iTP Secure WebServer System Administrator's Guide (iTPWebSvr 5.1+)
Configuring for Secure Transport
iTP Secure WebServer System Administrator’s Guide—522659-001
4-6
Support for International 128-Bit SSL Sessions
Using VeriSign’s Global Server ID
Global Server IDs allow you to conduct a variety of secure transactions using 128-bit
SSL encryption. At the time of this publication, such transactions include the following
(for specific and up-to-date information about restrictions regarding Global Server ID
use, see the Verisign web page listed below):
•
Financial institutions can provide secure online banking and other financial services
to their customers inside and outside the United States
•
Companies can communicate with browsers and other clients that support the use of
Global Server IDs inside the United States and Canada
•
Companies can communicate with employees, subsidiaries, partners, and specific
customers outside the United States and Canada who use browsers and other clients
supporting Global Server IDs
Several export versions of browsers are now equipped to enable strong encryption when
they encounter a Global Server ID. For example, the international version of Netscape
Communicator (4.0 and above) supports 128-bit SSL encryption on a per-session basis
when it is used in transactions with an iTP Secure WebServer that presents a valid
Global Server ID. In this case, Netscape Communicator switches from 40-bit to 128-bit
SSL encryption for the current transaction with that particular iTP Secure WebServer.
Because key lengths longer than 40 bits are generally considered to provide strong
encryption (a 128-bit encrypted message is more difficult to break than a 40-bit message
by 309,485,009,821,345,068,724,781,056 times), the Global Server ID allows your
visitors worldwide to conduct secure transactions through your server. Additionally, the
Global Server ID assures your visitors of your site's legitimacy.
At the time of this publication, the browsers and other clients that support the use of the
Global Server ID are as follows:
•
Microsoft Internet Explorer 4.0 or later, or 3.02 or later with a special patch
•
Netscape Navigator 4.0 or later
•
Microsoft Money 98
•
Intuit Quicken
Global Server IDs are available to eligible financial institutions, companies,
organizations, universities, and government agencies in the United States. For specific
and up-to-date information about restrictions regarding Global Server ID use, see the
following Verisign web page:
http://digitalid.verisign.com/server/global/help/miscGlobalFAQ.htm
For Global Server ID enrollment information, go to the following VeriSign web page:
http://digitalid.verisign.com/server/global
To use VeriSign’s Global Server ID with the iTP Secure WebServer, obtain a Global
Server ID for the server and install it just as you would a regular certificate. See Using
the Keyadmin Utility to Manage Keys and Certificates below for information about
obtaining and installing certificates.