Dear all,
I am building a website which will have payment gateway integrated to it.
Can anybody tell me how to implement SSL to process secure payment transaction between my website and that of the payment processing server.

__________________
G.A.P

Hi arun,

First You Need a SSL Certificate Arun. To get the certificate follow the steps.

1. Create a certificate request
2. Submit a certificate request
3. Issue and download a certificate.
4. Install the certificate and set up an SSL Web site.
5. Configure and test the certificate.

Once your SSL Certificate is ready for your web site, you can easily use that certificate for your payment process.

Configure those Pages as SSL pages by usign The Certificate.

Hope this is usefull to you.

__________________
H2O

Without us, no one can survive..

Can you tell me how to create a certificate request. Is this bound to any format? i mean , do we have a specified format for placing a certificate request or do u suggest any organization whom i must contact to get a certificate?

Thanks in advance

__________________
G.A.P

Hi guys,


I have heard that Win2003 Certificate Server can create a certificate which can be used in IIS like a Verisign certificate in order to create SSL sessions. I have spent 8 hours reading through the documentation and can't tell if it is true.

Has anyone here done this or know of a resource where I could find out how to do it? Just want to have https availalbe on the Web server and wanted to try the Microsoft solution if it works.

I created a request file in IIS but can't see anyway for Certificate Server to recognise it.

Any help would be appreciated!

The IIS 6.0 Resource Kit (available for download from Windows Deployment and Resource Kits) contains several valuable tools including one—selfssl.exe—which makes it very easy to create and install a self-signed SSL certificate for testing purposes.

Although the selfssl.exe tool is part of the IIS 6.0 Resource Kit and does not explicitly support earlier versions of IIS, my colleagues and I have successfully experimented with it on IIS 5.0. I have also used the makecert.exe tool to generate a self-signed x.509 certificate that can be used for testing. The MSDN Library has instructions for the makecert.exe tool at Certificate Creation Tool, but using the selfssl.exe tool is easier.


http://msdn.microsoft.com/library/en...akeCertExe.asp

__________________
The KINGMAKER
Makes Every Thing Possible

Stuffs (My Blog)

Hi BlueSky & ArunPrasad,

Yes, Certificate Server will do what you ask. It's pretty straightforward really. Just create your request file on the server for which you want the certificate. Then run Certificate Server, either on the same box or another, it doesn't matter. Certificate Server will ask for the certificate request file and then spit out a certificate. Take the certificate and install it on the targeted server.

It's not good for production, only in that you'd have to establish the certificate server on the Web (or on your intranet if you're just developing an intranet app), so that clients could verify the authenticity of the server certificate. Of course, since you are the user and the issuer of the certificate that doesn't really mean much.


Otherwise If you get the server form a hosting company, That hosting company also having the service of SSL certification thing. Think it cost few dollers per year. By using that SSL Certificate you can create the SSL session for your application.

hope usefull

__________________
H2O

Without us, no one can survive..

Thanks H2O,

So as per your reply, i can generate a certificate on my own for test purpose but i can't / shouldn't use the same test certificate when i go live / production , right?

can you help me by providing useful resource to create a test certificate on my server?. Also i have heard that verisign , godaddy etc sell SSL certificates. do i have to purchase SSL certificate from them when i go production and will these companies provide certificates for demo purpose?

Thanks in advance

__________________
G.A.P

Hi Arun,

See Microsoft's How to Configure Certificate Server for Use with SSL on IIS.

The above MSDN article gives you how to configure the Certification Server to create the SSL certification.

ya, you can buy the SSL certificate as i said in the above post.

bye.

__________________
H2O

Without us, no one can survive..

Hi,

Yes, Certification Server will do that. But there's more; Browsers come pre-configured with a list of CAs, and if you're using one of them (like VeriSign), then your users won't be annoyed by an "is it OK" challenge. With yours, they will.

A minor point, but its acceptability to your clients will depend on the kind of relationship you have with them.

The charge for a 3rd-party Cert is far less that the cost of the hours you've put in so far, I'll guess. Consider the bigger pic.

Yes Venkat,

you are right, i am ready to buy the 3rd party SSL certification to my Application while it comes to Live, But see I am a developer, i must know how to create those SSL Certification and Use it in production. That's why.

Thanks H2o the link given by u is very helpfull to me, Let me try this will come back to you with the feedback.

Thanks

__________________
G.A.P

Hi H2o,

I tried to configure the Certification Serverfor use with SSL on IIS. But I am getting the error.

error code = 57..

Do you have any idea why i am getting the error..

Pls Help Me

__________________
G.A.P

Yes.. gimme some time to look after the error and will get back to you ASAP.


Thanks,

__________________
H2O

Without us, no one can survive..

Hi

Error code 57 = Unable to set identity certificate...

Kindly recheck the configuration process for any bugs & user end errors.


Regards,

__________________
H2O

Without us, no one can survive..

This would help a lot

SSL Error Codes & Corresponding Message:

0 Everything is fine

1 Redo handshake before other things

2 Handshake loop is complete

3 An error occurred that cannot be further defined

4 An error occurred while reading

5 An error occurred in the provider. No further information is available

6 A required library is missing

7 A required library has no entry point?

8 Initialization (of whatever was being initialized, library

9 There is no memory left for the application to use

10 Can't locate your certificate.

11 Your certificate isn't in a format readable by the provider

12 You do not have permission to access the specified certificate

13 The SSL package isn't there (SChannel specific)

14 Can't work to the cipher strength required

15 The context has expired or isn't properly initialized

16 The buffer read isn't a valid SSL packet

17 The buffer read isn't a valid socks 5 packet

18 Your SSL packet has been modified illegally

19 Your SSL packet is out of sequence

20 The data received is not a complete packet

21 The server response to socks hello is bad

22 The server response to socks connect request is bad

23 We do not support the given address type

24 Send the given buffer, and terminate the communication (SChannel specific)

25 Do socks 5 server side redirection before completing handshake (SChannel specific)

26 Unable to open the specified keystore

27 Unable to find the specified identity cert

28 The socket given to a function is not of the right type (SChannel specific)

29 The socks 5 handshake broke down in an unspecified manner

30 The buffer supplied is not big enough for all the data

31 The SDK context supplied is not valid for the function called

32 The clients socks 5 hello is bad

33 The clients connect request is bad

34 The socks 5 command requested is not supported

35 The socks 5 server refuses to redirect to the required destination

36 The destination network requested is inaccessible

37 The destination host requested is unreachable

38 Connection to the destination host requested is refused

39 The TTL on the packet sent the destination host requested expired

40 The hostname could not be resolved

41 A socket could not be created

42 Connection to the host is refused

43 A close notify alert was received

44 An unexpected message alert was received

45 A bad mac alert was received

46 A decompression failure alert was received

47 A handshake failure alert was received

48 A no certificate alert was received

49 A bad certificate alert was received

50 An unsupported certificate alert was received

51 A certificate revoked alert was received

52 A certificate expired alert was received

53 A certificate unknown (untrusted) alert was received

54 An illegal parameter alert was received

55 An unknown alert was received (probably TLS alert)

56 Unable to set the CA certs verify path (OpenSSL specific)

57 Unable to set identity certificate

58 Unable to set private key

59 The common name on the ID certificate is not what was expected

60 (OpenSSL specific) a zero depth self signed cert was received

61 (OpenSSL specific) a root cert to match the identity received could not be found locally

62 (OpenSSL specific) a root cert to match the identity received could not be found at all

63 (OpenSSL specific) a self signed cert was in the chain received

64 (OpenSSL specific) unable to verify the signature on the leaf cert

65 (OpenSSL specific) unable to decode the issuers public key

66 (OpenSSL specific) unable to verify the signature on a cert

67 (OpenSSL specific) the before field in the cert is corrupt

68 (OpenSSL specific) the certificate is not yet valid

69 (OpenSSL specific) the expiry field in the cert is corrupt

70 (OpenSSL specific) the certificate has expired

71 A method called is unimplemented

72 The provider could not load any of the root certs in the keystore

73 The provider could not load some of the root certs in the keystore

74 Client authentication failed

75 The connection timed-out

76 A server certificate was revoked

77 No CRL could not be retrieved for one of the certificates

78 Revocation support is not available

__________________
H2O

Without us, no one can survive..