{"id":24564751,"url":"https://github.com/abzico/wepaycertverify","last_synced_at":"2026-05-14T23:36:59.697Z","repository":{"id":144085044,"uuid":"132329326","full_name":"abzico/wepayCertVerify","owner":"abzico","description":"WeChat Payment HTTPS Server Certificate Verification - a repo to verify whether your server supports new certificate deployed by Tencent","archived":false,"fork":false,"pushed_at":"2018-06-12T01:05:12.000Z","size":10,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-06-02T17:38:29.236Z","etag":null,"topics":["certificate","javascript","js","node","nodejs","server","verification","wechat","wechat-payment"],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/abzico.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-05-06T10:45:07.000Z","updated_at":"2018-06-12T01:05:14.000Z","dependencies_parsed_at":"2023-05-26T09:45:38.287Z","dependency_job_id":null,"html_url":"https://github.com/abzico/wepayCertVerify","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/abzico/wepayCertVerify","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/abzico%2FwepayCertVerify","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/abzico%2FwepayCertVerify/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/abzico%2FwepayCertVerify/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/abzico%2FwepayCertVerify/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/abzico","download_url":"https://codeload.github.com/abzico/wepayCertVerify/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/abzico%2FwepayCertVerify/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":269699248,"owners_count":24461211,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-10T02:00:08.965Z","response_time":71,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["certificate","javascript","js","node","nodejs","server","verification","wechat","wechat-payment"],"created_at":"2025-01-23T11:29:26.327Z","updated_at":"2026-05-14T23:36:54.642Z","avatar_url":"https://github.com/abzico.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![donate button](https://img.shields.io/badge/$-donate-ff69b4.svg?maxAge=2592000\u0026amp;style=flat)](https://github.com/abzico/donate)\n\n# wepayCertVerify\n\nWeChat Payment HTTPS Server Certificate Verification - a repo to verify whether your server supports new certificate deployed by Tencent\n\n# Why?\n\nFrom [offical anouncement](https://pay.weixin.qq.com/index.php/public/cms/content_detail?lang=zh\u0026id=56602) from Tencent about it will be enforcing new certificates for WeChat Payment by updating its own root CA certificates to be DigiCert, and set deadline upto 29 May 2018, we need to proceed with update according to its guideline.\n\nBasically what we need to do is\n\n1. Verify whether we do need a further actions to install actual root CA certificates from Wechat Payment or not, if not which means it **passed** the verification, then we have no need to do anything further. This repo follows guideline as seen [here](https://pay.weixin.qq.com/wiki/doc/api/micropay.php?chapter=23_4) for its verification.\n2. If not, then we just need to grab root CA certificates as found [here](https://pay.weixin.qq.com/wiki/doc/api/micropay.php?chapter=23_4) then install them onto your server.\n\nSo this repo has code to help you verify for 1. If you need to perform 2, then continue reading to find instruction on how to install certificate on your server in this README file.\n\n# How to Verify?\n\n* Clone the repo to your computer\n* Configure your merchant platform key, and merchant number in `apitest.js`. See its corresponding comments inside source file.\n* Execute `node apitest.js`\n\nIf you see `success` as seen in following similar result, you're good to go and no need to perform 2.\n\n```xml\n\u003cxml\u003e\n    \u003creturn_code\u003e\u003c![CDATA[SUCCESS]]\u003e\u003c/return_code\u003e\n    \u003creturn_msg\u003e\u003c![CDATA[ok]]\u003e\u003c/return_msg\u003e\n    \u003csandbox_signkey\u003e\u003c![CDATA[aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa]]\u003e\u003c/sandbox_signkey\u003e\n\u003c/xml\u003e\n```\n\nin which value inside `sandbox_signkey` is 32 hex-char that you will be using in other payment API.\n\n# Beware!!\n\n* `apitest.js` file is meant to be executed on your system as a testing script. You modify its source code for `KEY` and `MCH_ID` but you should **never** commit such changes back to your or upstream repository. If you found some enchancements that you want to modify, please make sure to not commit your `KEY` and `MCH_ID` back to repo.\n\n# How to List \u0026 Install Root CA Certificates On Your Server?\n\n## Ubuntu 16.04\n\n### List\n\nYou can list all of root CA certificates by using the following command (thanks to [Stephane Chazelas](https://unix.stackexchange.com/a/97252/206440))\n\n```shell\nawk -v cmd='openssl x509 -noout -subject' '\n    /BEGIN/{close(cmd)};{print | cmd}' \u003c /etc/ssl/certs/ca-certificates.crt\n```\n\n### Install\n\nFollow insructions [here](https://askubuntu.com/a/94861/399650).\n\n\u003e In short, you need to manage to get `.crt` file (convertable from `.pem` file) then let the system knows path to such certificates.\n\n\n## CentOS 7\n\n### List\n\nYou can manually take a peek at `/etc/ssl/certs/ca-bundle.crt` then search for the name of certificate there exactly and namely \"DigiCert Global Root CA\" or \"Baltimore CyberTrust Root CA\". If one of either the twos is found, you're most likely good to go. Just make sure with step 1. again to be 100% sure.\n\nOtherwise, we could follow the similar approach done with Ubuntu above by using the following command (thanks to [Nathan Basanese](https://unix.stackexchange.com/a/363309/206440))\n\n```shell\n$ awk -v cmd='openssl x509 -noout -subject' '\n    /BEGIN/{close(cmd)};{print | cmd}' \u003c /etc/ssl/certs/ca-bundle.crt\n```\n\n### Install\n\nFollow instructions [here](https://unix.stackexchange.com/a/363309/206440).\n\n# License\n\nAbzi.co. MIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fabzico%2Fwepaycertverify","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fabzico%2Fwepaycertverify","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fabzico%2Fwepaycertverify/lists"}