What's New in PGP Certificate Server
      Version 2.5 for Unix-Sun Solaris
  Copyright (c) 1998-99 by Network Associates
 Technology, Inc., and its Affiliated Companies.
               All Rights Reserved.

Thank you for using Network Associates' products.
This What's New file contains important
information regarding the PGP Certificate Server.
Network Associates strongly recommends that you
read this entire document.

Network Associates welcomes your comments and
suggestions.  Please use the information provided
in this file to contact us.

Warning: Export of this software may be restricted
by the U.S. Government.


___________________
WHAT'S IN THIS FILE

- New Features
- Documentation
- System Requirements
- Installation
- Starting the PGP Certificate Server
- Starting the PGP Replication Engine
- Using the Web Configuration/Monitoring Wizard
- Known Issues
- Additional Information
- Year 2000 Compliance
- Contacting Network Associates


____________
NEW FEATURES

*  Improved Web-based Configuration

  Administrators can conveniently manage the Cert
  Servers configuration from nearly any web browser.
  This version improves the extensive on-line help
  on product configuration settings. This version
  provides integrated support for many popular web
  servers including:

   - Netscape Enterprise Server 3.x
   - Netscape FastTrack Server 3.x
   - Apache 1.3.x

  Administrators can secure the communications
  between the web browser and the Cert Server
  using the native security services provided by
  the web server installed with the Cert Server.

*  Database Size and Performance Improvements

  This version includes numerous performance
  enhancements and database optimizations.
  Certificate database size has been reduced
  by 20% - 30% from previous versions, due to
  improved certificate storage methods. This size
  reduction provides improved server performance;
  more certificates are now stored in the
  server's cache, less data is read from and
  written to the servers harddisk, and fewer
  transformations are needed on certificate data.

_____________
DOCUMENTATION

Also included with this release is the following
manual, which can be viewed on-line as well as
printed:

* PGP Certificate Server Administrator's Guide

This document is saved in Adobe Acrobat Portable
Document Format (.PDF). You can view and print the
document with Adobe's Acrobat Reader. PDF files
can include hypertext links and other navigation
features to assist you in finding answers to
questions about your Network Associates product.

To download Adobe Acrobat Reader from the World
Wide Web, visit Adobe's Web site at:

http://www.adobe.com/prodindex/acrobat/readstep.html

If the web server support for PGP Certificate
Server is installed, the Administrator's Guide is
also available through a link found on the page:

   http://YOUR-HOST-NAME:PORT/certserver/default.htm

Substitute the hostname of the machine running the
PGP Certificate Server for the YOUR-HOST-NAME
value.  For PORT, substitute the port number for
the web server that you are running on
YOUR-HOST-NAME (by default, the web server listens
to port 8080).

Documentation feedback is welcome. Send e-mail to
[email protected].


___________________
SYSTEM REQUIREMENTS

- Sun Solaris (UNIX) Version 2.5.1 or later (Ultra
 Sparc recommended) (Solaris 2.6 is required for
 databases larger than 2GB.)
- Perl 5 (required for the configuration/
 monitoring wizard)
- 64MB RAM minimum
- 30MB disk space for software
- Additional disk space for database (10MB - 500MB)
- Network interface card


____________
INSTALLATION

PGP Certificate Server comes shipped on a CD-ROM
in the form of a Solaris package file.

To Upgrade from a previous version of the product
from a CD-ROM:

1.  Sign on as root.
2.  Modify the Solaris package administration
   file:

   A. Make a copy of the package administration
      file:

      cd /var/sadm/install/admin
      cp default pgp.admin

   B. Using a text editor, change the line in the
      pgp.admin file from "instance=unique" to
      "instance=ask".

3.  Insert the CD-ROM.
4.  Mount the CD-ROM drive (if it isn't auto-
   mounted).
5.  Change to the directory containing the package
   file.
6.  Run the command:

   pkgadd -d PGPcertserv_2.5_Solaris
          -a /var/sadm/install/admin/pgp.admin

7.  Create Web Configuration/Monitoring wizard
   logins, as directed onscreen.

To Install the product from a CD-ROM (first-time
install):

1.  Sign on as root.
2.  Insert the CD-ROM.
3.  Mount the CD-ROM drive (if it isn't auto-
   mounted).
4.  Change to the directory containing the package
   file.
5.  Run the command:

   pkgadd -d PGPcertserv_2.5_Solaris

6.  Create Web Configuration/Monitoring wizard
   logins, as directed onscreen.


Verify the install succeeded:

1.  Run the command:

   pkginfo -l PGPcertd

2.  Verify that the status is "Completely
   Installed"


___________________________________
STARTING THE PGP CERTIFICATE SERVER

After successfully installing the server, you may
start it by following these steps.

1.  Sign on as root.

2.  Change to the product bin directory (this
   assumes the default install directory of
   /opt/PGPcertd).

   cd /opt/PGPcertd/bin

3.  Create the initial database.

   ./pgpcertd -n -f ../etc/pgpcertd.conf

4.  Start the server.

   ./pgpcertd -f ../etc/pgpcertd.conf

5.  Verify the server is running.

   ps -fu root | grep pgpcertd

If the server is not running, check the syslog
file for errors or try starting the server with
the Check Configuration flag (-c) to see why the
server did not start.

To test that the server is running properly, start
PGP (version 5.5 or later).  You will need to add
to PGP's configuration the URL of the machine
running the certificate server.  You can do this
by selecting PGP Preferences from PGPtray's popup
menu (or from PGPkeys' Edit/Preferences menu).
From the Servers page, add a New server.  Enter a
new domain or choose an existing one.  Then enter
an LDAP server using the form:

   ldap://YOUR-HOST-NAME

Now from PGPKeys, select any key from your list of
keys.  Then select the Send Key to Server item on
the Keys menu.  Be sure to select the name of your
new PGP Certificate Server.  If the key gets sent
to the server successfully, your server is running
properly.  You can also use the search dialog in
PGPkeys to search the keys on the server.  Again,
be sure to set the name of your new server as the
server to search.

___________________________________
STARTING THE PGP REPLICATION ENGINE

PGP Replication Engine uses the same configuration
file as the PGP Certificate Server.  The default
configuration file does not have replication
enabled.  The 'Replica' and 'RepLogFile'
configuration tags need to be configured prior to
successfully starting the engine. Examples of each
are:

   Replica     ldap://mirror.company.com
   RepLogFile  rep.log

See the Administrator's Guide for exact details on
these configuration values.

If you installed the optional PGP Replication
Engine component and performed the above
configuration, you may start the engine by
following these steps.

1.  Sign on as root.

2.  Change to the product bin directory (this
   assumes the default install directory of
   /opt/PGPcertd).

   cd /opt/PGPcertd/bin

3.  Start the product.

   ./pgprepd -f ../etc/pgpcertd.conf

4.  Verify the engine is running.

   ps -fu root | grep pgprepd

If the server is not running, check the syslog
file for errors or try starting the server with
the Check Configuration flag (-c) to see why the
server did not start.


_____________________________________________
USING THE WEB CONFIGURATION/MONITORING WIZARD

The PGP Certificate Server can be easily
configured using a web browser-based wizard.  This
wizard must be setup to run under an existing web
server product.  Most popular web servers support
the wizard.  The web server must be running on the
same machine as the PGP Certificate Server.

NOTE: Perl 5 needs to be installed on your machine
for the wizard to work. If you do not have Perl 5
installed, please see the Administrator's Guide
for details on where to get Perl 5.

If you are running the Apache web server supplied
with PGP Certificate Server and you requested the
installer to install the web server, you may need
to start (or restart) the web server.  This is
done by signing on as root and issuing the
command:

   /opt/PGPcertd/web/apachectl start
or
   /opt/PGPcertd/web/apachectl restart

You can then access the configuration/monitoring
wizard from your browser using the URL:

   http://YOUR-HOST-NAME:PORT/certserver/index.html

If you are using another web server or did not
have the installer add this support, please see
the Administrator's Guide for details on how to
properly configure this feature.

You may also directly edit the configuration file
for the certificate server using any standard text
editor.  The default configuration file is found
in:

   /opt/PGPcertd/etc/pgpcertd.conf


____________
KNOWN ISSUES

o Using RSA keys as Admin keys
 In the International and Freeware releases, RSA
 keys cannot be used by the server as the Server
 Secure KeyID.  Only DSS/Diffie-Hellman keys can
 be used as the key the client uses to determine
 which server it is connecting to using TLS/SSL.

o Replication Engine Running in One Shot Mode
 Running the Replication Engine in One Shot mode
 with an empty or non-existent replication log may
 cause the program to hang.  The process can be
 killed without harming the system.  Note that this
 situation would not normally occur.


______________________
ADDITIONAL INFORMATION

** International and Freeware releases **

The International and Freeware versions of the PGP
Certificate Server do not encrypt data.  They do
provide strong authentication.  The Transport Layer
Security (TLS) connection between the PGP client
and the server is strongly authenticated; but the
data is sent over the network without being
encrypted.  This means that the queries and adds
that are performed by the PGP client can be viewed
by others, but the identity of someone performing
administrative functions is still strongly
authenticated.


____________________
YEAR 2000 COMPLIANCE

Information regarding NAI products that are Year 2000 compliant
and its Year 2000 standards and testing models may be obtained
from NAI�s website at http://www.nai.com/y2k.

For further information, email [email protected].


_____________________________
CONTACTING NETWORK ASSOCIATES

*FOR QUESTIONS, ORDERS, PROBLEMS, OR COMMENTS*

Contact the Network Associates Customer Care
department:

1.  Phone (408) 988-3832 Monday-Friday,
   6:00 A.M. - 6:00 P.M. Pacific time

2.  Fax (408) 970-9727 24-hour, Group III Fax

Send correspondence to the following Network
Associates location:

Network Associates Corporate Headquarters
3965 Freedom Circle
McCandless Towers
Santa Clara, CA
95054

Phone numbers for corporate-licensed customers:
Phone: (408) 988-3832
Fax:   (408) 970-9727

Phone numbers for retail-licensed customers:
Phone: (972) 278-6100
Fax:   (408) 970-9727


Or, you can receive online assistance through any
of the following resources:

1.  Internet E-mail: [email protected]

2.  Internet FTP: ftp.nai.com

3.  World Wide Web: http://support.nai.com

4.  America Online: keyword MCAFEE

5.  CompuServe: GO NAI

To provide the answers you need quickly and
efficiently, the Network Associates technical
support staff needs some information about your
computer and your software. Please have this
information ready when you call:

- Program name and version number
- Computer brand and model
- Any additional hardware or peripherals connected
 to your computer
- Operating system type and version numbers
- Network name, operating system, and version
- Network card installed, where applicable
- Modem manufacturer, model, and speed, where
 applicable
- Relevant browsers or applications and their
 version numbers, where applicable
- How to reproduce your problem: when it occurs,
 whether you can reproduce it regularly, and
 under what conditions
- Information needed to contact you by voice, fax,
 or e-mail

We also seek and appreciate general feedback.


* FOR PRODUCT UPGRADES *

To make it easier for you to receive and use
Network Associates products, we have established a
reseller's program to provide service, sales, and
support for our products worldwide. For a listing
of resellers, see the resellers.txt file or
contact Network Associates Customer Care for
resellers near you.


* FOR REPORTING PROBLEMS *

Network Associates prides itself on delivering a
high-quality product.  If you find any problems,
please take a moment to review the contents of
this file. If the problem you've encountered is
documented, there is no need to report the problem
to Network Associates.

If you find any feature that does not appear to
function properly on your system, or if you
believe an application would benefit greatly from
enhancement, please contact Network Associates
with your suggestions or concerns.


* FOR ON-SITE TRAINING INFORMATION *

Contact Network Associates Customer Service at
(800) 338-8754.

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.