[StartHere] [ReadMe] [Release notes] [Installation and Configuration Guide]

Entrust Authority™

Enrollment Server for Web

Enrollment Server for WAP

Release notes

Release 7.0
October 2003

Document issue: 1.0

Welcome to Entrust Authority Enrollment Server for Web Release 7.0.

This document provides essential information about features, limitations, and known issues for this release of the Enrollment Server for Web.

New Features
Fixed in this release
Known issues
Limitations

Refer to Enrollment Server for Web section of the Entrust Web site for the latest updates on this product.

New Features [top]

This release includes the following features:

Updated Web server support: You can install the Enrollment Server for Web 7.0 on recent Web server versions. For more details about Web server support, refer to the System requirements section.
Redesigned HTML pages: The Enrollment Server for Web and Enrollment Server for WAP HTML pages are redesigned for better usability and consistency with other Entrust® products. To allow you to customize the HTML pages more easily, a stylesheet (style.css) is now also part of the product.
Customizable Microsoft® Visual Basic® scripts: In 7.0, all Microsoft Visual Basic code is part of the HTML pages. This allows you to customize the scripts (for example, add your own Cryptographic Service Provider (CSP) types) for your environment.

Fixed in this release [top]

The following known issues and limitations have been resolved for this release of Enrollment Server for Web.

Documentation issues: There were a number of documentation issues in the Entrust/WebConnector 5.1 Administrator's Guide. For example, the guide incorrectly stated support for Netscape® 6.0 and that the CombinedCRLLifetime entry value is calculated in days.; These errors are fixed or no longer applicable to the new Entrust Authority Enrollment Server for Web 7.0 Installation and Configuration Guide.
Not all available Certificate Service Providers (CSPs) listed on Windows 2000 Server: Formerly, Enrollment Server for Web did not display all the available CSPs on a Windows 2000 Server. In this release, the Enrollment Server for Web presents a drop-down list of available CSPs that changes dynamically depending on the type (for example, RSA, Diffie-Hellman) you choose.
Could not issue certificates for Microsoft Internet Authentication Service (IAS) servers or clients using Internet Explorer: The Visual Basic code in 5.1 did not allow you to change the available providers so that you could issue a certificate on an IAS machine using Internet Explorer and Enrollment Server for Web. This limitation meant you had to use IIS for key generation and certificate request activities.; In 7.0, select the "RSA and Schannel" provider type and then select the "Microsoft RSA/Schannel Cryptographic Provider" from the drop-down list to issue certificates for IAS servers and clients.

Known issues [top]

This section describes known issues of the Enrollment Server for Web.

Only RSA cryptographic providers should be used for certificates with encryption bits defined in the key usage extension

When requesting certificates for browsers, computers, devices, or Windows servers, do not select a Digital Signature Standard (DSS) type of cryptographic provider (which specifies a DSA algorithm) from the Provider type drop-down list if encryption bits are defined in the key usage extension for this certificate type. For example, the Web Default certificate type cannot be used with DSS providers since it has both digital signature and key encipherment bits set.

If you request such a certificate selecting one of the DSS providers, Security Manager will reject the request and produce the following error:

-2739 PKIX: The encryption key received is not RSA.

If you want to use a DSS provider to generate the certificate request, specify a certificate type that only has signature bits defined.

Microsoft Exchange Cryptographic Provider 1.0 not supported: Enrollment Server for Web 7.0 does not support Microsoft Exchange Cryptographic Provider 1.0. However, Microsoft Enhanced Cryptographic Provider is supported.

UTF-8 encoding not supported when displaying Directory search results: Enrollment Server for Web does not currently support UTF-8 encoding when displaying the Directory search results, which are represented by RFC 2253 strings. You may see some characters shown as a sequence of "\" and hexadecimal characters. If the certificate search criteria contains characters outside the readable ASCII set (32-126), Enrollment Server for Web replaces these characters with "*" and the search results may include more entries than meet your criteria.

Limitations [top]

This section describes the limitations of the Enrollment Server for Web.

Only certificates issued with RSA keys supported by IBM HTTP Server

Only certificates issued with RSA keys can be installed on IBM HTTP Server. If the CA key pair algorithm in Security Manager is set to DSA, you cannot install a Web server certificate and CA certificate on IBM HTTP Server.

Entrust is a trademark or a registered trademark of Entrust, Inc. in certain countries. All Entrust product names and logos are trademarks or registered trademarks of Entrust, Inc. in certain countries. All other company and product names and logos are trademarks or registered trademarks of their respective owners in certain countries.

The information is subject to change as Entrust reserves the right to, without notice, make changes to its products as progress in engineering or manufacturing methods or circumstances may warrant.

Export and/or import of cryptographic products may be restricted by various regulations in various countries. Licenses may be required.