New in Chargebee: Explore Reveal and understand your payment performance end-to-end.Try Now
Docschargebee docs
HomeBillingPaymentsRevRecGrowthReveal
Support

Product Updates

  • Release Notes

Payment Methods

  • Payment Methods Overview
  • Cards
  • Direct Debit
  • Bank Based Payments
  • Wallets
  • Vouchers
  • Articles and FAQ

Payment Gateways and Configuration

  • Payment Gateways Overview
  • Chargebee Test Gateway
  • Stripe
  • PayPal Payment Services
  • Chargebee Pay
  • Adyen
  • Authorize.net
  • Bambora (formerly Beanstream)
  • Bank of America
  • BluePay
  • BlueSnap
  • Braintree
  • Checkout.com
  • CyberSource
    • Certificate-Based Authentication - Migration Guide
    • CyberSource Direct Integration
    • CyberSource via Spreedly
  • dLocal
  • EBANX
  • Ecentric
  • Elavon
  • E-xact Direct Integration
  • eWay Rapid
  • Global Payments
  • GoCardless
  • J.P. Morgan Mobility Payment Solutions
  • Metrics Global
  • Mollie
  • Moneris
  • Network Merchants Incorporated (NMI)
  • Nuvei
  • Orbital (Chase Paymentech)
  • Pay.com
  • Paymill
  • Paystack
  • Pin Payments
  • QuickBooks Payments
  • Razorpay
  • Sage Pay
  • Solidgate
  • Twikey
  • Windcave
  • Worldline Online Payments(formerly Ingenico)
  • Worldpay
  • Articles and FAQ

Level 2/3 Data Support

  • Level 2/3 Data Support

Advanced Routing

  • Advanced Routing

Dunning

  • Dunning
  • Articles and FAQ

Offline Checkout

  • Offline Checkout
  • Articles and FAQ

Transaction Sync & Invoice Mapping

  • Transaction Sync and Invoice Mapping

Fraud Management

  • Fraud Management

Error Handling

  • Errors with Root Cause and Troubleshooting

Payment Lifecycle Logs

  • Payment Intents
  • Transactions
  • Gateway Activity Logs
  • Gateway Webhook Logs
  • Articles and FAQ

Others

  • Reach (Merchant of Record)
  • Payment Verification
  • Bulk Deletion of Payment Methods
  • Custom Payment Methods
  • Payment Initiator Parameter
  • PSD2 and Strong Customer Authentication
  • RBI e-Mandate
  • RBI Tokenization Regulations
  • Chargeback Management
  • Transaction Descriptors
  • Payment Preferences
  • Visa Trial Rules
  • Mastercard Trial Rules
  • Co-badged Card Compliance
  • Articles and FAQ
  1. Payments
  3. Payment Gateways and Configuration
  5. CyberSource
  6. Certificate-Based Authentication - Migration Guide
  1. Payments
  3. Payment Gateways and Configuration
  5. CyberSource
  6. Certificate-Based Authentication - Migration Guide

Certificate-Based Authentication - Migration Guide

Starting August 13, 2025, Cybersource will no longer support username and password authentication for SOAP toolkit users. To ensure uninterrupted service, Chargebee users must migrate to P12 certificate-based authentication by this date.

What is changing?

  • Deprecated: Username/password authentication (SOAP toolkit).
  • Required: P12 certificate-based authentication.
  • Enforcement Date: August 13, 2025.
  • Impact: API requests using username/password will be rejected.

Who is this for?

This guide is intended for Chargebee users who have integrated CyberSource as a payment gateway using the SOAP toolkit.

Migration Overview and Step-by-Step Guide

To switch to certificate-based authentication, you will need to:

  1. Generate a .p12 certificate from the CyberSource Business Center.
  2. Extract the private and public keys.
  3. Update keys in your Chargebee settings.

Step 1: Generate a .p12 Certificate File

Follow these steps to generate a .p12 certificate file from the CyberSource Business Center:

  1. Log in to the Business Center.
  2. From the left navigation, go to Payment Configuration > Key Management.
  3. Click + Generate Key.
  4. On the Create Key screen:
    • Select Simple Order API
    • Click Generate Key
  5. Set a new password, confirm it, and remember it for later use.
  6. Download the .p12 file.

Learn more in this CyberSource document.

Note

The .p12 file contains your Simple Order API key. Ensure it is stored in a secure location with restricted access.

Step 2: Generate Your Private Key

Run the following OpenSSL command(it uses the password you entered when the certificate was generated in the Dashboard):

openssl pkcs12 -in <path_to_certificate_file> -nodes -nocerts -out <certificate_name>_private_key

This will generate a file *_private_key containing the :

-----BEGIN PRIVATE KEY-----  
<Content of the private key in base 64>
-----END PRIVATE KEY-----

Use this entire content in Chargebee's Private Key field.

Step 3: Generate Your Public Key (Certificate)

Run the following OpenSSL command (it uses the password you entered when the certificate was generated in the Dashboard):

openssl pkcs12 -in <path_to_certificate_file> -clcerts -nokeys -out <certificate_name>.pem

This will create a .pem file with a block like:

-----BEGIN CERTIFICATE-----
<Content of the public key in base 64>
-----END CERTIFICATE-----

Use the base64 block alone for Chargebee's Public Key field.

Step 4: Add Keys to Chargebee

  1. Log in to your Chargebee Billing site.
  2. Go to Settings > Configure Chargebee > Payment Gateways.
  3. Click Cybersource > Manage.
    image
  4. Paste the Private and Public keys in their respective fields.
  5. Click Connect.
    image

Deadline Reminder

You must complete this migration by August 13, 2025, to avoid authentication failures.

Additional Resources

  • Cybersource P12 Certificate Guide
  • Spreedly Certificate Mode Reference

Was this article helpful?