/ Secure Server
Worldindia.com Secure Server India
A secure WWW server uses the Secure Socket Layers (SSL) technology to establish an encrypted connection between the WWW server and the client. The SSL Protocol is designed to provide privacy between two communicating applications (a client and a server). Second, the protocol is designed to authenticate the server, and optionally the client.
On July 27, 1998, Thawte's root certificate expired in 3.x web browser versions. Any user that connects to your SSL site using those browsers, will face an "expired certificate" error. All root certificates are set to expire on specific dates and the certificate issuing organizations will provide root certificate updates for users that are still using those browsers. The solution for this problem is very simple: the users should be linked to the Thawte website at:
http:www.thawte.com/ucgi/browsercheck.exe
and follow the instructions.
You can find a more in-depth discussion of the issue at the following URL:
http://thawte.com/certs/server/rollpolicy.html
The Thawte certificate used by worldindia is valid and current but since this is an internal 3x browser related root certificate issue, Thawte has provided a root certificate update for those browsers.
In order to set up SSL for your account, we need to know what secure certificate you will be using. If you are going to be using worldindia's certificate, you will have to access everything through a URL at one of our secure servers, such as:
>https://ssl.worldindia.com/~yourusername/something.html
instead of:
https://yourdomain.com/something.html
The latter means you have your own certificate. This requires you to obtain a company certificate from a certificate authority such as VeriSign or Thawte.
The difference between the two aside from the URL is that if people click on the security information icon in their browser, they will see that it is secure through worldindia Communications, Inc., instead of through your company. All data transfer will still be encrypted, however, and all credit card information, etc., will be secure, but sometimes customers would like to see that the certificate you are using is something that verifies your company.
There is a one-time setup fee of $50.00 for a secure server configuration. To get SSL setup for your account, do the following:
Go to http://userservices.yourdomain.xx (replace yourdomain.xx with your domain name)
Click on "Additional Services"
Click on the appropriate Secure Server order form.
All keys generated by our private Certificate Authority at worldindia Internet use the keysize of 1024 bits. This keysize approaches industrial standards required for encryption. The other aspect is the implementation of SSL which is used on all Netscape's Secure Web server.
The SSL Protocol Specification is detailed here.
With SSL the security layer exists between the web site the person is connected to and the person's web browser. However, once the individual submits his/her information to you via email, a security risk exists. To tackle this problem, the email can be secured with PGP encryption. Once SSL is setup, you can configure PGP encryption with the provided mail-secure-pgp.vws script. Thus, fwith SSL & PGP a secure transaction is achieved.
Secure Credit Card Transactions can be done in one of two ways:
• Processing the Credit Card Manually
• Processing the Credit Card Online
• Other than this the order taking is exactly the same. Here is information on this:
In either case an Order Form must be created to gather the information needed from the customer. This form is always created in HTML but the "action" of the form must call a script program. This program could be one that emails the information to you or contacts the Online Card Processing facilities. These topics are discussed below.
This order form must be called using Secure Socket Layer (SSL) encryption. This is where the URL to the page starts with: https://
Using worldindia's certificate would mean that the SSL key is bound to a name that is owned by worldindia. For example, a URL to call you page might be: https://secure.worldindia.com/~abc
Where the web page can be either an HTML page (.htm) or an Active Server Page (.asp).
Please NOTE that SSL is NOT a standard that defines how Credit Cards transactions are processed. SSL is an encryption method that secures the information from someone's Web Browser to the Web site he/she is connected to.
This order form can be created as either straight HTML or as an ASP. worldindia offers a script, with its UNIX packages, that can be placed in any form. This script is called mail-secure.vws
1. Manual Processing of Credit Cards
With the order form in place, the typical scenario for Manual processing of Credit cards is done like this:
You must have a terminal "swipe card" machine and a merchant account of any bank
You would received the information from the order form either through email or you download a file containing the orders
You use the "swipe card" machine and manually enter in the credit card numbers and get authorization numbers
You would send an email back to the customer stating order confirmation or denial
2. Online Processing of Credit Cards
With the order form in place, the typical scenario for Online processing of Credit Cards is done like this:
You need a Merchant account with a bank that supports online transactions. The most popular software for this is called CyberCash. CyberCash is working toward a solution to support global currency transactions. However, CyberCash currently offers purchases made only with U.S. dollars and at online merchants who have a US bank account. For more information on CyberCash and supporting banks, visit the CyberCash website.
worldindia supports the CyberCash Cash register. This software must be configured with the Bank's software where you would have your Merchant account. worldindia does this as part of the setup fee.
Your Order Form script must call functionality in the CyberCash software that submits credit orders and see if they have gone through. worldindia does not have scripts that call the appropriate functionality. It is your responsibility to create these scripts (CGI programming experience is required) or purchase software that has this automated. CyberCash does have some example scripts at their web site.
For clients (companies which sell through ibill) who wish to use their own Internet merchant accounts, ibill provides transaction processing, bridging client web sites to the Credit Card Authorization Network. Clients can use ibill's secure web servers to deliver an industry recognized point-of-sale interface to paying end-users... or clients can write their own if they prefer.
For clients who prefer a simpler business relationship, ibill can also be a reseller of clients' online content, services and products. The client sells to ibill at wholesale, then ibill sells to customers (end-users) at retail. Since it is the retailer who is responsible for sales taxes, end-user billing and collection, credit card processing, etc., ibill Reseller clients have dramatically simplified accounting concerns.