SCMP Key Generation via the Business Center

You may elect to generate your SCMP encryption keys for either the Test or Production environment by logging into the appropriate version of the Enterprise Business Center:

Once logged in to the Business Center, follow the steps below:

  1. Select Account Management from the left-hand navigation menu.
  2. Select Transaction Security Keys.
  3. Click the Security Keys for the SCMP API link.

If your user has the appropriate permissions, you should see a listing of your current SCMP keys for the environment you are in (Test or Production). From here you can generate a new set of keys, and delete any listed keys (dependent on the permissions granted to your user by your Administrator).

ECert Application

The Transaction Security Keys page within the Business Center is the recommended method for key management with the SCMP API, but, you may also use the ECert application to generate your private key and certificate. Download the latest version of the ECert application to replace the version that came packaged with the SCMP client software. This application runs via the command line interface of your server. Additional help can be found by typing "ecert –help" on the command line.

Merchant Keys and Certificate

For security purposes, you must update your certificate and private key at least every 12 months. CyberSource will send advance notice 60 days before your keys expire, followed by additional reminders until your keys are updated. Maintaining awareness of key expiration dates and updates is ultimately the responsibility of each merchant; we recommend that you employ a regular review of your certificates and private keys to prevent any disruptions in transaction processing.

Your account's contact information is used by CyberSource when sending out notifications. To ensure these reach the appropriate persons, your account administrator may update them from the Account Management – Merchant Information section in the Business Center, or, you may provide Customer Support any updated contact information.

Please review CyberSource instructions for updating your SCMP keys.

CyberSource Server Certificate CyberSource_SJC_US.crt

Right-Click the link below to obtain the most recent version of the CyberSource server certificate. This key is required for all transactions sent to the CyberSource transaction servers. Each environment (Test and Production) uses its own CyberSource server certificate.

Test Environment Certificate


Production Environment Certificate


To install this Server Certificate:

  1. Locate the currently installed CyberSource server certificate on all machines that send transactions to CyberSource in the given environment (Test or Production) which you are updating.
  2. Rename the currently installed CyberSource server certificate to CyberSource_SJC_US.crt.bak
  3. Place the newly acquired CyberSource server certificate in the same directory as the now-renamed server certificate.
  4. Follow the steps below in "How to Determine the expiration date of your merchant and/or CyberSource certificate" to ensure that you have the new CyberSource server certificate. The expiration date should display a future date.

How to Determine the expiration date of your merchant and/or CyberSource certificate

For Windows

  • Navigate to the location of the ‘keys’ directory within the server in question,then
    find the files named either ‘.crt’ or ‘CyberSource_SJC_US.crt’
  • Double-click to open the file.
  • A window should appear with multiple tabs.
  • Select the "General" Tab.
    Note: You will see a message under "Certificate Information" stating "Windows
    does not have enough information to verify this certificate." This is a normal
    message; you can ignore this and proceed to the next step.
  • Look for the Valid from/to row. A good certificate will display a date range with
    an end-date in the future.
  • If you have the expired certificate it will show the "valid to" date as a past date.

For Unix/Linux systems

Find the <merchant_id>.crt or CyberSource_SJC_US.crt file. Normally this is within the default directory structure:

> cd /opt/ics/keys

Execute the "strings" command against this file and grep for the unique character "Z".

> strings CyberSource_SJC_US.crt | grep Z

You should see something similar to the following data returned:


Executing the "strings" command against a good public key file:

> strings CyberSource_SJC_US.crt | grep Z

You should see the following data returned: