}

		if ( ! in_array( 'aes-128-cbc', openssl_get_cipher_methods(), true ) ) {
			// Without AES-128-CBC ciphter method we can't create private key and certificate.
			return;
		}

		$args = array(
			'digest_alg'             => 'SHA256',
			'private_key_bits'       => 2048,
			'private_key_type'       => \OPENSSL_KEYTYPE_RSA,
			'encrypt_key'            => true,
			'subjectKeyIdentifier'   => 'hash',
			'authorityKeyIdentifier' => 'keyid:always,issuer:always',
			'basicConstraints'       => 'CA:true',
		);

		// Private key.
		$pkey = openssl_pkey_get_private( $private_key, $private_key_password );

		if ( false === $pkey ) {
			// If we can't open the private key we will create a new private key and certificate.
			if ( defined( 'OPENSSL_CIPHER_AES_128_CBC' ) ) {
				$args['encrypt_key_cipher'] = \OPENSSL_CIPHER_AES_128_CBC;
			} elseif ( defined( 'OPENSSL_CIPHER_3DES' ) ) {
				// @link https://www.pronamic.nl/wp-content/uploads/2011/12/iDEAL_Advanced_PHP_EN_V2.2.pdf
				$args['encrypt_key_cipher'] = \OPENSSL_CIPHER_3DES;
			} else {
				// Unable to create private key without cipher.
				return;
			}

			$pkey = openssl_pkey_new( $args );

			if ( false === $pkey ) {
				return;
			}

			// Export key.
			$result = openssl_pkey_export( $pkey, $private_key, $private_key_password, $args );

			if ( false === $result ) {
				return;
			}

			update_post_meta( $post_id, '_pronamic_gateway_ideal_private_key', $private_key );

			// Delete private certificate since this is no longer valid.
			delete_post_meta( $post_id, '_pronamic_gateway_ideal_private_certificate' );
		}

		// Certificate.
		$private_certificate = get_post_meta( $post_id, '_pronamic_gateway_ideal_private_certificate', true );
		$number_days_valid   = get_post_meta( $post_id, '_pronamic_gateway_number_days_valid', true );

		if ( empty( $private_certificate ) ) {
			$required_keys = array(
				'countryName',
				'stateOrProvinceName',
				'localityName',
				'organizationName',
				'commonName',
				'emailAddress',
			);

			$distinguished_name = array(
				'countryName'            => get_post_meta( $post_id, '_pronamic_gateway_country', true ),
				'stateOrProvinceName'    => get_post_meta( $post_id, '_pronamic_gateway_state_or_province', true ),
				'localityName'           => get_post_meta( $post_id, '_pronamic_gateway_locality', true ),
				'organizationName'       => get_post_meta( $post_id, '_pronamic_gateway_organization', true ),
				'organizationalUnitName' => get_post_meta( $post_id, '_pronamic_gateway_organization_unit', true ),
				'commonName'             => get_post_meta( $post_id, '_pronamic_gateway_organization', true ),
				'emailAddress'           => get_post_meta( $post_id, '_pronamic_gateway_email', true ),
			);

			$distinguished_name = array_filter( $distinguished_name );

			/*
			 * Create certificate only if distinguished name contains all required elements
			 *
			 * @link http://stackoverflow.com/questions/13169588/how-to-check-if-multiple-array-keys-exists
			 */
			if ( count( array_intersect_key( array_flip( $required_keys ), $distinguished_name ) ) === count( $required_keys ) ) {
				// If we can't open the private key we will create a new private key and certificate.
				if ( defined( 'OPENSSL_CIPHER_AES_128_CBC' ) ) {
					$args['encrypt_key_cipher'] = \OPENSSL_CIPHER_AES_128_CBC;
				} elseif ( defined( 'OPENSSL_CIPHER_3DES' ) ) {
					// @link https://www.pronamic.nl/wp-content/uploads/2011/12/iDEAL_Advanced_PHP_EN_V2.2.pdf
					$args['encrypt_key_cipher'] = \OPENSSL_CIPHER_3DES;
				} else {
					// Unable to create private key without cipher.
					return;
				}

				$csr = openssl_csr_new( $distinguished_name, $pkey );

				if ( false !== $csr ) {
					$cert = openssl_csr_sign( $csr, null, $pkey, $number_days_valid, $args, time() );

					if ( false !== $cert ) {
						openssl_x509_export( $cert, $certificate );

						update_post_meta( $post_id, '_pronamic_gateway_ideal_private_certificate', $certificate );
					}
				}
			}
		}
	}

	/**
	 * Get config.
	 *
	 * @param int $post_id Post ID.
	 * @return Config
	 */
	public function get_config( $post_id ) {
		$mode = get_post_meta( $post_id, '_pronamic_gateway_mode', true );

		$config = new Config();

		$config->payment_server_url = $this->acquirer_url;

		if ( 'test' === $mode && null !== $this->acquirer_test_url ) {
			$config->payment_server_url = $this->acquirer_test_url;
		}

		$config->set_merchant_id( get_post_meta( $post_id, '_pronamic_gateway_ideal_merchant_id', true ) );
		$config->set_sub_id( get_post_meta( $post_id, '_pronamic_gateway_ideal_sub_id', true ) );
		$config->set_purchase_id( get_post_meta( $post_id, '_pronamic_gateway_ideal_purchase_id', true ) );

		$config->set_private_key( get_post_meta( $post_id, '_pronamic_gateway_ideal_private_key', true ) );
		$config->set_private_key_password( get_post_meta( $post_id, '_pronamic_gateway_ideal_private_key_password', true ) );
		$config->set_private_certificate( get_post_meta( $post_id, '_pronamic_gateway_ideal_private_certificate', true ) );

		return $config;
	}

	/**
	 * Get gateway.
	 *
	 * @param int $post_id Post ID.
	 * @return Gateway
	 */
	public function get_gateway( $post_id ) {
		return new Gateway( $this->get_config( $post_id ) );
	}
}