-on Windows, rename the directory C:\Program Files\Common Files\Netscape
+When you install Netscape 6 on Windows, Personal Security Manager is installed
+in the directory C:\Program Files\Common Files\Netscape Shared\Security\.
+
+
When you install Netscape 6 on Unix, Personal Security Manager is installed
+in a directory called psm in the same directory where the netscape
+executable resides.
+
+
The sections that follow describe how to install the Personal Security Manager
+files for use with Communicator 4.7x.
+Installing on Windows 95/98/2000/NT for Use With Communicator 4.7x
+
+To install Netscape Personal Security Manager on Windows 95/98/2000/NT for use with
+Communicator 4.7 or later, save the file in a convenient location with the
+specified filename, then drag the file's icon into a Navigator window (that
+is, a browser window displayed by Communicator). Dropping the file's icon
+over the browser window initiates SmartUpdate, which automatically installs
+Personal Security Manager. Afterinstallation is complete, exit Communicator
+and relaunch it. If your copy of Communicator is installed in the default
+location, SmartUpdate installs the Personal Security Manager files in the
+directoryC:\Program Files\CommonFiles\Netscape Shared\Security\
+and adds the file cmnav.dllin the directory C:\Program Files\Netscape\Communicator\Program.
+Installing on Unix for Use With Communicator 4.7x
+
+To install Personal Security Manager for use with Communicator 4.7 or later on Unix, you
+must be logged in as the same Unix user you will be logged in as when you
+run Communicator. For the Unix installation to succeed, you must have write
+privileges for both the directory where the Netscape executable resides and
+the directory where the installation script creates the directory containing
+the Personal Security Manager files. To install Personal Security Manager for
+use with Communicator 4.7x, download the tar file for the version of the product
+that you want to install and follow these steps:
+
+ - Exit Communicator, if it is running.
+ - Decompress the downloaded file to some convenient location.
+ - Run the psm-install program.
+
+The psm-install program allows you to specify the directory in which Personal
+Security Manager will be installed. In this release, you must install Personal
+Security Manager locally. To do so, you can either install it in the default
+location (/opt/netscape/security) or in some other local location. However,
+if you install Personal Security Manager anywhere other than the default
+location, Communicator must also be installed locally. To run Personal Security
+Manager on Unix, you must be logged in as the same Unix user you were logged
+in as when you installed it.
+Disabling Personal Security Manager
+To disable Personal Security Manager temporarily, exit the browser,
+then:
+
+ - on Unix, remove the directorypsm from the directory where
+thenetscapeexecutable resides.
+ - on Windows, rename the directory C:\Program Files\Common Files\Netscape
Shared\Security to something else.
-
-
-
-Using Personal Security Manager
+
+Using Personal Security Manager
The sections that follow describe how to test some of the features of Personal
Security Manager that are available with this release:
The sections that follow briefly describe how to test some of the features
listed above.
-For information on the JavaScript API supported by Personal Security
-Manager, see JavaScript API for Client
-Certificate Management and the Personal Security Manager Deployment
-Guide. For the latest versions of these documents, see http://docs.iPlanet.com/docs/manuals/psm.html.
-
-Use Personal Security
+
For information on the JavaScript API supported by Personal SecurityManager,
+see JavaScript API for ClientCertificate
+Management and the Personal Security Manager DeploymentGuide. For the
+latest versions of these documents, see
+http://docs.iPlanet.com/docs/manuals/psm.html.
+Use Personal Security
Manager with Netscape 6
-Personal Security Manager starts automatically the first time Netscape
-6 needs to perform some action involving security, such as handling an
-SSL session.
+Personal Security Manager starts automatically the first time Netscape 6
+needs to perform some action involving security, such as handling anSSL session.
Follow these steps to view your security settings and confirm that
-Personal Security Manager is running:
+Personal Security Manager is running:
--
-Launch Netscape 6.
-
--
-Choose Security & Privacy from the Tasks menu, then choose Security
+
- Launch Netscape 6.
+ - Choose Security & Privacy from the Tasks menu, then choose Security
Manager to view your Personal Security Manager settings.
-
--
-Close the Personal Security Manager window.
-
--
-Go to the page psmtest.html (in the same directory
-as these release notes), then choose Page Source from the View menu to
-see the JavaScript code that a web programmer can use to detect Personal
+
- Close the Personal Security Manager window.
+ - Go to the page psmtest.html (in the same
+directoryas these release notes), then choose Page Source from the View menu
+tosee the JavaScript code that a web programmer can use to detect Personal
Security Manager and its version number.
-Note that the version number has two parts. The first is the version of
-the PSM client library, and the second is the version of the PSM server
-library.
-
-
-Test Basic SSL
-Go to any online store, banking service, brokerage account, or other web
-site that supports SSL. Verify that the lock in the lower-left corner of
-the browser window is closed when you reach the pages for which SSL should
-be enabled, for example a page where you are asked to give your credit
-card number.
-
-Get an SSL Client Certificate
+Note that the version number has two parts. The first is the version ofthe
+PSM client library, and the second is the version of the PSM serverlibrary.
+
+
+Test Basic SSL
+Go to any online store, banking service, brokerage account, or other website
+that supports SSL. Verify that the lock in the lower-left corner ofthe browser
+window is closed when you reach the pages for which SSL shouldbe enabled,
+for example a page where you are asked to give your creditcard number.
+Get an SSL Client Certificate
Go to any public or private CA and apply for an SSL client certificate.
-To test one-click certificate issuance, dual key-pair certificates,
-and other Personal Security Manager features, system administrators should
-download, install, and configure Netscape Certificate Management System.
-For complete CMS documentation and other information, see http://docs.iPlanet.com/docs/manuals/cms.html.
-To download the latest version of CMS, see http://www.iplanet.com/downloads/download/.
-
-View Your Certificate
+To test one-click certificate issuance, dual key-pair certificates,and
+other Personal Security Manager features, system administrators shoulddownload,
+install, and configure Netscape Certificate Management System.For complete
+CMS documentation and other information, see
+http://docs.iPlanet.com/docs/manuals/cms.html.To download the latest
+version of CMS, see
+http://www.iplanet.com/downloads/download/.
+View Your Certificate
After you have obtained a certificate, follow these steps to view it:
--
-Click the Security icon in the Navigator toolbar.
-
--
-Click the Certificates tab.
-
--
-Click to select your certificate.
-
--
-Click View.
+ - Click the Security icon in the Navigator toolbar.
+ - Click the Certificates tab.
+ - Click to select your certificate.
+ - Click View.
You should see information about your new certificate.
-
-Test
-Client Authentication
-Personal Security Manager allows the SSL server and client to negotiate
-which certificate to use, and in most cases they can agree on a single
-correct certificate for the client to present. When this happens, the user
-can access an SSL site that requires client authentication with zero additional
-clicks.
-To test client authentication with Netscape Enterprise Server, system
-administrators should follow these steps:
+
+TestClient Authentication
+Personal Security Manager allows the SSL server and client to negotiatewhich
+certificate to use, and in most cases they can agree on a singlecorrect certificate
+for the client to present. When this happens, the usercan access an SSL site
+that requires client authentication with zero additionalclicks.
+To test client authentication with Netscape Enterprise Server, systemadministrators
+should follow these steps:
--
-Install an Enterprise Server and configure it for client authentication
-as described in Appendix
-D, Using SSL with Enterprise Server 3.x, of Netscape Certificate
+
- Install an Enterprise Server and configure it for client authentication
+as described in
+AppendixD, Using SSL with Enterprise Server 3.x, of Netscape Certificate
Management System Installation and Deployment Guide.
-
--
-Test the Enterprise Server installation as described at the end of Appendix
-D using Personal Security Manager.
+ - Test the Enterprise Server installation as described at the end of
+AppendixD using Personal Security Manager.
-
-
-Validate Certificates Using
-OSCP
+Validate Certificates
+UsingOSCP
Personal Security Manager supports the use of the On-Line Certificate Status
Protocol (OSCP) to check the validity of certificates in real time. Information
-about this protocol and how configure Personal Security Manager 1.3 and
-Netscape Certificate Management System 4.2 to support it is available from
-http://docs.iPlanet.com/docs/manuals/psm/12/psmdply.htm
+about this protocol and how configure Personal Security Manager 1.3 andNetscape
+Certificate Management System 4.2 to support it is available from
+http://docs.iPlanet.com/docs/manuals/psm/12/psmdply.htm
It's important to note that Personal Security Manager will accept signatures
-from responders only under the following conditions:
+from responders only under the following conditions:
--
-The response was signed by a delegated responder--that is, the responder's
+
- The response was signed by a delegated responder--that is, the responder's
certificate was signed by the same CA as the certificate you're trying
-to verify and has the extendedKeyUsage bit set indicating that
-the certificate is an OCSP response signer. The certificate should be the
-same as a CA certificate with the addition of the extendedKeyUsage
-bit.
-
--
-The user has designated a default responder in the OCSP Settings dialog
+to verify and has the extendedKeyUsage bit set indicating thatthe
+certificate is an OCSP response signer. The certificate should be thesame
+as a CA certificate with the addition of the extendedKeyUsagebit.
+ - The user has designated a default responder in the OCSP Settings dialog
box (available from the Advanced tab under Options).
Common problems include the following:
--
-Time drift between the client and server machine. Personal Security Manager
-expects the time of the response to be within the past 24 hours. If there
-is a difference in the clocks between the machine used to sign the response,
-so the response looks to Personal Security Manager like it was signed in
-the future, Personal Security Manager interprets this as an error. Run
-ntp on both machines to fix this problem.
-
--
-The response doesn't include the certificates required to complete the
-chain needed to verify the signer's certificate. The client frequently
+
- Time drift between the client and server machine. Personal Security
+Managerexpects the time of the response to be within the past 24 hours. If
+thereis a difference in the clocks between the machine used to sign the response,
+so the response looks to Personal Security Manager like it was signed inthe
+future, Personal Security Manager interprets this as an error. Runntp on
+both machines to fix this problem.
+ - The response doesn't include the certificates required to complete
+thechain needed to verify the signer's certificate. The client frequently
doesn't have all the certificates in the database that are needed to verify
-the signer's certificate, in which case Personal Security Manager can't
-verify the signer's certificate and OCSP fails. Make sure the entire chain
-is included with every response. This is the safest way to avoid this problem.
-
--
-If you are using ValiCert, misconfiguration may cause the Validation Authority
-not to send the certificate chain (including the CA root certificate and
-the OCSP responder's certificate) correctly.
+the signer's certificate, in which case Personal Security Manager can'tverify
+the signer's certificate and OCSP fails. Make sure the entire chainis included
+with every response. This is the safest way to avoid this problem.
+ 