Personal Security Manager

Release 1.01

1/27/2000


These release notes contain important information about this release of Personal Security Manager. Please read these notes before using the software.

These notes include information for IS professionals who are thoroughly familiar with security and public-key infrastructure (PKI) issues.

Use of this product is subject to the terms detailed in the license agreement accompanying it (see license.html).


Contents

Documentation
Changes Since Personal Security Manager 1.0
Software/Hardware Requirements
Installing Personal Security Manager
Using Personal Security Manager
Known Bugs/Issues for Personal Security Manager 1.01
Feedback


Documentation

The following documentation is available in the same directory as these release notes: For the latest release notes, deployment guide, and other information, see the link to Personal Security Manager documentation at http://developer.iPlanet.com/docs/manuals/cms.html.


Changes Since Personal Security Manager 1.0

The status of the following important features or bugs has changed since the 1.0 release:

Software/Hardware Requirements

Operating systems supported: Windows NT, Windows 95, Windows 98, Solaris 2.6, and Linux 2.1 and 2.2.

Other software requirements:

  • You must use Communicator 4.7 or later versions. Get the latest version of Communicator from http://home.netscape.com before proceeding.
  • If you are running Comunicator 4.7, Personal Security Manager requires that Communicator have JavaScript turned on. If you are running later versions of Communicator, Personal Security Mnaager works regardless of whether JavaScript is turned on.
  • If you are running Communicator 4.71, you must use Personal Security Manager 1.01. Communicator 4.71 and Personal Security Manager 1.0 do not work correctly together. Other combinations, including Communicator 4.7/Personal Security Manager 1.01 and Communicator 4.7/Personal Security Manager 1.0, work correctly.

  • Installing Personal Security Manager

    Important: If you have installed earlier releases of Personal Security Manager, you should delete the psm directory before installing release 1.01. The psm directory required for previous releases was located in the Netscape program directory on Windows 95/98/NT (default location C:\Program Files\Netscape\Communicator\Program), and in the directory where the Netscape executable resides on Unix.

    To install Personal Security Manager on Windows 95/98/NT, simply click the SmartUpdate link for the version of the product that you want to install. If your copy of Communicator is installed in the default location, SmartUpdate installs the Personal Security Manager files in the directory C:\Program Files\Common Files\Netscape Shared\Security\ and adds the file cmnav.dll in the directory C:\Program Files\Netscape\Communicator\Program.

    Important: On Windows NT, you must have administrator privileges to install Personal Security Manager using SmartUpdate.

    Before you install Personal Security Manager on Unix, you must be logged in as the same Unix user you will be logged in as when you run Communicator. For the Unix installation to succeed, you must have write privileges for both the directory where the Netscape executable resides and the directory where the installation script creates the directory containing the Personal Security Manager files.

    To install Personal Security Manager on Unix, download the tar file for the version of the product that you want to install and follow these steps:

    1. Exit Communicator, if it is running.
    2. Decompress the downloaded file to some convenient location.
    3. Run the psm-install program.
    The psm-install program allows you to specify the directory in which Personal Security Manager will be installed. In this release, you must install Personal Security Manager locally. To do so, you can either install it in the default location (/opt/netscape/security) or in some other local location. However, if you install Personal Security Manager anywhere other than the default location, Communicator must also be installed locally.

    To run Personal Security Manager on Unix, you must be logged in as the same Unix user you were logged in as when you installed it.

    You are now ready to begin using Personal Security Manager.

    To disable Personal Security Manager temporarily, simply rename the file cmnav.dll (in the Netscape program directory on Windows 95/98/NT, or the directory in which your Netscape executable resides on Unix) to some other name, such as cmnav.txt. On Unix, you can also rename the file cmnav.so to some other name to disable Personal Security Manager.


    Using Personal Security Manager

    The sections that follow describe how to test some of the features of Personal Security Manager that are available with this release: The sections that follow briefly describe how to test some of the features listed above.

    For information on the JavaScript API supported by Personal Security Manager, see JavaScript API for Client Certificate Management and the Personal Security Manager Deployment Guide. For the latest version of the deployment guide, see the link to Personal Security Manager documentation at http://developer.iPlanet.com/docs/manuals/cms.html.

    Start Up Personal Security Manager with Communicator

    Follow these steps to start Personal Security Manager with Communicator.
    1. Launch Communicator. Personal Security Manager will silently load in the background.
    2. Go to the page psmtest.html (in the same directory as these release notes), then choose Page Source from the View menu to see the JavaScript code that a web programmer can use to detect Personal Security Manager and its version number.
    Note that the version number has two parts. The first is the version of the PSM client library, and the second is the version of the PSM server library.

    Test Basic SSL

    Go to any online store, banking service, brokerage account, or other web site that supports SSL. Verify that the lock in the lower-left corner of the browser window is closed when you reach the pages for which SSL should be enabled, for example a page where you are asked to give your credit card number.

    Get an SSL Client Certificate

    Go to any public or private CA and apply for an SSL client certificate.

    To test one-click certificate issuance, dual key-pair certificates, and other Personal Security Manager features with Netscape Certificate Management System 4.2, system administrators must first download, install, and configure Netscape Certificate Management System 4.2. See the Personal Security Manager Deployment Guide for details. For complete CMS documentation and other information, see http://developer.iPlanet.com/docs/manuals/cms.html (this page includes a link to the latest Personal Security Manager documentation). To download Certificate Management System 4.2, see http://home.netscape.com/testdrive/download/.

    View Your Certificate

    After you have obtained a certificate, follow these steps to view it:
    1. Click the Security icon in the Navigator toolbar.
    2. Click the Certificates tab.
    3. Click to select your certificate.
    4. Click View.
    You should see information about your new certificate.

    Test Client Authentication

    Personal Security Manager allows the SSL server and client to negotiate which certificate to use, and in most cases they can agree on a single correct certificate for the client to present. When this happens, the user can access an SSL site that requires client authentication with zero additional clicks.

    To test client authentication with Netscape Enterprise Server, system administrators should follow these steps:

    Request and Use Separate Signing and Encryption Certificates ("Dual Key-Pair Certificates")

    Separate signing and encryption certificates, sometimes called "dual key-pair certificates," are specialized certificates used only with S/MIME. The term "dual key pair" refers to the fact that two public-private key pairs--four keys altogether--correspond to two separate certificates. The private key of one pair is used for email signing operations, and the public and private keys of the other pair are used for email encryption and decryption operations. Each pair corresponds to a separate certificate.

    In the past, Communicator has supported the signing and encryption functions for S/MIME with a single, combined signing and encryption certificate.

    This version of Personal Security Manager allows you to request dual key-pair certificates from a single, specially configured enrollment page provided by Netscape Certificate Management System. The resulting certificates are combined under a single nickname in the Certificates/Mine panel displayed by Personal Security Manager. (To see this panel after Personal Security Manager is installed, click the Security button in the Communicator toolbar, then click the Certificates tab.) When you select a nickname that represents a pair of related signing and encryption certificates, then click View or other buttons that act on the selection, a dialog box allows you to select which certificate you want to act on.

    For instructions on configuring Certificate Management System to issue dual key-pair certificates and to archive the private encryption key, see Chapter 25, Recovering Encrypted Data, in Netscape Certificate Management System Administrator's Guide. For a more general description of the steps involved, see the Personal Security Manager Deployment Guide (see the link to Personal Security Manager documentation at http://developer.iPlanet.com/docs/manuals/cms.html).

    Once you have obtained your dual key-pair certificates, you can use them with Personal Security Manager to sign and encrypt email. You can also back them up and import them using buttons in the Certificates/Mine panel, and set the certificate you want to use for signing in the Applications/Messenger panel.

    Validate Certificates Using OSCP

    Personal Security Manager supports the use of the On-Line Certificate Status Protocol (OSCP) to check the validity of certificates in real time. For information about this protocol and how configure Personal Security Manager 1.01 and Certificate Management System 4.2 to support it, see the Personal Security Manager Deployment Guide (see the link to Personal Security Manager documentation from http://developer.iPlanet.com/docs/manuals/cms.html).

    Fetch Certificates Automatically from a Directory

    Personal Security Manager can search a specified directory for the certificate associated with an email address. This search is performed automatically when you send a message (but note that it doesn't work over SSL in this release; see Known Bugs/Issues for 1.01. Release).

    To activate this feature, you must specify a directory server to search. To do so, choose Preferences from the File menu in Communicator, then click Addressing under Mail & Newsgroups. In the right panel, click Directory Server under Pinpoint Addressing, select the directory you want to use from the drop-down menu, and click OK. Personal Security Manager uses this directory for automatic certificate lookups when you send an encrypted email message.

    If the directory you want doesn't show up in the drop-down menu under Pinpoint Addressing, you can add it to your list of directories using the Communicator Address Book. To do so, choose Address Book from the Communicator menu, then choose New Directory from the File menu. You must then add information about the directory you want to add. Once the directory has been added to the Address book, you can specify it in your preferences as described above.


    Known Bugs/Issues for Personal Security Manager 1.01


    Feedback

    To send feedback to the Personal Security Manager development team, send email to psmfeedback@netscape.com. Feedback back sent to this address will be read by the team, but you will not receive a personal response.