SECURE ORDERING >
SECURE ORDER FACILITY
Our website is open for every customer to browse through
the various pages of the site at ease, checking out
various gifts, looking at their pictures and reading
about them.
As a decision is made to proceed
and order a gift our customer clicks on a specific
button entitled "order" this button links
the process to the next stage of the ordering process,
choosing an additional gift where available.
You will finally proceed to
our order form. On the way to the form you will pass
through to our secure server facility provided in
association with Thawte. This will mean that all your
more confidential order information will be sent and
received in confidence through our confidential data
transfer.
SECURE ORDERING > SECURE
SITE LOGO
The following logo appears on the home page of
our site to confirm that we offer the secure server
facility.
SECURE ORDERING > SECURE
MESSAGE
The following message can be displayed as you
pass to the secure server facility.
"You are attempting
to make a secure connection to this Web site. This
Web site provides secure communication and has a valid
certificate. Secure communication means that information
you provide, such as your name or credit-card number,
is encrypted so that it can’t be read or intercepted
by other people. The certificate is a statement guaranteeing
the security of this Web site. A certificate contains
information that a specific Web site is authentic.
This ensures that no other site can assume the identity
of the original site.
When you enter a secure Web
site, Internet Explorer displays this dialog box and
a lock icon in a locked position on the status bar.
When you leave a secure Web site, Internet Explorer
displays a dialog box to notify you.
If you want to see this dialog box whenever you have
entered a secure Web site, make sure the check box
named In the future, do not show this warning is clear."
SECURE SERVER >
THAWTE GUIDE
The following information has been copied from a guide
produced by Thawte to explain the use of the secure
server facility to their customers.
The Thawte Guide to Building
Customer Confidence through SSL Certificates and SuperCerts
Contents
- Overview
- Why SSL?
- Who needs
an SSL certificate?
- How
to tell if a website is secure
- Browser
warnings
- What
is an SSL certificate?
- The
benefits to your business
- The role
of Thawte
1. Overview
In this guide you’ll read
about the need for security on the Internet, what
an SSL certificate is, and how such a digital certificate
is used to meet this very human demand for safe interaction
over the Net. Finally, we’ll tell you about the
role of Thawte as a trusted third party.
2. Why SSL?
When you walk into a store,
you know who you are dealing with. You see the products,
the branding and the store assistant. You can be sure
that if something should be wrong with your purchase,
you’ll have recourse to the store manager or
owner.
But on the Internet, website
visitors generally have no reliable way of knowing
who owns the website (the virtual store). When customers
visit a website with the intent of making an online
purchase, they want to know whom they’ll be paying.
They want proof of the identity of the website owner,
and they want to know that the personal information
they send to the website cannot be intercepted by
other Internet users. This is where SSL digital certificates
come to the fore.
SSL (Secure Socket Layer) is
a protocol developed by Netscape that enables a web
browser and a web server to communicate securely;
it allows the web browser to authenticate the web
server. The SSL protocol requires the web server to
have a digital certificate installed on it in order
for an SSL connection to be made.
Thanks to an SSL-enabled web
server and a Thawte SSL certificate, a customer connecting
to a secure website is assured of three things:
Authentication: The website
really is owned by the company that installed the
certificate.
Message privacy: Using a unique “session key”,
SSL encrypts all information exchanged between your
web server and your customers, such as credit card
numbers and other personal data. This ensures that
personal information cannot be viewed if it is intercepted
by unauthorized parties.
Message integrity: The data cannot be tampered with
over the Internet.
Your customers benefit because they know that by checking
the details in the certificate, they can assure themselves
that the website they are dealing with is in fact
the website they want to be dealing with. They also
know that a third party on the Internet cannot intercept
their credit card or personal details.
If it is important for you to
assure your customers that they are not at risk when
sending data over the Internet, you should get an
SSL certificate. If you have more than one domain
name to secure, then you should have more than one
SSL certificate. Digital certificates are domain name
and host name specific, so you will need as many certificates
as you have domain names.
Reassurance pays. Your e-commerce
business will benefit from the SSL- enabled web server
and digital certificate and you'll see an increase
in online purchases from customers who feel more secure
buying from you online.
3. Who needs an SSL certificate?
Any website owner whose website
has online ordering facilities and who wants to assure
customers that they are not exposed to any of the
risks associated with sending data over an open network
(such as the Internet).
4. How to tell if a website
is secure
If a website does not have an
SSL certificate, web users will see the "unlocked"
icon in their browser windows.
Valid certificate: If a secure
SSL connection is established between the web browser
and the web server, the “http” in the web
address will normally change to “https”,
for example: “http://www.thawte.com” becomes
https://www.thawte.com. The SSL connected browser
will also display the "locked" icon. To
test whether a site has a valid certificate, try to
initiate a secure connection with that website by
accessing the URL using the https:// prefix instead
of http://.
5. Browser warnings
When you submit information
to a website that does not have an SSL certificate,
your browser will present you with a warning message.
Below is an example of such a warning given in a Netscape
browser:
If however, a website is using
a valid digital certificate, then the web user will
be informed that the website they are visiting has
a digital certificate issued by a recognized Certifying
Authority (such as Thawte), and that any data they
submit to that site will be encrypted. By checking
the certificate, the customer can verify that the
website is valid and who it belongs to.
6. What is an SSL Certificate?
Below is an example of what
a digital certificate looks like when viewed by a
web user using a Netscape browser.
An SSL certificate contains the following information:
The domain for which the certificate
was issued.
The owner of the certificate (who is also the person/entity
who has the right to use the domain).
The physical location of the owner.
The validity dates of the certificate.
When you connect to a secure web server such as https://www.thawte.com,
that server authenticates itself to the web browser
by presenting a digital certificate.
This authentication is quite
a complex process that involves the exchange of a
“public key” and the use of a “session
key “ for encryption. The process is seamless
to the user. The certificate serves as proof that
an independent trusted third party, such as Thawte,
has verified that the server belongs to the company
it claims to belong to. A valid certificate gives
customers confidence that they are sending personal
information securely, and to the right place.
Public/private key pairs
When you request a certificate, you generate a key
pair on your server. When a key pair is generated
for your business, your “private key” is
installed on your server; nobody else has access to
it.
Your matching “public key,”
is also installed on your web server as part of the
digital certificate. The public and private keys are
mathematically related, but are not identical. Customers
who want to communicate with you privately use the
public key in your Server ID to encrypt information
before sending it to you. (Again, this is a seamless
process.) Only the private key can decrypt this information.
Customers will feel secure in the knowledge that nothing
they submit to your server will be seen by a third
party.
7. The benefits to your business
Thawte SSL Certificates and
SuperCerts provide:
Confidence in the integrity
and security of your online business and network infrastructure.
Customers are becoming increasingly aware of the advantages
of SSL security and will often not purchase online
from non-secure stores. All major web merchants use
SSL security backed by strong warranties to encourage
customers to buy online.
Interoperability and support for standard applications
and browsers, such as Microsoft Internet Explorer
and Netscape Communicator.
Non-forgeable proof of your website identity.
Ease of use.
A stand-alone solution: no installation of any extra
software on the server or the browser is required.
8. The role of Thawte
Thawte Certification issues
server certificates to organizations and individuals
worldwide. Thawte verifies that the company requesting
the certificate is who it says it is, and that it
has authorized the certificate. Thawte also checks
that the company in question owns the relevant domain.
Thawte certificates interoperate smoothly with the
latest software from Microsoft and Netscape, so you
can rest assured that your purchase of a Thawte Server
Certificate will give your customers the confidence
to transact with you online.
Thawte offers efficient personal
service and a straightforward certification process.
You can be sure of our excellent after sales support.
(see link below)
|
