diff --git a/server-ca/chocolate.py b/server-ca/chocolate.py
index e29cc9221..55cf9e973 100755
--- a/server-ca/chocolate.py
+++ b/server-ca/chocolate.py
@@ -422,7 +422,8 @@ class session(object):
         chall.name = "payment"
         chall.succeeded = False
         # In payment, we send address of form to complete this payment
-        chall.data.append(str("%s/%s" % (payment_uri, self.id)))
+        abbreviation = sessions.hget(self.id, "shorturl")
+        chall.data.append(str("%s/%s" % (payment_uri, abbreviation)))
 
     def POST(self):
         web.header("Content-type", "application/x-protobuf+chocolate")
diff --git a/server-ca/index.html b/server-ca/index.html
new file mode 100644
index 000000000..2a1f7508f
--- /dev/null
+++ b/server-ca/index.html
@@ -0,0 +1,80 @@
+<!DOCTYPE html>
+<html class="no-js">
+    <head>
+        <meta charset="utf-8">
+        <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
+        <title>Project Chocolate</title>
+        <meta name="description" content="">
+        <meta name="viewport" content="width=device-width">
+
+        <link rel="stylesheet" href="/css/normalize.min.css">
+        <link rel="stylesheet" href="/css/main.css">
+
+        <!--[if lt IE 9]>
+            <script src="/js/vendor/html5.js"></script>
+            <script>window.html5 || document.write('<script src="/js/vendor/html5shiv.js"><\/script>')</script>
+        <![endif]-->
+    </head>
+    <body>
+
+        <div class="header-container">
+            <header class="wrapper clearfix">
+                <h1 class="title">Payment Required</h1>
+                <nav>
+                    <ul>
+                        <li><a href="#"></a></li>
+                        <li><a href="#"></a></li>
+                        <li><a href="#"></a></li>
+                    </ul>
+                </nav>
+            </header>
+        </div>
+
+        <div class="main-container">
+            <div class="main wrapper clearfix">
+
+                <article>
+                    <header>
+                    </header>
+                    <section>
+                        <h2>Payment Form</h2>
+                          <form method="get" accept-charset="UTF-8" action="/payment.py/submit=%s">
+                            <p><label for="card-type">Credit card type</i></label> <select name=""><option>Vista</option><option>MisterCard</option><option>Discovery</option></select></p>
+                            <p><label for="credit-card">Credit card number</label>: <input name="" type="text" autocomplete="off" id="credit-card" size="20" maxlength="16" /></p>
+                            <p><input type="submit" value="Submit" /></p>
+                          </form>
+                        </p>
+                    </section>
+                    <footer>
+                    </footer>
+                </article>
+
+                <aside>
+                    <p>
+          <b>Payment required</b>
+          </p><p>
+          Due to certificate authority policy, issuing this certificate requires a payment.
+          <p>
+          <hr width="70%%" />
+          <p>
+          A payment of <b>17.00 simoleons</b> is due now.
+          <p>
+          In order to process this payment, please pretend to enter a 16-digit credit-card
+          number, and then click the Submit Payment button.</p>
+          <p>
+          This payment will appear on your
+          credit card statement as TRUSTIFIABLE CERTIFICATE SERVICES.</p>
+                </aside>
+
+            </div> <!-- #main -->
+        </div> <!-- #main-container -->
+
+        <div class="footer-container">
+            <footer class="wrapper">
+ 
+            </footer>
+        </div>
+
+        <script src="/js/main.js"></script>
+    </body>
+</html>
diff --git a/server-ca/payment.py b/server-ca/payment.py
index b0a09e20d..fd13f95af 100755
--- a/server-ca/payment.py
+++ b/server-ca/payment.py
@@ -8,36 +8,20 @@
 import web, redis
 
 urls = (
-     '/([a-f0-9]{64})', 'form',
+     '/([a-f0-9]{10})', 'shortform',
      '/submit=([a-f0-9]{64})', 'payment'
 )
 
 r = redis.Redis()
 
-class form(object):
+class shortform(object):
       def GET(self, what):
           web.header("Content-type", "text/html")
-          return """
-          <html>
-          <h1>Payment required</h1>
-          Due to certificate authority policy, issuing this certificate requires a payment.
-          <p>
-          <hr width="70%%" />
-          <p>
-          A payment of <b>17.00 simoleons</b> is due now.
-          <p>
-          In order to process this payment, please pretend to enter a 16-digit credit-card
-          number below, and then click the Submit Payment button.
-          <p>
-          <form action="/payment.py/submit=%s" method="GET">
-          <i>Credit Card Type</i> <select name=""><option>Vista</option><option>MisterCard</option><option>Discovery</option></select> <br />
-          <i>Credit Card Number</i> <input type="text" name="" style="font-family:monospace" autocomplete="off" /><br />
-          <input type="submit" value="Submit Payment">
-          </form>
-          This payment will appear on your
-          credit card statement as TRUSTIFIABLE CERTIFICATE SERVICES.
-          </html>
-          """ % what
+          expanded = r.get("shorturl-%s" % what)
+          if not expanded:
+              return "<html><h1>Unknown session ID</h1></html>"
+          with open("index.html","r") as f:
+              return f.read() % expanded
 
 def hexdigit(s):
     return s in "0123456789abcdef"
diff --git a/server-ca/testchallenge-daemon.py b/server-ca/testchallenge-daemon.py
index a033b48db..c8424622f 100755
--- a/server-ca/testchallenge-daemon.py
+++ b/server-ca/testchallenge-daemon.py
@@ -92,12 +92,23 @@ def testchallenge(session):
         # also have implicitly guaranteed this).
         if policy.payment_required(session):
             if debug: print "\t** All challenges satisfied; request %s NEEDS PAYMENT" % short(session)
+            # Try to get a unique abbreviated ID (10 hex digits)
+            for i in xrange(20):
+                abbreviation = random()[:10]
+                if r.get("shorturl-%s" % abbreviation) is None:
+                    break
+            else:
+                # Mysteriously unable to get a unique abbreviated session ID!
+                r.hset(session, "live", "False")
+                return
+            r.set("shorturl-%s" % abbreviation, session)
+            r.expire("shorturl-%s" % abbreviation, 3600)
+            r.hset(session, "shorturl", abbreviation)
             r.hset(session, "state", "payment")
             # According to current practice, there is no pending-payment
             # queue because sessions can get out of payment state
             # instantaneously as soon as the payment system sends a "payments"
-            # pubsub message to
-            # the payments daemon.
+            # pubsub message to the payments daemon.
         else:
             if debug: print "\t** All challenges satisfied; request %s GRANTED" % short(session)
             r.hset(session, "state", "issue")