1. What is a secure WWW server?
   
2. Why does a warning message appear in Netscape 3?
3. How do I setup SSL?
   
4. How safe is a secure server?
   
5. With SSL installed in my account is all order form information encrypted?
   
6. How do I process Secure Credit Card Transactions?
   

What is a secure WWW server?

A secure WWW server uses the Secure Socket Layers (SSL) technology to establish an encrypted connection between the WWW server and the client. The SSL Protocol is designed to provide privacy between two communicating applications (a client and a server). Second, the protocol is designed to authenticate the server, and optionally the client.

Why does a warning message appear in Netscape 3?

On July 27, 1998, Thawte's root certificate expired in 3.x web browser versions. Any user that connects to your SSL site using those browsers, will face an "expired certificate" error. All root certificates are set to expire on specific dates and the certificate issuing organizations will provide root certificate updates for users that are still using thoses browsers. The solution for this problem is very simple: the users should be linked to the Thawte website at:

http:www.thawte.com/ucgi/browsercheck.exe

You can find a more in-depth discussion of the issue at the following URL:

http://thawte.com/certs/server/rollpolicy.html

How do I setup SSL?

In order to set up SSL for your account, we need to know what secure certificate you will be using. If you are going to be using NetNation's certificate, you will have to access everything through a URL at one of our secure servers, such as:

https://ssl.netnation.com/~yourusername/something.html

instead of:

https://yourdomain.com/something.html

The latter means you have your own certificate. This requires you to obtain a company certificate from a certificate authority such as VeriSign or Thawte.

The difference between the two aside from the URL is that if people click on the security information icon in their browser, they will see that it is secure through NetNation Communications, Inc., instead of through your company. All data transfer will still be encrypted, however, and all credit card information, etc., will be secure, but sometimes customers would like to see that the certificate you are using is something that verifies your company.

There is a one-time setup fee of $50.00 for a secure server configuration. To get SSL setup for your account, do the following:

• Go to http://userservices.yourdomain.xx (replace yourdomain.xx with your domain name)
• Click on "Additional Services"
• Click on the appropriate Secure Server order form.

How safe is a secure server?

All keys generated by our private Certificate Authority at NetNation Internet use the keysize of 1024 bits. This keysize approaches industrial standards required for encryption. The other aspect is the implementation of SSL which is used on all Netscape's Secure Web server.

The SSL Protocol Specification is detailed here.

With SSL installed in my account is all order form information encrypted?

With SSL the security layer exists between the web site the person is connected to and the person's web browser. However, once the individual submits his/her information to you via email, a security risk exists. To tackle this problem, the email can be secured with PGP encryption. Once SSL is setup, you can configure PGP encryption with the provided  mail-secure-pgp.vws  script. Thus, with SSL & PGP a secure transaction is achieved.

How do I process Secure Credit Card Transactions?

Secure Credit Card Transactions can be done in one of two ways:

• Processing the Credit Card Manually
• Processing the Credit Card Online

Other than this the order taking is exactly the same. Here is information on this:

In either case an Order Form must be created to gather the information needed from the customer. This form is always created in HTML but the "action" of the form must call a script program. This program could be one that emails the information to you or contacts the Online Card Processing facilities. These topics are discussed below.

This order form must be called using Secure Socket Layer (SSL) encryption. This is where the URL to the page starts with: https://

Using NetNation's certificate would mean that the SSL key is bound to a name that is owned by NetNation. For example, a URL to call you page might be: https://secure.netnation.com/~goodweb

Where the web page can be either an HTML page (.htm) or an Active Server Page (.asp).

Please NOTE that SSL is NOT a standard that defines how Credit Cards transactions are processed. SSL is an encryption method that secures the information from someone's Web Browser to the Web site he/she is connected to.

This order form can be created as either straight HTML or as an ASP. NetNation offers a script, with its UNIX packages, that can be placed in any form. This script is called  mail-secure.vws

1. Manual Processing of Credit Cards

With the order form in place, the typical scenario for Manual processing of Credit cards is done like this:

• You must have a terminal "swipe card" machine and a merchant account of any bank
• You would received the information from the order form either through email or you download a file containing the orders
• You use the "swipe card" machine and manually enter in the credit card numbers and get authorization numbers
• You would send an email back to the customer stating order confirmation or denial

2. Online Processing of Credit Cards

With the order form in place, the typical scenario for Online processing of Credit Cards is done like this:

You need a Merchant account with a bank that supports online transactions. The most popular software for this is called CyberCash. CyberCash is working toward a solution to support global currency transactions. However, CyberCash currently offers purchases made only with U.S. dollars and at online merchants who have a U.S. bank account. For more information on CyberCash and supporting banks, visit the CyberCash website.

NetNation supports the CyberCash Cash register. This software must be configured with the Bank's software where you would have your Merchant account. NetNation does this as part of the setup fee.

To setup this service, first contact your bank and then CyberCash. After this stage, see Userservices Section to start setting up this service.

Your Order Form script must call functionality in the CyberCash software that submits credit orders and see if they have gone through. NetNation does not have scripts that call the appropriate functionality. It is your responsibility to create these scripts (CGI programming experience is required) or purchase software that has this automated. CyberCash does have some example scripts at their web site.

Another company is ibill, the Internet Billing Company.

For clients (companies which sell through ibill) who wish to use their own Internet merchant accounts, ibill provides transaction processing, bridging client web sites to the Credit Card Authorization Network. Clients can use ibill's secure web servers to deliver an industry recognized point-of-sale interface to paying end-users... or clients can write their own if they prefer.

For clients who prefer a simpler business relationship, ibill can also be a reseller of clients' online content, services and products. The client sells to ibill at wholesale, then ibill sells to customers (end-users) at retail. Since it is the retailer who is responsible for sales taxes, end-user billing and collection, credit card processing, etc., ibill Reseller clients have dramatically simplified accounting concerns.

For more info on ibill, visit the ibill website.

ibill also requires that you have some knowledge of CGI scripting and configuration. NetNation does not provide this setup.