This article is no longer valid as certificates are now no longer needed to access the portal. One now needs to only have the nominated phone to receive OTP.

Safaricom’s M-Pesa portal, located at, requires you to have a pre-installed certificate that identifies you as a “valid” entity. If you have tried accessing this site and getting something similar to the below error or another access error/failure, it means the portal has refused your connection request due to absence of the SSL Certificate identifying you.

Fig. 1: M-Pesa portal error

To acquire this certificate, these are the steps to follow:

  • Send a blank email to
  • You will receive an email in response after a short while (3-10 minutes) from the same email with a username and password like the one shown below (Fig. 2):
Fig. 2: M-Pesa automated reply
  • Go to the site using Internet Explorer browser. Using any other browser will shout out a warning similar to “You are not using Internet Explorer. This application will not work correctly” or worse, fail (or keep loading forever) with an error along the lines of “This page has not finished loading yet” as the site still uses VB on the back-end, which is not supported by any other browser (imagine that 👿 ). The browser will ask you for a username and password. Use the details received in the email above. The password is changed every week as specified in the email. If by any chance you cancelled the first username/password request, and subsequent requests automatically cancel, clear cookies and restart your IE browser, then try again.
  • Fill in the details as requested by the site, then press on Submit.
  • If you face any issues on submission e.g. the page shows the loading error below (Fig. 3), it means the browser is not yet compatible or has blocked some elements of the site. Try the steps shown after this to try and fix the problem
    • Go to Tools -> Compatibility View Settings
    • Add the site to the Compatibility View list
    • Go to Tools -> Internet Options -> Advanced
    • Under the Settings section, look for the options Use SSL 3.0, Use TLS 1.0,  Use TLS 1.1 and Use TLS 1.2 and check them all.
    • Go to Tools -> Internet Options -> Security
    • Click on Trusted Sites zone, then click on Sites under it
    • Add the site to the zone list, then click on OK
    • On the same tab, under Trusted Sites, click on Default Level to reset the security level defaults and show the levels slider, then set the Security level to Low on the slider
    • Restart/reopen your IE browser
Fig. 3: IE Site Loading error
  • Try submitting again. If the page submits successfully, the site might show you the message shown below (Fig. 4). If so, click on Yes. The resulting page then displays some info including a Request ID which can be used to track the request later on (Fig. 5).
  • Then you shall wait for between 2 – 10 days for them to process the application.
  • Once in a while, go back to the same site and click on the View the status of a pending certificate request link to view pending requests. If your request is processed, you shall get a download/install link for your certificate which you can use to download the certificate to install elsewhere, or simply install into IE if you prefer to use that browser for logging into your portal.
Fig 4. Site Confirmation Prompt

To install the certificate:

  • IE allows you to install the certificate automatically, but for other users, they need to download the certificate to their machines and perform the installation manually. Google for how to install custom certificates for your respective browser. The team has also provided documents on how to import and install the certificate (attached below)
  • Try loading the site again. It will ask you whether to use the newly installed certificate to identify you. Accept the prompt and you are good to go!
Fig. 5: Request ID received

This certificate can be installed and used on multiple machines within the same organization, thus eliminating the need to apply for a certificate for each machine BUT requires the private key associated with the certificate to be also exported. This is tricky, and requires some technical know-how. The site can also be run on any site able to execute JSP code and accepts custom certificates.

In the meantime, after solving your issues with the certificates, head over to ProxyAPI and begin integrating your Paybill or Till number into M-Pesa using the faster, easier way of integration. Or, if you got an online store using WooCommerce, head over to WordPress and check out the WooCommerce plugin powered by ProxyAPI.

If you want to make Lipa na M-Pesa API requests from anywhere on the Internet, we also got you. Check out Pay via ProxyAPI, which enables you to make LnM payments and receive both C2B and LnM callbacks via ProxyAPI, thus minimizing missing callbacks issues on Lipa na M-Pesa API.

For all M-Pesa APIs consultation, contact Peter via