Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Another Certificate question
Special Forums Cybersecurity Another Certificate question Post 302912035 by Perderabo on Tuesday 5th of August 2014 11:04:45 AM
Old 08-05-2014
In the first case, Verisign has given a certificate to SomeSmallerCA. If you trust Verisign, you can be sure that you are talking to SomeSmallerCA. This does not mean that Verisign assures you that SomeSmallerCA knows what they are doing. So in the first example you have to trust that SomeSmallerCA has verified that example.com is who they say they are. The Verisign certificate only guarantees that you are talking to SomeSmallerCA.

In the second example Verisign is saying that they did an extended validation. There are two levels of validation and "extended" is the better of the two. I'm not sure of the details.
 

10 More Discussions You Might Find Interesting

1. Forum Support Area for Unregistered Users & Account Problems

Unix Certificate

TO WHOM IT MAY CONCERN: I am Ayanda Fuzile, I would like to request my UNIX Certificate, I completed my course in 2000. My email adress is removed, my postal adress is also removed. Kind Regards, Ayanda Fuzile (1 Reply)
Discussion started by: afuzile
1 Replies

2. UNIX for Advanced & Expert Users

decryption using digital certificate

A client application is encrypting a text using private key and sends through socket. My application(server written in c/c++,unix) receives the chiper-text through socket. I have client's digital certificate. now, how do I decrypt(may be using openssl library) this ciper-text using client's... (1 Reply)
Discussion started by: johnbach
1 Replies

3. Web Development

SSL certificate

Dear All Anyone know how to issue two different certification on apache virtualhost fyi i have one virtualhost eg 69.192.1.25:443 already signed with verisign how can i configure another virtualhost 69.192.1.25:443 which signing with another certificate which self signing. i search net not... (1 Reply)
Discussion started by: netxus
1 Replies

4. Cybersecurity

SSL certificate

Hi guys. I have some questions about ssl certificates. I looked at SSL providers and saw that they are providing 2 types of certificates: per server or per domain. my server host name is: srv1.example.com I have a smtp, imap, web server on this box. but all services accessed by different... (1 Reply)
Discussion started by: majid.merkava
1 Replies

5. UNIX for Dummies Questions & Answers

Is it possible to extract a certificate chain?

Hi all! I wanted to look at the key length of a certificate chain we have. When I do the conventional export command using keytool I will only get the end user cert. keytool -export -alias aliasname -file filename.cer -keystore keystorename The above code will only give me the end user... (2 Replies)
Discussion started by: Keepcase
2 Replies

6. Cybersecurity

question about certificate for domain

Hi, I would like to know if certificate for mydomain.com would work as well for www.mydomain.com and for all subdomain of example.com? I ask this because I want to buy a certificate and I was not what domain should I ask the certificate for? (0 Replies)
Discussion started by: programAngel
0 Replies

7. Cybersecurity

SSL Certificate Stores

Hey everyone, I'm trying to get a lay of the land for OS and Application Certificate Stores. Can someone confirm that I have this concept right? If the application you're using say Firefox has it's own trusted CA store, it uses that exclusively. So if you're running firefox in Windows, Firefox... (4 Replies)
Discussion started by: Lost in Cyberia
4 Replies

8. HP-UX

Sendmail TLS and Certificate?

We are running HP-UX 11v1 and are about to upgrade sendmail to 8.13.3 to allow support for TLS. Enabling TLS seems pretty straightforward, but I'm wondering if an SSL certificate is required for this. Our MS Exchange server does use a certificate. Do I need to arrange for a public certificate to... (3 Replies)
Discussion started by: jduehmig
3 Replies

9. UNIX for Advanced & Expert Users

Does vsftpd support user access with client certificate with priv/pub key + vsftpd certificate?

:rolleyes:I am trying to setup all certificate based client-server environment in Linux using vsftpd and curl with openssl. I would like to make a user access with vsftpd certificate and user own client certificate (self-signed) with private/public key. I don't see google posts about the my plan... (4 Replies)
Discussion started by: gogogo
4 Replies

10. Shell Programming and Scripting

Grep from a certificate

I can view the openSSL certifcate with this command openssl x509 -text -in myCertificate.pem I just wanted to see when the cert will expire only. The line which I want to read is, Not After : Jul 28 14:09:57 2015 GMT I tried using the grep command but it doesn't display anything. grep... (1 Reply)
Discussion started by: Loc
1 Replies

LEARN ABOUT DEBIAN

vend::payment::signio

Vend::Payment::Signio(3pm)				User Contributed Perl Documentation				Vend::Payment::Signio(3pm)

NAME

       Vend::Payment::Signio - Interchange support for Payflow Pro SDK versions 2 and 3

WARNING
: THIS MODULE IS DEPRECATED!
       Please note that PayPal purchased the Payflow Pro business from Verisign, and this payment module is expected to stop functioning in
       September 2009, as it uses the v2/v3 pfpro SDK that will no longer be supported. Details are here:

	https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/library_download_sdks
	http://www.pdncommunity.com/pdn/board/message?board.id=payflow&thread.id=5799

       It is strongly recommend that you switch to using Vend::Payment::PayflowPro as soon as possible, and stop using this module.

SYNOPSIS

	   &charge=signio

	       or

	   [charge mode=signio param1=value1 param2=value2]

PREREQUISITES

       Verisign/Signio Payflow Pro, Version 2.10 or higher

VERISIGN SOFTWARE SETUP

       Verisign's interface requires a proprietary binary-only shared library; thus you must download the appropriate package for your platform
       from Verisign.  On Linux, the archive you download is pfpro_linux.tar.gz. It includes documentation you should consult. Here's a brief
       installation guide for someone using Linux with root access:

       o   Copy the payflowpro/linux/certs directory to VENDROOT, your Interchange root directory (perhaps /usr/lib/interchange or
	   /usr/local/interchange). This contains a single file with the client SSL certificate required to authenticate with Verisign's https
	   server.

       o   Install payflowpro/linux/lib/libpfpro.so somewhere on your system fit for shared libraries, such as /usr/lib, or else in VENDROOT/lib.

       o   Build the PFProAPI.pm Perl module:

	   o   cd payflowpro/linux/perl

	   o   If you installed libpfpro.so somewhere other than in a standard location for shared libraries on your system, edit line 6 of
	       Makefile.PL, so that "-L." instead reads "-L/path/to/libpfpro.so" with the correct path.

	   o   perl Makefile.PL && make && make test

	   o   As root, make install

       Using PFProAPI.pm is the best way to interact with Payflow Pro. However, if you can't get it to work for whatever reason, you may also use
       either of two small wrapper binaries, pfpro and pfpro-file, designed to be called from the shell. Interchange must fork and execute the
       binary, then retrieve the Verisign response from a temporary file. This module will automatically fall back to using one of them if it
       can't find PFProAPI.pm when Interchange is started.

DESCRIPTION

       The Vend::Payment::Signio module implements the signio() payment routine for use with Interchange. It is compatible on a call level with
       the other Interchange payment modules.

       To enable this module, place this directive in interchange.cfg:

	   Require module Vend::Payment::Signio

       This must be in interchange.cfg or a file included from it.

       NOTE: Make sure CreditCardAuto is off (default in Interchange demos).

       The mode can be named anything, but the "gateway" parameter must be set to "signio". To make it the default payment gateway for all credit
       card transactions in a specific catalog, you can set in catalog.cfg:

	   Variable   MV_PAYMENT_MODE  signio

       It uses several of the standard settings from Interchange payment. Any time we speak of a setting, it is obtained either first from the
       tag/call options, then from an Interchange order Route named for the mode, then finally a default global payment variable. For example, the
       "id" parameter would be specified by:

	   [charge mode=signio id=YourPayflowProID]

       or

	   Route signio id YourPayflowProID

       or with only PayflowPro as a payment provider

	   Variable MV_PAYMENT_ID      YourPayflowProID

       The active settings are:

       id  Your account ID, supplied by VeriSign when you sign up.  Global parameter is MV_PAYMENT_ID.

       secret
	   Your account password, selected by you or provided by Verisign when you sign up.  Global parameter is MV_PAYMENT_SECRET.

       partner
	   Your account partner, selected by you or provided by Verisign when you sign up. Global parameter is MV_PAYMENT_PARTNER.

       vendor
	   Your account vendor, selected by you or provided by Verisign when you sign up. Global parameter is MV_PAYMENT_VENDOR.

       transaction
	   The type of transaction to be run. Valid values are:

	       Interchange	   Payflow Pro
	       ----------------    -----------------
		   sale 	       S
		   auth 	       A
		   credit	       C
		   void 	       V
		   settle	       D (from previous A trans)

	   Default is "sale".

       The following should rarely be used, as the supplied defaults are usually correct.

       remap
	   This remaps the form variable names to the ones needed by Verisign. See the "Payment Settings" heading in the Interchange documentation
	   for use.

       host
	   The payment gateway host to use. Default is "payflow.verisign.com", and "test-payflow.verisign.com" when in test mode.

       check_sub
	   Name of a Sub or GlobalSub to be called after the result hash has been received from Verisign. A reference to the modifiable result
	   hash is passed into the subroutine, and it should return true (in the Perl truth sense) if its checks were successful, or false if not.

	   This can come in handy since, strangely, Verisign has no option to decline a charge when AVS or CSC data come back negative. See
	   Verisign knowledge base articles vs2365, vs7779, vs12717, and vs22810 for more details.

	   If you want to fail based on a bad AVS check, make sure you're only doing an auth -- not a sale, or your customers would get charged on
	   orders that fail the AVS check and never get logged in your system!

	   Add the parameters like this:

		   Route  signio  check_sub  avs_check

	   This is a matching sample subroutine you could put in interchange.cfg:

		   GlobalSub <<EOR
		   sub avs_check {
			   my ($result) = @_;
			   my ($addr, $zip) = @{$result}{qw( AVSADDR AVSZIP )};
			   return 1 if $addr eq 'Y' or $zip eq 'Y';
			   return 1 if $addr eq 'X' and $zip eq 'X';
			   return 1 if $addr !~ /S/ and $zip !~ /S/;
			   $result->{RESULT} = 112;
			   $result->{RESPMSG} = "The billing address you entered does not match the cardholder's billing address";
			   return 0;
		   }
		   EOR

	   That would work equally well as a Sub in catalog.cfg. It will succeed if either the address or zip is 'Y', or if both are unknown. If
	   it fails, it sets the result code and error message in the result hash using Verisign's own (otherwise unused) 112 result code, meaning
	   "Failed AVS check".

	   Of course you can use this sub to do any other post-processing you want as well.

   Troubleshooting
       Try the instructions above, then enable test mode. A test order should complete.

       Then move to live mode and try a sale with the card number "4111 1111 1111 1111" and a valid future expiration date. The sale should be
       denied, and the reason should be in [data session payment_error].

       If it doesn't work:

       o   Make sure you "Require"d the module in interchange.cfg:

	       Require module Vend::Payment::Signio

       o   Make sure the Verisign "libpfpro.so" shared library was available to PFProAPI.xs when you built and installed the PFProAPI.pm module,
	   and that you haven't moved "libpfpro.so" since then.

	   If you're not using the PFProAPI Perl interface, make sure the Verisign "pfpro" or "pfpro-file" executable is available either in your
	   path or in /path_to_interchange/lib.

       o   Check the error logs, both catalog and global.

       o   Make sure you set your account ID and secret properly.

       o   Try an order, then put this code in a page:

	       <XMP>
	       [calc]
		   my $string = $Tag->uneval( { ref => $Session->{payment_result} });
		   $string =~ s/{/{
/;
		   $string =~ s/,/,
/g;
		   return $string;
	       [/calc]
	       </XMP>

	   That should show what happened.

       o   If all else fails, consultants are available to help with integration for a fee. You can find consultants by asking on the
	   "interchange-biz@icdevgroup.org" mailing list.

SECURITY CONSIDERATIONS

       Because this library may call an executable, you should ensure that no untrusted users have write permission on any of the system
       directories or Interchange software directories.

BUGS

       There is actually nothing *in* Vend::Payment::Signio. It changes packages to Vend::Payment and places things there.

AUTHORS

	       Cameron Prince <cameronbprince@yahoo.com>
	       Mark Johnson <mark@endpoint.com>
	       Mike Heins <mike@perusion.com>
	       Jon Jensen <jon@icdevgroup.org>

perl v5.14.2							    2011-03-09						Vend::Payment::Signio(3pm)
All times are GMT -4. The time now is 07:05 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy