WebMoney
Ru/Eng | Help | Contacts
 
wmtransfer.com / About / WM Help Desk / WM Keeper Light / Authorization Using the Personal Certificate
Sign Up Now
News
About
Security
Fees
Statistics
WM Help Desk
Terms of Use
Contacts
Add Funds
Withdraw Funds
Partner with us
For Merchants
For Developers And Webmasters
Services
Новости
New: Skype for WebMoney in Indonesia, Vietnam and Byelorussia 
New: direct gateway between WebMoney and Yandex.Money reopened 
Top up Thai mobile phones with Webmoney 
Share and see news and events at WebMoney News Feed , RSS Feed or sign up for news alerts —

Authorization by the Personal Digital Certificate

Registration and obtaining of the personal digital certificate is possible in Microsoft Internet Explorer or Netscape and is performed at www.wmcert.com.

To start WM Keeper Light server application install the certificate and visit https://light.wmtransfer.com page.

Installation consists of the following stages:

  1. Registration and obtaining the personal certificate.
  2. Saving the personal certificate and creating a reserve copy.
  3. Installation and using the personal certificate.

The secret key, which is necessary for access to the WM-identifier, is stored in the certificate. The personal should be installed to the certificate storage.

The fundamental innovation in the security area lies in the fact that now the the critical personal data no longer need to be stored on the computer. Authorization is provided by using non-permanent session pairs: the login number and the password number, which are changed every time to enter the system and they never repeat.

Saving the personal certificate and creating its reserve copy

During the registration the certificate and the secret key, which is obtained with the certificate, are saved in the way that allows to export them from the local computer's certificate storage to create the reserve copy of the cilent's personal certificate. After the registration is finished the personal certificate should be exported, its reserve copy should be created and the certificate should be deleted from the certificate storage, because leaving the certificate in the storage in the exportable mode is undesirable. Export can be performed in "Certificates manager"(in the Internet Explorer in "Internet options", "Contents" tab, "Certificates" button). After the export you can install the personal certificate on one of your computers by clicking it.

Attention!

In order to store WM Keeper Light personal certificates safely we recommend using eToken PRO USB keys, the developer is Aladdin Knowledge Systems, Ltd.

Using eToken Pro USB keys to store personal certificates

Installation and using the personal certificate

The most acceptable variant of the personal certificate installation on the computer is the "Strong key protection" mode. This mode is turned on by checking the "Enable strong private key protection" option in the dialog that prompts for password during the personal certificate installation. In is not recommended to install the personal certificate in the exportable mode.

In the "Strong key protection" mode every time the personal certificate is accessed the dialog is shown with confimation to allow a program to use the private key. This mode will not be too burdensome, because when SSL connection is used this confirmation occurs only at the beginning. The more strict mode of accessing the private key (password prompt) is appropriate when the computer might be accessed by unauthorized users at any moment.

Attention!

After the work session with WM Keeper Light is finished it is recommended to delete the personal certificate from the certificate storage. Otherwise it can be used by those, who can gain access to your computer. In the "Strong key protection" mode with password prompt this can be quite difficult, but password protection might be insuffucient, especially when the matter concerns with access to considerable funds. The easiest way to install the certificate is to install it from the PFX file (by double-clicking the file).

WM Keeper Light installation and starting recommendations

In order to register and start WM Keeper Light the web browser is used. The connection is set up via HTTPS protocol that uses secure connection (128-bit version of SSL). Authorization of the WM Keeper Light client is performed relying on the personal certificate. The latest versions of web browsers are recommended.

Using the 128-bit SSL

  1. The browser should support SSL.
  2. SSL usage should be enabled in the browser preferences.
  3. Setting of WM Keeper Light SSL connection requires the higher security level than the one that is probably used on your computer. Therefore the 128-bit SSL update should be set up. It should be downloaded from the browser's vendor site (for Internet Explorer you can use updates from the Windows Update or IE High Encryption Pack sites).
  4. Furthermore the browser should support usage of client certificates.

Using the registration site by different browsers

For Internet Explorer you should enable starting ActiveX elements signed by publisher.

Internet Explorer for Mackintosh does not support the used ActiveX, for this reason Netscape 6 is recommended.

In Netscape the password to the certificate storage should be set. The password is set for the whole certificate storage. During registering using Netscape the generation of the personal certificate takes place and the the certificate storage is accessed in order to save the certificate (the storage password is demanded).

Using the personal certificate

To work with WM Keeper Light in IE browser the personal certificate should be installed to the certificate storage. The installation of the certificate from the file to the Microsoft Windows certificate storage is performed by double-clicking PFX file in the explorer (see the installation demo).

The personal certificate chosen to work with WM Keeper Light has an effect till the browser is closed, therefore after you finish working with the program you should close all browser windows opened by the user while working with the program.

The certificate containing only a public key (see standard PKCS #7; the default file extention is .cer) does not provide access because it's is not able to authenticate client due to the absence of a secret key, which is contained in the personal certificate (see standard PKCS #12; the default file extension is .pfx).

The certificate can be removed from the storage by using the certificate manager (in IE it is performed by clicking the "delete" button). Manager window in IE can be opened from menu item "Tools / Internet Options". Than in the IE preferences dialog choose the "Contents" tab, and than the "Certificates" button.

The existence of the WebMoney Transfer system root certificates installed in the browser is essential in order to enable the browser to operate correctly with the system sites and services. The certificates are installed automatically during the regitration. In case you have refused to install the system certificates or you want to work from the other computer you can install these certificates manually.

Attetion!

Before the personal digital certififcate given to your WM-ID expires (the period of validity is 1 year) it should be renewed/prolonged. This operation is available two weeks prior to the certificate expiry on the certificate service page. The current personal certificate for your WM-ID, which you want to renew, should be installed and you should choose it when you enter the mentioned page. Two weeks prior to the certificate expiry the system notifies that the renewal is required. The notification is sent to the mail address you have entered during the registration.
Passport.webmoney.ru
Passport.wmtransfer.com
Verification Service		 Arbitrage.webmoney.ru
Arbitrage.wmtransfer.com
Arbitration Service		 Geo.webmoney.ru
WebMoney GeoService
Geo Service		 Megastock
Megastock
Internet Resources Catalogue
Enum
Authorization System		 megastock.ru
Internet Resources Catalogueв		 credit.webmoney.ru
Credit Exchange
telepat.ru
Payments via telephoneу		 publicant.ru
Buy E-books online		 masspayment
Bulk Payments Service
capitaller.ru
Automated Budget Tool		 exchanger.ru
Automated p2p-exchange		 indx.ru
Internet Exchange
WM Banking
Bank wires in/out of the System		 digiseller.ru
Automated sales of digital products		 trust.webmoney.ru
Trust Service
paymer.ru
digital checks		 telepay.wmtransfer.com
Payments towards telecom operators online 		mail.wmkeeper.com
WebMoney Mail
security.wmtransfer.com
Security in the System		 cards.webmoney.ru
WM Debit Cards		 wm2mail.webmoney.ru
Transferring funds to e-mail
files.webmoney.ru
Secure files transfer		 education.webmoney.ru
Learning more about WM		 notify.webmoney.ru
Notification Service
Close 
The usage of WEBMONEY and WEBMONEY TRANSFER graphic logos by the site holders is authorized by trademark owners.
Copyright WebMoney © 1997-2010
Contact Us  |  Help  |  Terms of Use

For all questions mail to support@wmtransfer.com