I have a question about the whole pgp/certificate. I am new at this so bear with me. The $100 one time fee is just a fee to set up a cert that you buy separately? If i want to have Credit card orders emailed to me, will a certificate do fine for encryption? Or do i have to get PGP also or is PGP used for extra, extra protection??!

www.scarefactoryinc.com (http://www.scarefactoryinc.com) coming soon.....

[nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp]Sean

The SSL certificate allows your site to utilize the SSL layer. This encrypts the data going from the web browser to the server, making it very secure. This does *not* encrypt anything beyond that - it is up to you to use PGP or another encryption method for the "behind the scenes" portion, such as emailing the info to you...

The certificate is simply a way of verifying to the user (and their browser) that your site has been approved by Verisign or Thawte for handling secure transactions, and it technically has nothing to do with the encryption itself... basically it just lets the browser show the lock icon to the user :)

What you do with the order once you (your scripts) receive it is up to you, though I recommend PGP encrypted email...

Hope this helps.

------------------
Justin Nelson
FutureQuest Support

Helps out alot!! Thank you...

so for full protection you need a certificate and PGP. Now which program from pgp would be best suited for server secure email? i noticed they had many different PGP programs on their site. And are they hard to set up?

[nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp] Sean

[nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp]

For the server side, PGP is already for you to use here at FutureQuest. For information on setting up PGP, see:

http://www.rsmarketing.com/pgp/fq/fqsetup.html

For the client side, you will need to purchase this. NAI and Macafee must have the absolute WORST website on the Net for actually finding or buying anything they offer. This is one of those companies that succeed in spite of themselves. :)

Try this link:

http://store.mcafee.com/category.asp?CatID=5&CategoryLevel=1&t=3%3A28%3A48+PM

It should work until they move it.

Rich

hey Rich,
[nbsp][nbsp] Thanks for answering..[nbsp][nbsp]I'll probably order the Mcafee PGP personal privacy software.[nbsp][nbsp]

[nbsp]One last question (hopefully),[nbsp][nbsp]Is the SSL $100 to set up plus $125 for the thwarte cert ..[nbsp][nbsp]or just $100 for everything setup and running?[nbsp][nbsp]

[nbsp]Sean

The $100 SSL setup is for the setup of the cert only. In addition you must also purchase the cert (Thawte or Verisign) separately.

Rich

If I want to collect info into a form using SSL and then use PGP to e-mail out the data do I need my own cert, or can I use the futurequest shared cert?[nbsp][nbsp]Rich, your documentation says I need my own cert (or maybe I'm justed confused).[nbsp][nbsp]Thanks.

If I want to collect info into a form using SSL and then use PGP to e-mail out the data do I need my own cert, or can I use the futurequest shared cert? At this time, you would need your own private cert. This is due to the fact that the shared certs do not run with sufficient permissions to access the PGP files located within your virtual domain. We are currently working on a solution that would allow PGP to be run under a shared cert. However, at this time, I cannot promise when this solution will become a reality since there are several technical SSL/cert/permission issues that will need to be resolved and implemented. Because of this, PGP Form Mail (and any other PGP usage) requires a private cert.

Rich

[This message has been edited by Rich (edited 12-29-99@01:31 am)]

Hmmm, thanks for the speedy reply.[nbsp][nbsp]Would the answer be any different if I were willing to save the form data to a disk file before e-mailing?[nbsp][nbsp]I'm just looking to experiment at this point, and for me there is a big difference between $50 and $225-450 out of pocket.

Would the answer be any different if I were willing to save the form data to a disk file before e-mailing? I'm not too sure what your question is asking. You can't save the data to a disk file because it would not be encrypted which is the whole point of emailing it in the first place. And you can't save it to a disk file encrypted without using PGP which brings us back to the start of this thread discussion. :)

Rich

Hmmm.[nbsp][nbsp]I guess I wasn't clear.[nbsp][nbsp]I was thinking I could save the form info to a disk file, PGP mail it out and then delete the disk file.[nbsp][nbsp]Having the info in a deleted disk file would be an OK risk for what I currently want to do.

Sean,
Did you consider the alternative of outsourcing the CC acceptance? That puts the burden of the encryption and the Cybercash on the outsourcer's side (you never have to see the CC number). There are many alternatives that are cheaper than what you were discussing using these services. When your volume get high you could always switch to a local solution.

Check the thread with JoeRT to see some of the alternatives that are out there. I've used ibill and CCNow but I've also heard good things about plugnpay (from a web developer colleague).

Cheers,
James (turnkey)

------------------
http://www.turnkey-commerce.com

I have thought about that, but i will be setting up accounts and need the credit card # of file for future orders..Well, if i can set that up. Might need MySQL/PHP for that. Me and my webmaster are still in the newbie stage on the e-commerce side of it. Web page design is not problem. Guess reading up on things is the only way to learn. And of course, here!!!
Know any e-commerce experts that can help us out in setting up my web page for online ordering??

Sean

www.scarefactoryinc.com (http://www.scarefactoryinc.com)

Sean,

"Plugnpay remote" may be what you need.

I noticed that they do keep the CC info on file for future reuse (and it's off your server which is good for security).

Here is their URL:

http://www.plugnpay.com/

As I mentioned before I haven't used them but I have a colleague who does for E-zine subscriptions and he does like them.

I also do web programming (Perl, C++, JavaScript, Coldfusion, etc - but not PHP yet :( ) so let me know if you'd like help with some of these things, or would like help integrating one of the less-expensive packages such as the Webware Merchant Order form.

Cheers,
James Culbertson (turnkey)


------------------
http://www.turnkey-commerce.com

Just a note: the link provided by Rich in message 3 or 4 of this thread, to the McAfee online purchasing system for PGP? Worked, all these months later. Nevermind that I used it and the servers are all too stressed to send the )#&$^! thing to me...

Anyway, another place (that I can't recommend since I've never actually purchased there) that has PGP for sale as a downloadable, is http://www.digitalriver.com/dr/v2/ec_MAIN.Entry10?SP=10023&PN=1&V1=250646&xid=20539 (Which is the Soft4u.com purchase site)[nbsp][nbsp]No idea if that URL will survive as long as the McAfee one, but it's an option. :)