|
LIBRARY/FAQ
: WISe-Server Digital Certificate Instructions
The PDF formatted files must be opened using the
Adobe®
Acrobat® ReaderTM plug-in. Many browsers already contain
the plug-in, but if you are unsure if yours does, click on the following
link to find out, or to download the Acrobat
Reader plug-in.
What is a WISe-Server digital certificate?
This document answers many of the most common questions about
WISeKey´s server certificates
WISeKey WISe-Server Certificate: 128-bit Global Server ID:
The Basics
How 128-bit SSL Global Server IDs Work
How to Qualify to Purchase 128-bit SSL Global Server IDs
with Secure Site Pro or Commerce Site Pro
How to Enroll for and Purchase 128-bit SSL Global Server
IDs
WISe-Server Certificates: The Basics
Q.
A. |
What is the difference
between a VeriSign 40-bit SSL Secure Server ID and a 128-bit
SSL Global Server ID?
The primary difference between the two types of IDs is
the strength of the SSL session that each enable. Secure
Sockets Layer (SSL) technology is the industry-standard
method for protecting Web communications developed by
Netscape Communications Corporation. The SSL security
protocol provides data encryption, server authentication,
message integrity, and optional client authentication
for a TCP/IP connection. Because SSL is built into all
major browsers and Web servers, simply installing a digital
certificate turns on their SSL capabilities.
SSL comes in two strengths, 40-bit and 128-bit, which
refer to the length of the "session key" generated by
every encrypted transaction. The longer the key, the more
difficult it is to break the encryption code. Most browsers
support 40-bit SSL sessions, and the latest browsers enable
users to encrypt transactions in 128-bit sessions - trillions
of times stronger than 40-bit sessions.
All WISe-Server certificates include 128-bit SSL Global
Server IDs, which enable 128-bit SSL encryption - the
world's strongest - with both domestic and export versions
of Microsoft® and Netscape® browsers. (Most people
in the U.S. use export-version browsers).
There are other types of server IDs which include 40-bit
SSL Secure Server IDs, which enable industry-standard
40-bit SSL when communicating with export-version Netscape
and Microsoft Internet Explorer browsers, and 128-bit
SSL encryption when communicating with domestic-version
Microsoft and Netscape browsers.
return to top |
Q.
A. |
Why do I need a 128-bit
SSL Global Server ID?
As an e-commerce business, you must deliver the highest
levels of trust and security so your customers can be
certain that your site is real, and that the information
they send you via their Web browsers stays private.
To deliver the world's highest level of trust, WISeKey
authenticates your organization, enabling end users to
verify your site and communicate via state-of-the-art
SSL or WTLS encryption. This protects confidential information
- such as credit card numbers, online forms, and financial
data - from interception and hacking. WISeKey is also
one of the world's only providers of 128-bit, strong-encryption
certificates.
return to top |
Q.
A. |
Can I try WISe-Server certificates
before purchasing?
If you wish to obtain a WISe-Server certificate for testing
purposes then contact your local Affiliate Registration
Office, or WISeKey.
return to top
|
How VeriSign 128-bit SSL Global Server IDs Work
Q.
A. |
What is "strong encryption"?
"Strong encryption" refers to the technology that the
128-bit SSL Global Server IDs included with Secure Site
Pro and Commerce Site Pro solutions use to secure online
communications. Global Server IDs enable the negotiation
of SSL or TLS sessions using "strong" 128-bit RC2 or RC4
encryption.
SSL is the industry-standard method developed by Netscape
Communications Corporation for protecting Web communications.
The SSL security protocol provides data encryption, server
authentication, message integrity, and optional client
authentication for a TCP/IP connection. SSL comes in two
strengths, 40-bit and 128-bit, which refer to the length
of the "session key" generated by every encrypted transaction.
The longer the key, the more difficult it is to break
the encryption code. Any software with encryption features
having key lengths over 40 bits is considered strong encryption
by the U.S. Government for export purposes.
Most browsers support 40-bit SSL sessions, and the latest
browsers enable users to encrypt transactions in 128-bit
sessions. 128-bit encrypted messages are 309,485,009,821,345,068,724,781,056
times harder to break than 40-bit messages. Thus, it would
take the same technology used to crack the RSA 40-bit
message 1 trillion x 1 trillion years to crack a 128-bit
message. That's several trillion times longer than the
age of the Earth.
return to top
|
Q.
A. |
How do 128-bit SSL Global
Server IDs protect transactions?
128-bit SSL Server IDs are virtually unforgeable: the
cryptographic keys contained within them are almost unbreakable.
VeriSign sells Global Server IDs only to legitimate businesses
that are capable of authenticating their identity to VeriSign
and of meeting meet the necessary U.S. government qualifications.
VeriSign's thorough authentication procedures help to
ensure that 128-bit SSL Global Server IDs cannot be obtained
under false pretenses. And VeriSign's lifecycle services
for monitoring the status of Server IDs help you ensure
that you keep your Server ID - and your site's security
- up to date.
return to top
|
Q.
A. |
What Web server software
works with 128-bit SSL Global Server IDs?
The server on which the 128-bit SSL Global Secure Site
ID can run server software from any non-U.S. software
vendor, or software from a U.S. software vendor properly
classified by the U.S. Department of Commerce, including:
- BEA WebLogic
- C2Net Apache Stronghold
- Compaq/tandem iTP Webserver
- Covalent
- Hewlett Packard Virtual Vault (with Netscape Enterprise)
- IBM http Server/Webphone 1.3.3.1 and 1.3.6
- Lotus Domino 4.6.2 and later
- Microsoft IIS 3.0 and later
- Nanoteq Netseq server
- Netscape Suite Spot servers, 3.0 or later, including
Netscape Enterprise 3.0+ and Netscape Proxy Server
3.0 or later, 2.0
- O'Reilly WebSite Pro 2.5 and up
- Tandem
- Zeus
return to top
|
Q.
A. |
What Web browsers are compatible
with 128-bit SSL Global Server IDs?
Customers or users connecting to the Web server should
have a compatible client application to take advantage
of the security facilitated by 128-bit SSL Global Server
IDs:
- Microsoft Internet Explorer 4.0 or later
- Microsoft Internet Explorer 3.02 (Windows NT 4.0+
only) with a special patch or later
- Netscape Navigator 4.06 or later
- Microsoft Money 98
- Intuit Quicken
return to top
|
Q.
A. |
What if visitors to my
site are not using a compatible Web browser?
They will need to upgrade. Both Microsoft and Netscape
make their latest browser versions available free on their
Web sites.
return to top
|
Q.
A. |
What is Server Gated Cryptography
(SGC)? What is the relationship between SGC and this program?
Server Gated Cryptography (SGC) is Microsoft's name for
the entire set of technologies that enable strong encryption
when an appropriately configured server encounters an
appropriately configured client. Part of the SGC technology
involves the use of special digital certificates by Microsoft
IIS servers. VeriSign's 128-bit SSL Global Server IDs
for Microsoft fulfill the role of the SGC special digital
certificates.
return to top
|
How to Qualify to Purchase 128-bit SSL Global Server IDs
with Secure Site Pro or Commerce Site Pro
Q.
A. |
Why must my organization
qualify to purchase a 128-bit SSL Global Server ID?
The U.S. Government determines the categories of companies
that can implement the powerful encryption technology
included with Global Site solutions outside the U.S. and
across U.S. borders. However, new regulations issued by
the U.S. Department of Commerce's Bureau of Export Administration
(BXA) make 128-bit SSL Global Server IDs included with
Secure Site Pro or Commerce Site Pro solutions available
to a wider group of customers than ever before. (See the
following question and answer to determine if your organization
qualifies to purchase.)
return to top
|
Q.
A. |
What categories of customers
may obtain a 128-bit SSL Global Server ID for their sites?
New regulations issued by the U.S. Department of Commerce's
Bureau of Export Administration (BXA) allow any company
or organization around the world to purchase a Global
Server ID, with the following exceptions:
- Persons listed on the U.S. Government's Denied Person's
List
- Customers located in the following countries:
- Afghanistan (Taliban-controlled areas)
- Cuba
- Iran
- Iraq
- Libya
- North Korea
- Sudan
- Syria
return to top
|
Q.
A. |
Are there any countries
in which 128-bit SSL Global Server IDs may not be used?
Yes: according to U.S. government regulations, customers
in the following countries are not eligible to purchase
128-bit SSL Global Server IDs:
- Afghanistan (Taliban-controlled areas)
- Cuba
- Iran
- Iraq
- Libya
- North Korea
- Sudan
- Syria
return to top
|
How to Enroll for and Purchase 128-bit SSL Global Server
IDs with Secure Site Pro or Commerce Site Pro
Q.
A. |
What information must a
foreign organization submit to VeriSign to get a 128-bit
SSL Global Server ID?
- The institution must first register a domain
name with InterNIC or appropriate domain registry.
An example domain name would be samplebank.co.uk.
- The institution must then generate a Certificate
Signing Request using their Web Server software
(Note: please complete steps 1 and 2 of the enrollment
process before generating your CSR). Instructions
for generating
a CSR are provided in the VeriSign enrollment
pages.
- The institution must then submit its CSR,
along with other information, to VeriSign as part
of the 128-bit SSL Global Server ID enrollment process.
- As part of the enrollment process, the institution
will be asked to provide information that establishes
its corporate identity and that establishes that the
institution is not a Government End User based
on the U.S. Commerce Department definition. For most
institutions, the easiest way to do this is to provide
VeriSign with a Dun & Bradstreet D-U-N-S
number. Almost all institutions, foreign and domestic,
have a DUNS number. By visiting www.dnb.com, you can
look up your DUNS number. VeriSign's enrollment page,
step 2, provide links for looking up DUNS numbers
and obtaining free DUNS numbers.
- If the organization does not have a valid Dun &
Bradstreet DUNS number, you will be asked to submit
documents demonstrating that the organization
has been legally authorized by your state, provincial,
or national government to transact business under
the organization name appearing in the ID request.
IMPORTANT NOTE: Documents submitted in lieu of a D&B
number must be translated into English: this will
enable VeriSign to process your enrollment and purchase
as quickly and efficiently as possible.
- As part of the enrollment process, the institution
will be asked to agree to the VeriSign Global
Server ID Subscriber Agreement. Among other
things, this agreement is declaration that you meet
the U.S. Commerce Department definitions of a permitted
institution, and that you will not use the Web server
software or the Server ID for illegal purposes.
- VeriSign will then perform its standard background
check to determine that the institution meets issuance
requirements. VeriSign will then issue the Global
Server ID.
return to top
|
Q.
A. |
What information must a
U.S. company submit to VeriSign to obtain a 128-bit SSL
Global Server ID?
- The company must first register a domain name
with the InterNIC or appropriate domain registration
agency. An example domain name would be verisign.com.
- The company must then generate a Certificate
Signing Request using their Web server software
(Note: please complete steps 1 and 2 of enrollment
before generating your CSR.) Instructions for generating
a CSR are provided in the VeriSign enrollment pages.
- The company will submit its CSR, along with
other information, to VeriSign as part of the Global
Server ID enrollment process.
- As part of the enrollment process, the company will
be asked to provide information that establishes
its corporate identity and that establishes that the
company, organization, university, or government institution
was formed within the United States. For most
U.S. organizations, the easiest way to do this is
to provide VeriSign with your Dun & Bradstreet
D-U-N-S number. Almost all U.S. companies, universities,
and government agencies have a DUNS number. During
enrollment, VeriSign will provide you with an opportunity
to look up your DUNS number or register for one for
free. If you do not have a DUNS number, and do not
wish to obtain a DUNS number, you will be asked to
submit documents, such as a business license, articles
of incorporation, or SEC filings, that establish your
corporate identity.
- As part of the enrollment process, you will be asked
to agree to the VeriSign Global
Server ID Subscriber Agreement. Among other
things, this agreement is a declaration that you acknowledge
that the use of the Global Server ID is an export-regulated
activity, and that you are responsible for using the
Global Server ID in a manner consistent with applicable
U.S. export regulations .
- VeriSign will then perform its standard background
checks to determine that the U.S. company meets issuance
requirements. VeriSign will then issue the Global
Server ID. No special actions are necessary for any
U.S. company to obtain the necessary server software
(see above for a list of acceptable types of server
software). Your end-users can freely download the
export versions of the Microsoft and Netscape browsers,
as well as any necessary patches, from the appropriate
Microsoft and Netscape Web sites.
return to top
|
Q.
A. |
Must 128-bit SSL Global
Site solution customers submit information to any U.S.
government agencies?
No. You simply need to complete the appropriate paperwork
with VeriSign. VeriSign and its server partners periodically
report to BXA on the distribution of Global Server IDs
under export licenses.
return to top
|
Q.
A. |
How long will it take for
VeriSign to issue the Global Server ID included with Secure
Site Pro or Commerce Site Pro after all the necessary
information has been submitted?
If you submit all the necessary information, your enrollment
will take five to seven working days for customers outside
the U.S. and Canada, or two days for U.S. and Canadian
customers. This time is necessary for VeriSign to verify
the information you submit, which in turn allows you to
assure your customers that your identity has been thoroughly
authenticated.
return to top
|
Q.
A. |
What if I already have
a VeriSign 40-bit SSL Secure Server ID (included with
Secure Site and Commerce Site Services)? Can I upgrade
to a Secure Site Pro or Commerce Site Pro Service with
a 128-bit SSL Global Server ID?
Global Server IDs enable SSL. Therefore, you may replace
your existing VeriSign Secure Server ID with a Global
Server ID. Because older browsers are not compatible with
Global Secure Site IDs and SGC technology, many of our
customers choose to maintain two sets of pages: one secured
with a regular Secure Site ID, and one secured with a
Global Server ID. (VeriSign does not currently offer a
discount to customers upgrading from Secure Server IDs
to Global Server IDs.
return to top
|
For product support and services backed by WISeKey,
contact us:
By phone: 00 41 22 929 57 57
By e-mail: info@wisekey.ch
Or visit www.wisekey.com
Top of Page >>
|
|
