SSL/PGP Secure Services

We offer secure SSL/PGP services for merchants wishing to accept online credit card orders via a standard web form. To make use of this service, a client should first have a merchant account with a local bank or merchant services company. As a US$9 per month option (no extra charge for Virtual Server Pro accounts), we provide SSL web services, and automatic PGP encryption of form data. A US$25 one-time setup fee applies to all account levels.

Using our secure services option, you may easily secure the information entered into a form at your web site, using any CGI form script. Our automatic PGP encryption system sends an email "receipt" with each form submission, informing the merchant of success or failure. This provides end-to-end security for credit card sales orders.

A web form is considered secure when the form output is sent from a SSL (Secure Sockets Layer) compatible browser to a web server that understands SSL. A second step is needed to safely transmit the data from the web server to the merchant. A web hosting provider should provide a convenient and secure way to transfer the customer's order information from the web server to the off-site merchant. If order form contents are transported from the web server to the merchant using regular (plaintext) email, the web form that is represented to the visitor as "secure" is not really secure at all. PGP (Pretty Good Privacy) is a very convenient way to provide this security using standard Internet email and a standard web form.

To obtain a license for the commercial use of PGP, software should be purchased from PGP Corporation products such as PGP Personal. This software can integrate the process of decrypting email messages with mailers such as MS Outlook/Outlook Express & Eudora. Be sure to check the product specifications for compatibility with the email software used at the merchant site. Your PGP software must be capable of using keys based on RSA encryption (now referred to as "RSA Legacy" encryption)

Important Note:
Using our standard secure services option, secure documents are served using the Clearlight Communications digital certificate, and are called with a "clearlight.com" URL (for example "https://www6.clearlight.com/username/secure-document.html). Modern browsers will compare the domain name of the server's digital certificate with the domain name of the URL, and display a warning message if they are different. This prevents the use of a URL such "https://www.yourdomain.com/secure-document.html" unless the client obtains a digital certificate for use with the domain name.

Virtual Server clients may purchase their own digital certificate through through Clearlight Communications starting at $99 per year. If purchased through Clearlight, we will host your digital certificate at no extra cost (a one-time setup charge of $95 would apply).

Getting Started with PGP

To provide for transferring your customer credit card information in a safe manner, you will generate a PGP secret and public key pair. Before we can set up your secure services, we will ask that you send a PGP public key (1024-bit, "RSA legacy" encryption). Orders captured by your secure online forms can be safely and securely emailed to you via automatic PGP encryption using the key you provide.