CM-CIC Paiement: certificate replacement
CM-CIC Paiement informs its customers that there will be a server certificate replacement on January 24 and 26, 2012. It concerns thet certificate installed on the bank website;
It impacts all e-commerce websites using the bank website for their credit card transactions. The client modul (on the traiding site) has to recognize the new certification chain of the bank.
Example: if you are using PHP with CURL functions, the CURL library checks that the bank server certificate has been issued by a trustworthy authority, pre-approved by you or by your hosting company.
It is then necessary to make sure your HTTPS client installed on your server, recognized VeriSign Class 3 Public Primary Certification Authority - G5 as a trustworthy root.
The vetting is not trivial. Indeed, CM-CIC Paiement does not provide a test website and directs to a VeriSign website using an other root certificate. If you test with this site, you'll get a positive result that does not guarantee it'll work with the bank!
If you are a TBS internet customer, contact us on quentin.help@tbs-internet.co.uk (with your request reference) to get the name of the website on which you'll be able to test your HTTPS client.
Reminder: an e-commerce website must secure its users personal data just like their credit card information: login, password, postal address... It requires a SSL certificate on the account management pages.Securing the payments is mandatory but not enough.