id, property_name, property_value, encrypted) values (10001, 10001, 'merchantIdentifier','merchant.auroraesite',0);
insert into merchconfinfo (merchconfinfo_id, merchconf_id, property_name, property_value, encrypted) values (10002, 10001, 'domainName','www.auroraesite.com',0);
insert into merchconfinfo (merchconfinfo_id, merchconf_id, property_name, property_value, encrypted) values (10003, 10001, 'displayName','AuroraESite.COM',0);
insert into merchconfinfo (merchconfinfo_id, merchconf_id, property_name, property_value, encrypted) values (10004, 10001, 'supportedNetworks','amex,discover,masterCard,visa',0);
insert into merchconfinfo (merchconfinfo_id, merchconf_id, property_name, property_value, encrypted) values (10005, 10001, 'merchantCapabilities','supportsCredit,supportsDebit,supports3DS,supportsEMV',0);
insert into merchconfinfo (merchconfinfo_id, merchconf_id, property_name, property_value, encrypted) values (10006, 10001, 'merchantCountryCode','US',0);
    2. Get the Apple Pay Merchant Identity Certificate.

      Refer to the Apple documentation for registering and verifying your website: Apple Pay JS - Apple Developer. The Merchant Identity Certificate that you get is linked to your domain name. It is used to authenticate your merchant sessions with the Apple Pay servers. To establish a TLS connection to Apple Pay servers, you can configure the certificates as follows:

      Import the Apple Pay Merchant Identity Certificate to WebSphere Application Server Administration Console's Key Store.
      • For runtime or production environments:
        1. Import the extracted certification to the HCL Commerce Transaction Server by one of two ways:
          • Manage certificates manually.
            Notes:
            • When you copy the certificates to the JSON file, you must replace the line-break with \n to ensure that the entire certificate string is on one line.
            • This integration with Apple Pay uses one-way SSL certificate validation. For one-way SSL certificate validation, where one application needs a certificate to communicate with another application that has SSL enabled, you need only to define the issuing_ca in the JSON file.
            • Load the JSON files to the /SETUP/certs/custom directory of your Docker container.
          • Manage certificates with Vault.
      You also must add the Apple Pay server's CA signed certificate to the trust store for establishing the TLS connection:
      Import the CA signed certificate for Apple Pay server (https://apple-pay-gateway-cert.apple.com) to WebSphere Application Server Administration Console's Trust Store.
      1. Open the WebSphere Application Server Administration Console.
      2. Depending on your environment configuration, go to: Security > SSL certificate and key management > Key stores and certificates > NodeDefaultKeyStore > Signer certificates.
      3. Click Add and enter the alias and file name.
      4. Click Apply to save the changes.
    3. Configure the SSL setting for Apple Pay merchant validation.
      1. Open the WebSphere Application Server Administration Console.
      2. Depending on your environment configuration, go to: Security > SSL certificate and key management > Dynamic outbound endpoint SSL configurations.
      3. Click New to configure the Apple Pay secure connection.
      4. Add the Connection information for Apple Pay's merchant validation server. For example:
        https,apple-pay-gateway-cert.apple.com,*
      5. Click Certificate alias and select personal certificate.
      6. Click Save.
    4. Modify the SSL protocol to TLS1.2.
      1. Open the WebSphere Application Server Administration Console.
      2. Depending on your environment configuration, go to: Security > SSL certificate and key management > SSL configurations > NodeDefaultSSLSettings.
      3. Click Quality of protection (QoP) settings under Additional Properties.
      4. Change the value of Protocol to TLSv1.2.
      5. Click Apply to save the changes.
    5. Modify the web server rewrite rule to ensure that Safari users use SSL for all store URLs.
      1. Open the WC_installdir/instances/instance_name/httpconf/httpd.conf file for editing.
      2. Under the RewriteEngine On line, add the following condition and rule:
        
RewriteCond %{HTTP_USER_AGENT} Safari
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}  [L]
      3. Save your changes and close the file.
      4. Restart your web server.
  2. Select the Apple Pay store function to enable it in the Aurora starter store.
    1. Open the Store Management tool.
    2. In the explorer view filter, click Stores.
      The Stores list view displays, containing a list of the stores that you are authorized to work with.
    3. Right-click the store that you want to select the available store functions for; then click Open to open the properties view for the selected store.
      The available store functions for the store are displayed within separate tabs beside the Store Properties tab in the properties view.
      Note: Although each of these tabs is included in all of the HCL Commerce starter stores, various tabs might not display for your store if certain store functions are not available in that store, such as in an extended site scenario.
    4. Click the Checkout tab.
    5. Select the Apple Pay check box.
    6. Click Save and Close to save your changes.
    For more information, see Aurora starter store functions.
  3. Optional: Configure IBM Payment Gateway as the Payment Service Provider for Apple Pay on Web.
    1. Complete the IBM Payment Gateway onboarding process. Contact IPG onboarding team to configure the necessary merchant information on the IPG side.
    2. Configure the certificate for the IPG connection.
      1. Import the IPG server's signer certificate to the WebSphere Application Server Administration Console's truststore. The default truststore is \wasprofile\config\cells\localhost\nodes\localhost\trust.p12.
      2. Import the IPG's personal certificate to the WebSphere Application Server Administration Console's keystore. The default keystore is \wasprofile\config\cells\localhost\nodes\localhost\key.p12.
    3. Configure SSL for the IPG connection.
      1. Open the WebSphere Application Server Administration Console.
      2. Depending on your environment configuration, go to: Security > SSL certificate and key management > Dynamic outbound endpoint SSL configurations.
      3. Click New to configure the IPG secure connection.
      4. Add the Connection information for the IPG's server. For example, *,ips-preprod.ihost.com,*.
      5. Click Certificate alias and select the personal certificate that you previously imported.
      6. Click Save.
    4. Configure SSL for the default certificate.
      1. Open the WebSphere Application Server Administration Console.
      2. Depending on your environment configuration, go to: Security > SSL certificate and key management > SSL configurations > NodeDefaultSSLSettings.
      3. Select your Transaction server's certificate as the Default server certificate alias and Default client certificate alias values.
      4. Click Save.
    5. Enable IPG-specific command implementations.
      Run the following SQL to enable the command implementation for IPG:
      
insert into CMDREG (storeent_id, interfacename, classname, target) values ($storeId, 'com.ibm.commerce.applepay.payment.commands.ProcessApplePayPaymentCmd', 'com.ibm.commerce.applepay.payment.ipg.ProcessApplePayPaymentIPGCmdImpl', 'Local');