To obtain a self-signed certificate, you can use the following command.
openssl req -x509 -newkey rsa:4096 -nodes -keyout private-key.pem -out cert.pem -sha256 -days 365 -pubkey
To run the previous command on Windows, you can use Git Bash or WSL.
This command will generate a self-signed certificate that lasts 365 days. You can adjust the duration by changing the value of the -days parameter. However, we recommend that the duration does not exceed one year.
It is important that the private key (private-key.pem) generated by the previous command be stored securely and under the highest confidentiality standards of your organization. Under no circumstances should it be shared or sent to a third party. We also recommend that access to this file in production and/or the key that protects it be restricted using proprietary mechanisms or those offered by key management systems (Key Management System, KMS) and/or secret management systems.
Upload the public certificate in Tu Cambio
You must upload the public certificate (cert.pem) obtained in the previous steps to Tu Cambio. You can do this through the Tu Cambio Company Dashboard, under the section Configuration > Public Key.
This will allow us to validate that the information sent is valid and that the source of the request is reliable, enabling the seamless execution of sensitive operations such as money transfers.