=============================================================== README: Entrust/WebCA(tm) v1.01 for Windows NT =============================================================== Thank you for your interest in Entrust/WebCA v1.01. Entrust/WebCA is subject to the terms detailed in the license agreements, available on our web site at http://www.entrust.com/webca/evallicense.htm and http://www.entrust.com/webca/commlicense.htm. The license agreements can also be found in the online help documents. The freely available version of Entrust/WebCA can be used for a trial period of 45 days. It will allow you to issue up to 25 X.509 v3 or v1 certificates. If you wish to issue more certificates or use Entrust/WebCA after the 45-day evaluation period, please contact Entrust Technologies Inc. at (613) 247-3411 to purchase a commercial license. =================== Upgrade vs. Install =================== The Entrust/WebCA v1.01 install package is both a first-time install package and an upgrade package. If install detects an existing installation of Entrust/WebCA 1.0 it will give you the choice of upgrading from version 1.0 instead of installing Entrust/WebCA 1.01 from scratch. The upgrade procedure will overwrite executables and Administrator help files. It will not change the Client HTML files or any of the customer-configurable aspects of the configuration files. The Entrust/WebCA certificate database and the Directory data will be preserved, along with the audit logs and all of your settings. After upgrading, you will continue using your current Certification Authority certificate. Entrust/WebCA v1.01 is being released to fix some problems related to time zones and daylight savings time. The list of problems fixed in v1.01 is included below along with a list of new features. Of particular note is support for X.509 v1 certificates (still in use by some Web servers). =================== System requirements =================== - Pentium 100 or equivalent microprocessor - 48 MB RAM (for Entrust/WebCA, operating system, and Web server) - Disk space (not including Web server): Entrust/WebCA files --> 15 MB Certificate directory --> 20 MB per 1000 users - Microsoft Windows NT(tm) 3.51 and higher - One of the SSL-enabled Web servers listed below Since NTFS (NT File System) makes more efficient use of disk space than FAT (File Allocation Table), we recommend that you install Entrust/WebCA on an NTFS disk partition. ============================== Supported servers and browsers ============================== Entrust/WebCA has been tested for use with the browsers and servers listed below. This list will be updated on our Web site (at http://www.entrust.com/webca) as support for other browsers and servers is confirmed: Entrust/WebCA host Web servers(*) Netscape Enterprise Server v2.0 Microsoft Internet Information Server v3.0 Application Web servers(*) Entrust/WebCA is designed to work with any Web server that uses X509 certificates. As of April 1997, it has been tested with: - Netscape Enterprise Server v2.0 - Microsoft Internet Information Server v3.0 - Apache Stronghold v2.0 (New) Browsers Netscape Navigator v3.x Microsoft Internet Explorer v3.x (except as noted below under "Known issues") (*)The Entrust/WebCA host Web server is the server that provides the user and administration interfaces to Entrust/WebCA. An application Web server is a Web server that uses a certificate issued by Entrust/WebCA. =========== Directories =========== Entrust/WebCA has been tested with: - Netscape Directory Server v1.01 ========================= Installation instructions ========================= You need Microsoft Windows NT administrator rights to install Entrust/WebCA. To install Entrust/WebCA from the Web, download the files into a local directory and double-click the Entrust/WebCA setup executable. We recommend that you install all Entrust/WebCA components on a single computer behind a firewall. ======================================= Using your own LDAP-compliant Directory ======================================= Entrust/WebCA uses LDAP to communicate with the Directory component of Entrust/WebCA. If you decide to use your own LDAP-compliant Directory with Entrust/WebCA you will need to run the LDAP initialization utility "genca.exe" before you install Entrust/WebCA. This utility is available at http://www.entrust.com/webca/genca.htm. ===================== New Features in v1.01 ===================== Entrust/WebCA now supports X.509 v1 certificates. Where there is a choice however, it is recommended that you use X.509 v3 certificates since they support customizable extensions. ============ Known issues ============ Entrust/WebCA does not currently support multiple-CPU configurations on Windows NT systems. Virus protection software that scans inbound and outbound files may cause the Entrust/WebCA CGI programs to fail. If you are running this type of software, please disable inbound and outbound file scanning. Under some circumstances you may not be able to establish secure connections between Internet Explorer and Internet Information Server. By default, IE and IIS attempt to negotiate a secure session using a protocol called PCT (Private Communication Technology). If you have defined more than 5 extensions for the server certificate in the Entrust/WebCA configuration files, PCT will not allow you to establish a secure session. To get around this, you can either ensure that you have defined 5 or fewer extensions for the server certificate or you can disable PCT in the browser. To disable PCT in the browser, select "Options..." from the "View" menu in Internet Explorer, select the "Advanced" tab and click "Cryptography Settings...". In the dialog that appears, deselect the checkbox beside "Allow PCT (secure) connections". If you are using IE 3.02 to administer Entrust/WebCA, you will need to install Version 2 of Microsoft JScript and VBScript. This upgrade is available at http://www.microsoft.com/jscript. The full list of audit records generated by Entrust/WebCA will not appear until one hour after the upgrade has been completed. ======================= Problems fixed in v1.01 ======================= In some cases, during daylight savings time the validity periods for certificates issued by Entrust/WebCA began 1 hour after the certificates were generated. In this release, Entrust/WebCA certificates are valid as soon as they are generated. Administrators are now able to log into Entrust/WebCA regardless of what time zone they are in. Multi-value RDN ordering is now compliant with RFC 1779. In the Directory, "commonname" is now mapped to "cn", and "surname" is mapped to "sn". So, specifying "commonname" is the same as specifying "cn". Specifying "surname" is the same as specifying "sn". ======================== Buying more certificates ======================== The freely available version of Entrust/WebCA will allow you to issue up to 25 certificates and can be used for a trial period of 45 days. If you would like to issue more that 25 certificates or use Entrust/WebCA beyond the 45-day evaluation period, please call Entrust Technologies Inc. at (613) 247-3411 to purchase a commercial license. ======== Feedback ======== If you have comments or other feedback about Entrust/WebCA, please let us know at feedback@entrust.com. ===================== Trademark information ===================== Entrust is a registered trademark of Entrust Technologies Limited. Entrust/WebCA is a trademark of Entrust Technologies Limited. Microsoft Windows NT is a trademark of Microsoft Corporation. Pentium is a trademark of Intel Corporation