API endpoints for iovation FraudForce are changing to require mutual TLS authentication via client certificates. This announcement describes what you need to do to comply with this new requirement if you're using the Journey Exchange iovation TAF component.
Starting from 1 November 2023, API endpoints for iovation FraudForce require mutual TLS authentication via client certificates. Accordingly, the Journey Exchange iovation TAF component has been updated to comply with this new requirement. Without this component update, API calls will cease to work from that date.
iovation, TruValidate, and TransUnion are all names used at various times that refer to the same service.
To complete these instructions, you need:
openssl and Java
keytool command-line tools installed on your computer
To maintain connectivity to the iovation FraudForce API endpoint, follow these steps:
Install version 1.6.0 of iovation TAF from Journey Exchange. This is the first version with support for mutual TLS authentication. It will update the service Iovation TAF - Check Transaction Details.
Ensure these existing service parameter values are preserved, or re-enter them after the update:
If TransUnion has not provided you with a PEM-encoded client certificate, contact TransUnion support to request one. They will send you a client certificate, probably with a
.txt extension, via secure email or another secure method.
Your PEM-encoded certificate file contains lines like this:
<certificate content in base64>
-----BEGIN RSA PRIVATE KEY-----
<private key content in base64>
-----END RSA PRIVATE KEY-----
The Service Connection requires a Java KeyStore (JKS file), not a PEM file. So, you need to convert your PEM file to a password-protected JKS file.
The commands below assume you have saved your PEM file as
customer.pem. Executing these commands produces an interim file called
customer.p12, and an output file called
customer.jks. You can use different file names, but if you do replace all instances of each file name in both commands.
The passwords in the commands below MUST be the same everywhere. Replace all instances of
PASSWORD with your own choice.
In a terminal or command prompt, enter the following commands.
openssl pkcs12 -export -in customer.pem -out customer.p12 -name iovationalias -passin pass:PASSWORD -passout pass:PASSWORD
keytool -v -importkeystore -srckeystore customer.p12 -srcstoretype PKCS12 -destkeystore customer.jks -deststoretype JKS -srcstorepass PASSWORD -deststorepass PASSWORD -srcalias iovationalias -destalias iovationalias
You can verify the resulting
customer.jks file is valid by running the following command:
keytool -v -list -keystore customer.jks -storepass PASSWORD
Follow these steps:
In the Endpoint box, enter the URL for your environment:
Enter values for other Service Connection properties as shown below.
When you subscribe to our announcements, we will send you an e-mail when there are new updates on the site so you won't miss them.