Thank you for using Network Associates' products. This What's New file contains important information regarding the PGP Certificate Server. Network Associates strongly recommends that you read this entire document.

Network Associates welcomes your comments and suggestions. Please use the information provided in this file to contact us.

Warning: Export of this software may be restricted by the U.S. Government.

WHAT'S IN THIS FILE

New Features
Documentation
System Requirements
Installation
Starting the PGP Certificate Server
Starting the PGP Replication Engine
Known Issues
Additional Information
Year 2000 Compliance
Contacting Network Associates

NEW FEATURES

1. New Native, Optimized Windows NT Service. This is the premier release of the PGP Certificate Server as a native Windows NT service that has been optimized for this environment. This new service provides round-the-clock, standards-based PGP certificate management and lookup services for administrators and users.
2. Easy-to-Use Remote Console Application. The new PGP Cert Server Remote Console, a native Windows NT application, gives administrators the ability to remotely monitor and manage their PGP Cert Server through an intuitive, easy-to-use interface. All communications between the console and the Cert Server is strongly authenticated and encrypted using the TLS (Transport Layer Security) protocol, thus providing a very secure foundation for remote management.
3. Improved Web-based Configuration. Administrators can conveniently manage the Cert Servers configuration from nearly any web browser. This version improves the extensive on-line help on product configuration settings. This version provides integrated support for many popular web servers including:

• Microsoft IIS 2.0 - 4.0
• Netscape Enterprise Server 3.x
• Netscape FastTrack Server 3.x
• Apache 1.3.x
Administrators can secure the communications between the web browser and the Cert Server using the native security services provided by the web server installed with the Cert Server.

4. Database Size and Performance Improvements. This version includes numerous performance enhancements and database optimizations. Certificate database size has been reduced by 20% - 30% from previous versions, due to improved certificate storage methods. This size reduction provides improved server performance; more certificates are now stored in the server's cache, less data is read from and written to the server's harddisk, and fewer transformations are needed on certificate data.

Also included with this release is the PGP Certificate Server Administrator's Guide, which can be viewed on-line as well as printed:

This document is saved in Adobe Acrobat Portable Document Format (.PDF). You can view and print the document with Adobe's Acrobat Reader. PDF files can include hypertext links and other navigation features to assist you in finding answers to questions about your Network Associates product.

To download Adobe Acrobat Reader from the World Wide Web, visit Adobe's Web site at:

http://www.adobe.com/prodindex/acrobat/readstep.html

Opening the Administrator's Guide

After installing Abobe Acrobat Reader, bring up the Windows Start Menu. Then select Programs-->Network Associates-->PGP Certificate Server-->Documentation-->Administrator's Guide. If the web server support for PGP Certificate Server is installed, the Administrator's Guide is also available through a link found on the page:

http://YOUR-HOST-NAME:PORT/certserver/default.htm

Substitute the hostname of the machine running the PGP Certificate Server for the YOUR-HOST-NAME value. For PORT, substitute the port number for the web server that you are running on YOUR-HOST-NAME (this defaults to 80 if it is not specified).

Online Help

This release also includes integrated online help in Microsoft Windows Help format:

• PGP Certificate Server online help
• PGP Replication Engine online help

SYSTEM REQUIREMENTS

• Windows NT version 4.0 and higher
• 32MB RAM minimum
• 5MB disk space for software
• Additional disk space for database (10MB - 500MB)
• Network interface card
• PGP 6.5.1 (Only required for management of secure keys).

• Microsoft Internet Information Server (version 4 recommended)
• with Microsoft Internet Explorer 4 or later, or any web server and a version 4 or later browser.

PGP Certificate Server is distributed in either a self-extracting file or on a CD-ROM.

To Install the product from a CD-ROM:

1. Start Windows.
2. Insert the CD-ROM.
3. Double-click the installation program icon found in the PGP Certificate Server subdirectory.
4. Follow the on-screen prompts.

1. Start Windows.
2. Download the PGP Certificate Server installation program onto your computer’s hard drive.
3. Double-click the installation program.
4. Follow the on-screen prompts.

After successfully installing the server, you may start it by selecting Programs-->PGP Certificate Server-->PGP Certificate Server Console from the Windows Start Menu.

Click "Create Database" to create the initial database (if necessary). Then press Start to start the certificate server.

To test that the server is running properly, start PGP (version 5.5 or later). You will need to add to PGP's configuration the URL of the machine running the certificate server as described in the following steps:

1. Open the PGPkeys window by selecting PGPkeys from the PGPtray menu.
2. Select Edit-->Options.
3. On the Servers page, click New to add a New server.
4. Select the Protocol to use.
5. Then enter an LDAP server name using the format:

ldap://YOUR-HOST-NAME
6. Type a new domain or choose an existing one.
7. Click OK.
8. Exit the Options dialog by clicking OK.
9. In the PGPkeys window, select any key from your list of keys.
10. Select the Send To item on the Keys menu and then select the name of your new PGP Certificate Server.

You can also use the search dialog in PGPkeys to search for the keys on the server. Again, be sure to set the name of your new server as the server to search.

STARTING THE PGP REPLICATION ENGINE

If you installed the optional PGP Replication Engine component, you may start it by selecting Programs-->PGP Certificate Server-->PGP Replication Engine Console from the Windows Start Menu.

PGP Replication Engine uses the same configuration file as the PGP Certificate Server. The default configuration file does not have replication enabled. The 'Replica' and 'RepLogFile' configuration tags need to be configured prior to successfully starting the server.

Examples, of each are:

Replica ldap://mirror.company.com

RepLogFile rep.log

See the Administrator's Guide for exact details on these configuration values.

Pressing Start will cause the product to beginning monitoring for data to replicate.

USING THE WEB CONFIGURATION/MONITORING WIZARD

The PGP Certificate Server can be easily configured using a web browser-based wizard. This wizard must be setup to run under an existing web server product. Most popular web servers support the wizard. The web server must be running on the same machine as the PGP Certificate Server.

If you are running the Microsoft Internet Information server (version 2.0 or later) and you requested the installer to automatically add support to IIS for the wizard, you only need to start (or restart) the web server. You can then access the configuration/monitoring wizard from your browser using the URL: http://YOUR-HOST-NAME:PORT/certserver/default.htm

If you are using another web server or did not have the installer add this support, please see the Administrator's Guide for details on how to properly configure this feature.

You may also directly edit the configuration file for the certificate server using any standard text editor such as Notepad. The default configuration file is found in:

C:\Program Files\Network Associates\PGPcertd\etc\pgpcertd.cfg

KNOWN ISSUES

HTTP Gateway CGI Scripts The Add and Lookup CGI scripts require access to the PGPsdk DLLs. These are installed in the Windows system directory when the Certificate Server is installed. These DLLs may not be present on the machine running the HTTP server. These DLLs should be copied to the same directory as the script or into the Windows system directory. The DLLs are called PGP_SDK.dll, PGPsdkNL.dll, and PGPsdkUI.dll.

ADDITIONAL INFORMATION

Domestic Diffie-Hellman/DSS-only release

If you want to support RSA keys with this version of the PGP Certificate Server, you must install Microsoft's Internet Explorer Version 4.0 or later (the domestic 128-bit version). Even with this support, some RSA keys with non-standard key sizes will not work as server keys for LDAPS.

International Diffie-Hellman/DSS-only release

If you want to support RSA keys with this version of the PGP Certificate Server, you must install Microsoft's Internet Explorer Version 4.0 or later (the domestic 128-bit version). Even with this support, some RSA keys with non-standard key sizes will not work as server keys for LDAPS. Due to export restrictions, the 128-bit version of Microsoft's Internet Explorer 4.0 or later may not be available in your area. If this is the case, this version of the PGP Certificate Server will not support RSA keys.

International release

The International version of the PGP Certificate Server does not encrypt data. It does provide strong authentication. The Transport Layer Security (TLS) connection between the PGP client and the server is strongly authenticated; but the data is sent over the network without being encrypted. This means that the queries and adds that are performed by the PGP client can be viewed by others, but the identity of someone performing administrative functions is still strongly authenticated.

YEAR 2000 COMPLIANCE

Information regarding NAI products that are Year 2000 compliant and its Year 2000 standards and testing models may be obtained from NAI’s website at http://www.nai.com/y2k .

For further information, email y2k@nai.com .

CONTACTING NETWORK ASSOCIATES

FOR QUESTIONS, ORDERS, PROBLEMS, OR COMMENTS

Contact the Network Associates Customer Care department:

• Phone (408) 988-3832 Monday-Friday, 6:00 A.M. - 6:00 P.M. Pacific time
• Fax (408) 970-9727 24-hour, Group III Fax

Network Associates Corporate Headquarters
3965 Freedom Circle
McCandless Towers
Santa Clara, CA
95054

• Phone: (408) 988-3832
• Fax: (408) 970-9727

• Phone: (972) 278-6100
• Fax: (408) 970-9727

• Internet E-mail: pgpsupport@pgp.com
• Internet FTP: ftp.nai.com
• World Wide Web: http://support.nai.com
• America Online: keyword MCAFEE
• CompuServe: GO NAI

• Program name and version number
• Computer brand and model
• Any additional hardware or peripherals connected to your computer
• Operating system type and version numbers
• Network name, operating system, and version
• Network card installed, where applicable
• Modem manufacturer, model, and speed, where applicable
• Relevant browsers or applications and their version numbers, where applicable
• How to reproduce your problem: when it occurs, whether you can reproduce it regularly, and under what conditions
• Information needed to contact you by voice, fax, or e-mail

FOR PRODUCT UPGRADES

To make it easier for you to receive and use Network Associates products, we have established a reseller's program to provide service, sales, and support for our products worldwide. For a listing of resellers, see the resellers.txt file or contact Network Associates Customer Care for resellers near you.

FOR REPORTING PROBLEMS

Network Associates prides itself on delivering a high-quality product. If you find any problems, please take a moment to review the contents of this file. If the problem you've encountered is documented, there is no need to report the problem to Network Associates.

If you find any feature that does not appear to function properly on your system, or if you believe an application would benefit greatly from enhancement, please contact Network Associates with your suggestions or concerns.

FOR ON-SITE TRAINING INFORMATION *

Contact Network Associates Customer Service at (800) 338-8754.