Correct certificate chain format for `client_service_provider_certificate_chain`

[Noah-Vincenz]

Steps to reproduce:

1. "Creating a PSD2 context"

What should happen:

1. Create PSD2 Provider

What happens:

1. Running into `Error message: Certificate root is not trusted. Make sure that the last certificate in the chain is the root certificate.

SDK version and environment

• Tested on 0.15.0
• [X] Production

Extra info:

I have verified my certificate and its root certificate. I am unsure about the format for the client_service_provider_certificate_chain parameter value for the request body to the POST /payment-service-credential-provider endpoint for our certificates? Assuming I have the three certificates:

1. client signing certificate A
2. intermediate certificate B
3. root certificate C

What should the client_service_provider_certificate_chain value be? We have tried many different combinations

1. BC with new-line characters (\n) and -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- prefix and suffix for both B and C
2. BC without new-line characters (\n) and -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- prefix and without suffix for both B and C
3. B,C
4. [B,C]
5. CB ... and so on. Any help would be greatly appreciated.

[basst85]

Hi!

Check the following topic: https://together.bunq.com/d/46832

And this Medium blog: https://medium.com/@superseb/get-your-certificate-chain-right-4b117a9c0fce

[Noah-Vincenz]

@basst85 hello and thanks for your quick response.

I had used the medium blog article previously to validate my certificates and I have also gone through the bunq thread now, but I still seem to be having the same issue as Ryan in the bunq thread.

I have also contacted [email protected] back in December but have not heard back from them and sent them another follow up email yesterday.