Generating your certificates using the wizard

If you have visited the page for generating Encrypted Payment Buttons, then you already know that you need to generate your PKCS12 certificate file and public certificate file (*.pem) in order to generate Encrypted Payment buttons. If you are using ASP.NET MVC framework, then, you will find a stand-alone portable certificate generation tool available in the same zip file that you have downloaded.

Standalone PayPal Certificate Generator tool window for producing the PKCS12 and *.pem certificate files needed for Encrypted Website Payments.

But if you are using Web Form, then, you will find the Certificate Generator tool built into all PayPal buttons and you can invoke that tool from the design time smart tag wizard by following the provided steps:

  1. From the smart tag of a BuyNow button, check the option 'Generate Encrypted Button'. Once you checked that option, a link will be shown named 'Settings and Automation Wizard for EWP'.
Buy Now button Smart Tag with the 'Generate Encrypted Button' option ticked, which exposes the link to launch the built-in EWP wizard.
  • Click that link 'Settings and Automation Wizard for EWP', the Encrypted Button generation wizard will be shown up. In that dialog, click the "Generate Certificates Now" button as shown in the following screenshot:
    • EWP Settings and Automation Wizard with the 'Generate Certificates Now' button highlighted, which launches the built-in certificate generation tool.
  • Once this button is clicked, the Certificate Generation window will appear.
    • PayPal certificate generation wizard window with the input form for organization details that will be baked into the generated PKCS12 and public certificates.
  • This tool is similar to the stand-alone tool we introduce you. The following instructions are applicable to both Web Form users and MVC users as the usage for the tool is same.
  • Now, please fill up the form shown in the tool and it is very self-explanatory and clear. Every text-box is backed up with a help button. Clicking the help button will pop up a message box with the explanation of that field. Please fill up at least your Company Name, Your Name, Your Email Address. The 'company name' and your 'name' must match with the 'company name' and your 'name' that you have in your PayPal account. Otherwise, PayPal will refuse to accept the encrypted button payment with the error "The merchant does not have business or premier account.".
  • Then, provide a file path for saving your generated public certificate file (*.pem) which will be uploaded to PayPal for getting your Certificate ID. Also, provide the file path for saving the generated PKCS12 file (*.p12). Please note: You should save these files within the App_Data folder of your web application. Because these folders are secured and the confidential files kept in this folder cannot be downloaded by any client browser. Once you provide the file paths, the information will be passed back to the first window where credentials are asked. Finally, provide a password for protecting your PKCS12 file. This information will also be passed back to the first window.
  • Click "Generate Certificates Now" button.The certificates will be generated using OpenSSL command line utility in the background.
    • PayPal certificate generation wizard with every text-box filled in (organization name, country, state, city, common name, output folder, password) and ready to generate the certificate files.
  • Go Back to generating Encrypted Payment Button page.

    • Some facts about OpenSSL:

    At this point, you should know that the certificates will be generated using OpenSSL command line utility but you won't have to worry about this at all. If your computer already has this software installed, it will find out and call the OpenSSL internally and generate the certificates for you without letting you learning any commands for this command line utility. If this wizard cannot find the OpenSSL installed, it will show you the following option box:

    OpenSSL Not Found dialog offering two options: point the wizard at a downloaded installer, or let the wizard download and install OpenSSL 0.9.8 automatically.

    If you have this software already downloaded but did not install yet, you can provide the path of the installer and choose the first option and click Ok. In that case, the wizard will start installing the software without requiring your interruption. Once OpenSSL is installed, the wizard will generate the certificates using the help of OpenSSL.

    If you do not have the installer for OpenSSL, no need to worry, just provide a folder path where you want the wizard download OpenSSL for you. Once you click 'Yes', the wizard will show the download progress window and let you wait for the OpenSSL file to be downloaded as shown in the following screenshot:

    OpenSSL installer download progress dialog (about 6 MB) shown while the wizard fetches OpenSSL 0.9.8 from the SpiceLogic server before installing it silently.

    OpenSSL is only about 6MB and it downloads very fast. Once it is downloaded, the wizard already knows the location of the installer, so it will start installing the software without requiring your interruption. Once OpenSSL is installed, the wizard will generate the certificates.

    If your computer has these DLL files: C:\Windows\system32\ssleay32.dll, C:\Windows\system32\libeay32.dll, C:\Windows\system32\libssl32.dll then these files will need to be overwritten by OpenSSL installer, otherwise OpenSSL will not be able to generate certificates for you. So, when the wizard calls the installer, if the installer finds these DLL files in your system, it will show you a warning dialog box with the message of overwriting those System DLL files. However, this wizard will give you an option to back up those files before they are overwritten. The warning dialog of the wizard will ask you if you want to back up those system DLL files or not. If you choose 'Yes', the wizard will ask you the folder path for backing up the files. As shown in the following screenshot:

    OpenSSL installer warning dialog about overwriting a system DLL during installation; the wizard recommends accepting so OpenSSL 0.9.8 finishes correctly.

    We apologize for the fact that our control's certificate generator does not work with the latest version of the OpenSSL. Rather it works with OpenSSL version 0.9.8 which is very stable. We have hosted that version on our server. When you run the certificate generation wizard, the wizard actually downloads that specific version of OpenSSL file from our server. You can directly download that old version from our server, using this link: http://spicelogic.com/PublicFiles/productPrerequisites/Win32OpenSSL-0_9_8d.exe

    Last updated on Jan 7, 2026
    Downloading PayPal Public Certificate
    Index Page
    Uploading your Public Certificate to PayPal