mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
gecko-dev/security/psm/doc/help.htm

1103 строки
157 KiB
HTML
Исходник Ответственный История

<html><head>
<title>
</title>
<script languag=javascript>
<!--
if (typeof(crypto.disableRightClick) == "function") {
crypto.disableRightClick();
}
// -->
</script>
</HEAD>
<a name="TOP">
<FONT FACE="arial, helvetica, sans-serif" size="-1">
<a name="TOP">
<IMG SRC="cartbanner.gif" WIDTH="432" HEIGHT="36" HSPACE="0" VSPACE="0">
<table bgcolor="#cccccc" width="100%">
<tr><td><IMG SRC="w.gif" WIDTH=1 HEIGHT=3 BORDER=0></td></tr>
</table>
<BR><BR><TABLE CELLPADDING=5 CELLSPACING=2 border=0>
<TR width=100%><TD BGCOLOR="#FFFFFF"><a href="contents.htm"><IMG SRC="prev.gif" WIDTH=16 HEIGHT=14 ALIGN="texttop" BORDER=0>Previous</a></FONT>
</TD>
<TD BGCOLOR="#FFFFFF"><a href="glossary.htm">Glossary<IMG SRC="next.gif" WIDTH=16 HEIGHT=14 ALIGN="texttop" BORDER=0></a></FONT></TD>
<TD BGCOLOR="#FFFFFF"><a href="contents.htm">Topics</a></FONT></TD>
</TR>
</TABLE>
<BR> <BR>
</a>
</DIV>
</P>
<A NAME="
"></A><A NAME="1024926"><FONT FACE="Palatino, Serif" SIZE="+2"> <B>
</FONT></B><P><A NAME="1028225">
This document contains these sections:</P></A>
<ul><A NAME="1028189"><LI><a href="help.htm#1057187">Introduction to Personal Security Manager</a></LI></A><BR><A NAME="1028195"><LI><a href="help.htm#1045279">Information Tab</a></LI></A><BR><A NAME="1047049"><LI><a href="help.htm#1030083">Applications Tab</a></LI></A><BR><A NAME="1031829"><LI><a href="help.htm#1030743">Certificates Tab</a></LI></A><BR><A NAME="1036503"><LI><a href="help.htm#1036138">Advanced Tab</a></LI></A><BR><A NAME="1036049"><LI><a href="help.htm#1056728">Other Personal Security Manager Windows</a></LI></A><BR></ul><A NAME="1044740">
<a href="help.htm#1057187">Introduction to Personal Security Manager</a> provides overview information about Personal Security Manager, this help system, and basic network security concepts. The rest of this document describes specific Personal Security Manager screens. </P></A>
<A NAME="1057187">&nbsp</A><A NAME="Introduction to Personal Security Manager">
</A>
<H1><FONT Face="arial, helvetica, sans-serif" size="+2">
Introduction to Personal Security Manager
</FONT></H1><A NAME="1057191">
Personal Security Manager is an application that helps you protect the security of your communications over the Internet, whether you are browsing the web, shopping, using email, or reading newsgroups. When Personal Security Manager is installed on your computer with Communicator 4.7, Netscape 6, Mozilla, or other browsers that support it, you can use it to control your personal security settings.</P></A>
<A NAME="1044645">
To view the Personal Security Manager window that lets you control your security settings, click the Security button in the browser toolbar or (in Netscape 6) choose Privacy and Security from the Tasks menu, then Security Manager. The Personal Security Manager window includes several different panels, accessible from tabs labeled Information, Applications, Certificates, and Advanced. To see an explanation of any panel, click the Help button at the bottom of the panel.</P></A>
<A NAME="1044679">
The sections that follow provide basic information you should know before using Personal Security Manager:</P></A>
<ul><A NAME="1044684"><LI><a href="help.htm#1044573">About Personal Security Manager Help</a></LI></A><BR><A NAME="1044667"><LI><a href="help.htm#1043598">What You Can Do with Personal Security Manager</a></LI></A><BR><A NAME="1044187"><LI><a href="help.htm#1026014">Understanding Network Security</a></LI></A><BR></ul><A NAME="About Personal Security Manager Help"></A><A NAME="1044573">&nbsp</A>
<h2><FONT Face="arial, helvetica, sans-serif" size="+1">
About Personal Security Manager Help</FONT></h2>
<A NAME="1045557">
The document you are reading contains information about every Personal Security Manager window:</P></A>
<ul><P><A NAME="1045563"><LI>If you have a question about a Personal Security Manager panel that is currently visible, click the Help button near the lower-right corner of the panel. Each Help button brings you straight to the section of this document that describes how to use that panel.</LI></A><P><A NAME="1044577"><LI>If you scroll to the top of this document, you can use the Previous, Next, Glossary, and Topics buttons to navigate to the list of topics and the glossary. <B></B></LI></A><P><A NAME="1044581"><LI>If you want to perform a specific task but aren't sure where to begin, see <a href="help.htm#1043598">What You Can Do with Personal Security Manager</a>.</LI></A></ul><A NAME="1044592">
Terms in Personal Security Manager panels that are underlined and followed by a blue "i" icon are linked to glossary definitions: just click the term to see the definition. Similarly, you can click underlined terms in this help system to see a glossary definition: for example, <a href="glossary.htm#1018895">certificate</a>. To get back to the help section you were viewing before clicking a glossary definition, press the key equivalent to the Back button in your browser. For example, on Windows and most Unix machines, press and hold the Alt key and press the left arrow key. Some Unix machines use the Diamond key and the left arrow key for this shortcut.</P></A>
<A NAME="What You Can Do with Personal Security Manager"></A><A NAME="1043598">&nbsp</A>
<h2><FONT Face="arial, helvetica, sans-serif" size="+1">
What You Can Do with Personal Security Manager</FONT></h2>
<A NAME="1044443">
Personal Security Manager allows you to perform the following security tasks:</P></A>
<ul><P><A NAME="1043602"><LI><B>Get your own certificate.</B> Personal Security Manager greatly simplifies the process of applying for a <a href="glossary.htm#1018895">certificate</a>. Much like a credit card or a driver's license, a certificate is a form of identification you can use to identify yourself over the Internet and other networks. To get a certificate, go to the URL for any certificate authority and follow the on-screen instructions for obtaining a certificate. For a list of certificate authorities, see <a href="https://certs.netscape.com/" TARGET="_blank">Client Certificates</a>. </LI></A><P><A NAME="1043605"><LI><B>Check security for the current window. </B>When you are viewing any browser or email window, open Personal Security Manager to see security information about the window that you are viewing. The sections <a href="help.htm#1041627">Information About Web Pages</a>, <a href="help.htm#1046060">Information About Stored Email Messages</a>, and <a href="help.htm#1046671">Information About Email Messages You Are Composing</a> in this document explain each information panel. To see the explanation for a specific panel, click the Help button for that panel.</LI></A><P><A NAME="1043618"><LI><B>Control application security settings.</B> To control security settings for the browser, email software, and JavaScript applications, open Personal Security Manager, then click the Applications tab. You can then select panels for the browser and other available applications. The section <a href="help.htm#1030083">Applications Tab</a> in this document explains how to use these panels. To see the explanation for a specific panel, click the Help button for that panel.</LI></A><P><A NAME="1043628"><LI><B>Manage Certificates.</B> Personal Security Manager maintains a <a href="glossary.htm#1023462">certificate store</a><I> </I>that contains all available certificates. These include your own certificates, other people's certificates, web site certificates, and certificate authority certificates. To view your certificates, open the main Personal Security Manager window, then click the Certificates tab. You can select panels that allow you to view and manipulate each kind of certificate. The section <a href="help.htm#1030743">Certificates Tab</a> in this document explains how to use the panels for each type of certificate. To see the explanation for a specific panel, click the Help button for that panel.</LI></A><P><A NAME="1043637"><LI><B>Manage external modules and advanced settings.</B> Personal Security Manager can be configured to use external hardware, such as a <a href="glossary.htm#1027625">smart card</a><I>,</I> that performs some or all cryptographic operations and optionally stores your certificates. To view these and other advanced settings, open the main Personal Security Manager window, then click the Advanced tab. The section <a href="help.htm#1036138">Advanced Tab</a> in this document explains how to use the Advanced panels. To see the explanation for a specific panel, click the Help button for that panel.</LI></A></ul><A NAME="1043648">
Personal Security Manager also occasionally displays small windows containing special information or warnings. The section <a href="help.htm#1056728">Other Personal Security Manager Windows</a> in this document explains these windows. To see the explanation for any Personal Security Manager window, click the Help button in the window.</P></A>
<A NAME="Understanding Network Security"></A><A NAME="1026014">&nbsp</A>
<h2><FONT Face="arial, helvetica, sans-serif" size="+1">
Understanding Network Security</FONT></h2>
<A NAME="1026041">
This section introduces essential concepts of network security that underlie Personal Security Manager. It is intended for users who are not familiar with network security issues and practices.</P></A>
<A NAME="1026016">
For brief definitions of terms, see the <a href="glossary.htm#996904">Glossary</a>.</P></A>
<ul><A NAME="1025351"><LI><a href="help.htm#1025373">Internet Security Issues</a></LI></A><BR><A NAME="1025355"><LI><a href="help.htm#1044836">Encryption and Decryption</a></LI></A><BR><A NAME="1025359"><LI><a href="help.htm#1025393">Public-Key Cryptography</a></LI></A><BR><A NAME="1025363"><LI><a href="help.htm#1025415">Digital Signatures</a></LI></A><BR><A NAME="1025367"><LI><a href="help.htm#1025444">Certificates</a></LI></A><BR></ul><A NAME="Internet Security Issues"></A><A NAME="1025373">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Internet Security Issues</FONT></b></p><A NAME="1025374">
Communication over the Internet uses the Transmission Control Protocol/Internet Protocol (TCP/IP). TCP/IP allows information to be sent from one computer to another through a variety of intermediate computers and separate networks before it reaches its destination. </P></A>
<A NAME="1025375">
The great flexibility of TCP/IP has led to its worldwide acceptance as the basic Internet communications protocol. At the same time, the fact that TCP/IP allows information to pass through intermediate computers makes it possible for people to interfere with your communications in the following ways:</P></A>
<ul><P><A NAME="1025376"><LI><B>Eavesdropping.</B> Information remains intact, but its privacy is compromised. For example, someone could learn your credit card number, record a sensitive conversation, or intercept classified information. </LI></A><P><A NAME="1045160"><LI><B>Tampering.</B> Information in transit is changed or replaced and then sent on to the recipient. For example, someone could alter an order for goods or change a person's resume.</LI></A><P><A NAME="1045185"><LI><B>Misrepresentation.</B> Information passes to someone who poses as the intended recipient. For example, a person can pretend to have the email address <FONT FACE="courier, courier new, monospace">jdoe@mozilla.com</FONT>; a computer can identify itself as a site called <FONT FACE="courier, courier new, monospace">www.mozilla.com</FONT> when it is not; or the web site <FONT FACE="courier, courier new, monospace">www.mozilla.com</FONT> can represent itself as a furniture store when it is really just a site that collects credit card payments and never ships anything.</LI></A></ul><A NAME="1045186">
Normally, users of the many cooperating computers that make up the Internet and other networks don't monitor or interfere with the network traffic that continuously passes through their machines. However, many sensitive personal and business communications over the Internet require precautions that address the threats listed above. Fortunately, a set of well-established techniques and standards known as <a href="glossary.htm#1019178">public-key cryptography</a> makes it relatively easy to take such precautions. </P></A>
<A NAME="1025382">
Public-key cryptography and related techniques make the following precautionary measures possible:</P></A>
<ul><P><A NAME="1025383"><LI><B>Encryption and decryption</B> allow two communicating parties to disguise information they send to each other. The sender encrypts, or scrambles, information before sending it. The receiver decrypts, or unscrambles, the information after receiving it. While in transit, the encrypted information is unintelligible to an intruder.</LI></A><P><A NAME="1025384"><LI><B>Tamper detection</B> allows the recipient of information to detect whether it has been modified in transit.</LI></A><P><A NAME="1025385"><LI><B>Authentication</B> allows the recipient of information to determine the sender's identity.</LI></A><P><A NAME="1025386"><LI><B>Nonrepudiation</B> makes it very difficult for a sender of information to deny at a later date that he or she sent it.</LI></A></ul><A NAME="1044834">
The sections that follow introduce the concepts of public-key cryptography that underlie these capabilities.</P></A>
<A NAME="Encryption and Decryption"></A><A NAME="1044836">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Encryption and Decryption</FONT></b></p><A NAME="1025390">
Encryption is the process of scrambling information so it is unintelligible to anyone but the intended recipient. Decryption is the process of unscrambling encrypted information so that it is intelligible again. A cryptographic algorithm, also called a cipher, is a set of rules or directions used to encrypt or decrypt data. In most cases, two related algorithms are employed, one for encryption and the other for decryption.</P></A>
<A NAME="1025391">
With most modern cryptography, the ability to keep encrypted information secret is based not on the cryptographic algorithm, which is widely known, but on a number called a key that must be used with the algorithm to produce an encrypted result or to decrypt previously encrypted information. Decryption with the correct key is simple. Decryption without the correct key is very difficult, and in some cases impossible for all practical purposes. </P></A>
<A NAME="1032495">
In general, the strength of encryption is related to the difficulty of discovering the key, which in turn depends on both the cipher used and the length of the key. For example, the difficulty of discovering the private key for the RSA cipher typically used for public-key encryption (described in the next section) depends on the difficulty of factoring large numbers, a well-known mathematical problem.</P></A>
<A NAME="Public-Key Cryptography"></A><A NAME="1025393">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Public-Key Cryptography</FONT></b></p><A NAME="1025394">
Public-key cryptography is a set of well-established techniques and standards that allow a person or other entity to verify its identity electronically and to encrypt and decrypt electronic data. It involves a pair of keys&#151;a public key and a private key&#151;associated with that identity. The most commonly used implementations of public-key cryptography are based on algorithms patented by <a href="http://www.rsa.com/" TARGET="_blank">RSA Data Security</a>. The examples used here describe the RSA approach. </P></A>
<A NAME="1025397">
Each public key is published, and the corresponding private key is kept secret. Data encrypted with your public key can be decrypted only with your private key. <a href="help.htm#1025405">Figure 1</a> shows a simplified view of the way public-key encryption works. </P></A>
<A NAME="1025405">
<P><B>Figure 1&nbsp&nbsp Public-key encryption <p><img src="06pcrypt.gif">
</B></P>
</A><A NAME="1025409">
For example, you can freely distribute your public key, but only your private key can decrypt data encrypted using your public key. To send encrypted data, you encrypt the data with that person's public key, and the person receiving the encrypted data decrypts it with the corresponding private key. </P></A>
<A NAME="1025413">
As it happens, the reverse of the scheme shown in <a href="help.htm#1025405">Figure 1</a> also works: data encrypted with your private key can be decrypted only with your public key. This would not be a desirable way to encrypt sensitive data, however, because it means that anyone with your public key, which is by definition published, could decrypt the data. Nevertheless, private-key encryption is useful, because it means you can use your private key to sign data with your digital signature&#151;an important requirement for electronic commerce and other commercial applications of cryptography. Browser or email software can then use your public key to confirm that the data was signed with your private key and that it hasn't been tampered with since being signed. </P></A>
<A NAME="Digital Signatures"></A><A NAME="1025415">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Digital Signatures</FONT></b></p><A NAME="1025416">
Encryption and decryption address the problem of eavesdropping, one of the three Internet security issues mentioned at the beginning of this section. But encryption and decryption, by themselves, do not address the other two problems mentioned in <a href="help.htm#1025373">Internet Security Issues</a>: tampering and misrepresentation. </P></A>
<A NAME="1032581">
This section describes how public-key cryptography addresses the problem of tampering. The section that follows describes how public-key cryptography addresses the problem of misrepresentation. </P></A>
<A NAME="1032582">
Tamper detection and related authentication techniques involve a special code called a <I>digital signature.</I> A digital signature is derived from both the data to be signed and the private key of the signer, and is unique (for all practical purposes) for each new piece of data that is signed. A digital signature has nothing to do with a handwritten signature, although it can sometimes be used for similar legal purposes.</P></A>
<A NAME="1025421">
Digital signatures make use of a mathematical function called a one-way hash (also called a message digest). A <I>one-way hash function</I> produces a number called a <I>one-way hash</I> that has the following characteristics:</P></A>
<ul><P><A NAME="1025422"><LI>The one-way hash is unique to the hashed data. Any change in the data, even deleting or altering a single character, results in a different value.</LI></A><P><A NAME="1025423"><LI>The content of the hashed data cannot, for all practical purposes, be deduced from the hash value&#151;which is why it is called "one-way."</LI></A></ul><A NAME="1025427">
As mentioned in <a href="help.htm#1025393">Public-Key Cryptography</a>, it's possible to use your private key for encryption and your public key for decryption. Although this is not desirable when you are encrypting sensitive information, it is a crucial part of digitally signing any data. Instead of encrypting the data itself, the signing software (such as Personal Security Manager) creates a one-way hash of the data, then uses your private key to encrypt the hash. The encrypted hash, along with other information, such as the name of the hashing algorithm, is known as a digital signature. </P></A>
<A NAME="1025431">
<a href="help.htm#1025436">Figure 2</a> shows a simplified view of the way a digital signature can be used to validate the integrity of signed data.</P></A>
<A NAME="1025436">
<P><B>Figure 2&nbsp&nbsp Using a digital signature to validate data integrity<p><img src="04digsgn.gif">
</B></P>
</A><A NAME="1025440">
<a href="help.htm#1025436">Figure 2</a> shows two items that are transferred to the recipient of some signed data: the original data and the digital signature. To create the digital signature, the sending software first creates a one-way hash of the original data, then encrypts the hash with the signer's private key.</P></A>
<A NAME="1032547">
To validate the integrity of the data, the receiving software first uses the signer's public key to decrypt the original one-way hash. The receiving software then uses the same hashing algorithm that generated the original hash to generate a new hash of the data that it has received. (Information about the hashing algorithm used is sent with the digital signature, although this isn't shown in the figure.) Finally, the receiving software compares the new hash against the original hash. If the two hashes match, the data has not changed since it was signed. If they don't match, the data may have been tampered with since it was signed, or the signature may have been created with a private key that doesn't correspond to the public key presented by the signer.</P></A>
<A NAME="1025441">
If the two hashes match, the recipient can be certain that the public key used to decrypt the digital signature corresponds to the private key used to create the digital signature. Confirming the identity of the signer, however, also requires some way of confirming that the public key really belongs to a particular person or other entity. Digital IDs called certificates, which are described in the next section, address this issue.</P></A>
<A NAME="1025442">
The significance of a digital signature is comparable to the significance of a handwritten signature. Once you have digitally signed some data, it is difficult to deny doing so later&#151;assuming that the private key has not been compromised or out of the owner's control. This quality of digital signatures provides a high degree of nonrepudiation&#151;that is, digital signatures make it difficult for the signer to deny having signed the data. In some situations, a digital signature may be as legally binding as a handwritten signature.</P></A>
<A NAME="Certificates"></A><A NAME="1025444">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Certificates</FONT></b></p><A NAME="1025445">
A certificate is an electronic document used to identify an individual, a server, a company, or some other entity and to associate that identity with a public key. Like a driver's license, a credit card, a passport, or other commonly used personal IDs, a certificate provides generally recognized proof of a person's identity. Public-key cryptography uses certificates to address the problem of misrepresentation (see <a href="help.htm#1025373">Internet Security Issues</a>).</P></A>
<A NAME="1025449">
To get a driver's license, you typically apply to a government agency, such as the Department of Motor Vehicles, which verifies your identity, your ability to drive, your address, and other information before issuing the license. To get a credit card, you apply to a company that performs a credit check before issuing the ID. To get a library card, you may need to provide only your name and a utility bill with your address on it.</P></A>
<A NAME="1025450">
Certificates work much the same way as any of these familiar forms of identification. Certificate authorities (CAs) validate identities and issue certificates. They can be either independent third parties or organizations running their own certificate-issuing server software (such as Personal Security Manager). The methods used to validate an identity vary depending on the policies of a given CA&#151;just as the methods to validate other forms of identification vary depending on who is issuing the ID and the purpose for which it will be used. In general, before issuing a certificate, the CA must use published verification procedures to ensure that people or other entities requesting certificates are in fact who they claim to be. </P></A>
<A NAME="1025454">
The certificate issued by a CA binds a particular public key to the name of the person or other entity the certificate identifies (such as the name of an employee). Certificates help prevent the use of fake public keys for impersonation. Only the public key certified by the certificate will work with the corresponding private key possessed by the person or other entity identified by the certificate. </P></A>
<A NAME="1025455">
In addition to a public key, a certificate always includes the name of the person or other entity it identifies, an expiration date, the name of the CA that issued the certificate, a serial number, and other information. Most importantly, a certificate always includes the digital signature of the issuing CA. The CA's digital signature allows the certificate to function as a "letter of introduction" for users who know and trust the CA but don't know the person or other entity identified by the certificate.</P></A>
<A NAME="1045279">&nbsp</A><A NAME="Information Tab">
</A>
<H1><FONT Face="arial, helvetica, sans-serif" size="+2">
Information Tab
</FONT></H1><A NAME="1045312">
If you click the Security button or lock icon while you are viewing a web page, an email message you have received, or an email message that you are composing, Personal Security Manager displays security information relevant to that window. </P></A>
<A NAME="1045592">
The sections that follow describe the information panels displayed under different circumstances. To see the help text in this document that corresponds to the Personal Security Manager information panel that is currently displayed, click the Help button at the bottom of the panel.</P></A>
<ul><A NAME="1045244"><LI><a href="help.htm#1041627">Information About Web Pages</a></LI></A><BR><A NAME="1045248"><LI><a href="help.htm#1046060">Information About Stored Email Messages</a></LI></A><BR><A NAME="1045252"><LI><a href="help.htm#1046671">Information About Email Messages You Are Composing</a></LI></A><BR></ul><A NAME="Information About Web Pages"></A><A NAME="1041627">&nbsp</A>
<h2><FONT Face="arial, helvetica, sans-serif" size="+1">
Information About Web Pages</FONT></h2>
<A NAME="1028411">
When you click the Security button in your browser, Personal Security Manager displays information about authentication and encryption for the web page you are viewing. The following sections provide supplementary information for each combination you may encounter:</P></A>
<ul><A NAME="1028450"><LI><a href="help.htm#1026171">Web Site Identity Not Verified&#151;Connection Not Encrypted</a></LI></A><BR><A NAME="1028458"><LI><a href="help.htm#1028485">Web Site Identity Verified&#151;Connection Encrypted</a></LI></A><BR><A NAME="1028459"><LI><a href="help.htm#1029056">Web Site Identity Conditionally Verified&#151;Connection Encrypted</a></LI></A><BR><A NAME="1028621"><LI><a href="help.htm#1032105">Web Site Identity Verified&#151;Connection Not Encrypted</a></LI></A><BR><A NAME="1045795"><LI><a href="help.htm#1036572">Web Site Conditionally Verified&#151;Connection Not Encrypted</a></LI></A><BR></ul><A NAME="Web Site Identity Not Verified&#151;Connection Not Encrypted"></A><A NAME="1026171">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Web Site Identity Not Verified&#151;Connection Not Encrypted</FONT></b></p><A NAME="1028463">
If you click the Security button when you are viewing a web page that does not support authentication or encryption, Personal Security Manager displays panels with these boldface headings:</P></A>
<ul><P><A NAME="1028876"><LI><B>Web Site Identity Not Verified.</B> The web site you are viewing does not support certificate-based authentication. Therefore, Personal Security Manager cannot verify its identity. It is possible, though unlikely, that the web site is not what it claims to be.</LI></A><P><A NAME="1032719"><LI><B>Connection Not Encrypted.</B> It is possible, though unlikely, that other people can view information sent from your computer to the web site or information sent by the web site to your computer. This should be of concern only if you are sending or viewing confidential information, such as your credit card number.</LI></A></ul><A NAME="1045814">
For short definitions, click <a href="glossary.htm#998782">authentication</a>, <a href="glossary.htm#999078">encryption</a>, or <a href="glossary.htm#1018895">certificate</a>. For an overview of Personal Security Manager and network security concepts, see <a href="help.htm#1057187">Introduction to Personal Security Manager</a>.</P></A>
<A NAME="Web Site Identity Verified&#151;Connection Encrypted"></A><A NAME="1028485">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Web Site Identity Verified&#151;Connection Encrypted</FONT></b></p><A NAME="1045075">
If you click the Security button when you are viewing a web page that has been successfully authenticated and encrypted, Personal Security Manager displays panels with these boldface headings:</P></A>
<ul><P><A NAME="1045005"><LI><B>Web Site Identity Verified.</B> The certificate that Personal Security Manager has used to verify this web site's identity was issued by a certificate authority (CA) designated in your <a href="glossary.htm#1023462">certificate store</a> as one that is trusted for the purpose of identifying web sites. You can be reasonably confident that the web site is what it claims to be.</LI></A><P><A NAME="1045009"><LI><B>Connection Encrypted.</B> In general, the strength of an encrypted connection depends on the length of the keys use for encryption, measured in bits. The longer the key, the stronger the encryption&#151;that is, the harder it is to for an unauthorized person to unscramble the encrypted information.</LI></A></ul><ul><P><A NAME="1045056">
Personal Security Manager describes encryption strength in one of three
ways:
</A></P>
<ul>
<P><A NAME="1037840"><LI><B>High-grade encryption.</B> Strongest encryption available, using 128-bit keys at a minimum.</LI></A><P><A NAME="1037745"><LI><B>Medium-grade encryption.</B> Somewhat stronger than low-grade encryption, using 56- or 64-bit keys.</LI></A><P><A NAME="1045040"><LI><B>Low-grade encryption.</B> Weakest encryption available, using 40-bit keys.</LI></A></ul>
</ul><A NAME="1029062">
For short definitions, click <a href="glossary.htm#998782">authentication</a>, <a href="glossary.htm#999078">encryption</a>, or <a href="glossary.htm#1018895">certificate</a>. For an overview of Personal Security Manager and network security concepts, see <a href="help.htm#1057187">Introduction to Personal Security Manager</a>.</P></A>
<A NAME="Web Site Identity Conditionally Verified&#151;Connection Encrypted"></A><A NAME="1029056">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Web Site Identity Conditionally Verified&#151;Connection Encrypted</FONT></b></p><A NAME="1028567">
If you click the Security button when you are viewing a web page that has been conditionally authenticated and successfully encrypted, Personal Security Manager displays panels with these boldface headings:</P></A>
<ul><P><A NAME="1032948"><LI><B>Web Site Identity Conditionally Verified. </B>The web site you are viewing has presented a certificate that is invalid, but that you have decided to accept anyway. </LI></A></ul><ul><P><A NAME="1033132">
Personal Security Manager has listed one or both of the following reasons
why the web site's certificate is invalid:
</A></P>
<ul>
<P><A NAME="1032952"><LI>The identity of this web site has been verified by a certificate authority that you have not designated as trusted for this purpose. If you wish to trust this certificate authority to identify web sites in the future, click the Edit button and select "This certificate can certify web sites that support encryption."</LI></A><P><A NAME="1032953"><LI>The certificate used to identify the web site belongs to a web site with a URL that's different from the URL specified in the certificate. If Personal Security Manager informs you of this discrepancy, you should be cautious about using the web site, since it appears to be misrepresenting itself. </LI></A></ul>
</ul><ul><P><A NAME="1033011"><LI><B>Connection Encrypted. </B>In general, the strength of an encrypted connection depends on the length of the keys use for encryption, measured in bits. The longer the key, the stronger the encryption&#151;that is, the harder it is to for an unauthorized person to unscramble the encrypted information.</LI></A></ul><ul><P><A NAME="1045910">
Personal Security Manager describes encryption strength in one of three
ways:
</A></P>
<ul>
<P><A NAME="1037736"><LI><B>High-grade encryption.</B> Strongest encryption available, using 128-bit keys at a minimum.</LI></A><P><A NAME="1037737"><LI><B>Medium-grade encryption.</B> Somewhat stronger than low-grade encryption, using 56- or 64-bit keys</LI></A><P><A NAME="1037738"><LI><B>Low-grade encryption.</B> Weakest encryption available, using 40-bit keys.</LI></A></ul>
</ul><A NAME="1045926">
For short definitions, click <a href="glossary.htm#998782">authentication</a>, <a href="glossary.htm#999078">encryption</a>, or <a href="glossary.htm#1018895">certificate</a>. For an overview of Personal Security Manager and network security concepts, see <a href="help.htm#1057187">Introduction to Personal Security Manager</a>.</P></A>
<A NAME="Web Site Identity Verified&#151;Connection Not Encrypted"></A><A NAME="1032105">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Web Site Identity Verified&#151;Connection Not Encrypted</FONT></b></p><A NAME="1033156">
If you click the Security button when you are viewing a web page that has been successfully authenticated but has not been encrypted, Personal Security Manager displays panels with these boldface headings:</P></A>
<ul><P><A NAME="1033160"><LI><B>Web Site Identity Verified.</B> The certificate that Personal Security Manager has used to verify this web site's identity was issued by a certificate authority (CA) designated in your <a href="glossary.htm#1023462">certificate store</a> as one that is trusted for the purpose of identifying web sites. You can be reasonably confident that the web site is what it claims to be.</LI></A><P><A NAME="1033175"><LI><B>Connection Not Encrypted.</B> It is possible, though unlikely, that other people can view information sent from your computer to the web site or information sent by the web site to your computer. This should be of concern only if you are sending or viewing confidential information, such as your credit card number.</LI></A></ul><A NAME="1045997">
For short definitions, click <a href="glossary.htm#998782">authentication</a>, <a href="glossary.htm#999078">encryption</a>, or <a href="glossary.htm#1018895">certificate</a>. For an overview of Personal Security Manager and network security concepts, see <a href="help.htm#1057187">Introduction to Personal Security Manager</a>.</P></A>
<A NAME="Web Site Conditionally Verified&#151;Connection Not Encrypted"></A><A NAME="1036572">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Web Site Conditionally Verified&#151;Connection Not Encrypted</FONT></b></p><A NAME="1037406">
If you click the Security button when you are viewing a web page that has been conditionally authenticated but not encrypted, Personal Security Manager displays panels with these boldface headings:</P></A>
<ul><P><A NAME="1037410"><LI><B>Web Site Identity Conditionally Verified. </B>The web site you are viewing has presented a certificate that is invalid, but that you have decided to accept anyway. To view the certificate, click the View button. </LI></A></ul><ul><P><A NAME="1037414">
Personal Security Manager has listed one or both of the following reasons
why the web site's certificate is invalid:
</A></P>
<ul>
<P><A NAME="1037415"><LI>The identity of this web site has been verified by a certificate authority that you have not designated as trusted for this purpose. If you wish to trust this certificate authority to identify web sites in the future, click the Edit button and select the check box labeled "This certificate can certify web sites that support encryption."</LI></A><P><A NAME="1037480"><LI>The certificate used to identify the web site belongs to a web site with a URL that's different from the URL specified in the certificate. If Personal Security Manager informs you of this discrepancy, you should be cautious about using the web site, since it appears to be misrepresenting itself. </LI></A></ul>
</ul><ul><P><A NAME="1037506"><LI><B>Connection Not Encrypted.</B> It is possible, though unlikely, that other people can view information sent from your computer to the web site or information sent by the web site to your computer. This should be of concern only if you are sending or viewing confidential information, such as your credit card number.</LI></A></ul><A NAME="1046055">
For short definitions, click <a href="glossary.htm#998782">authentication</a>, <a href="glossary.htm#999078">encryption</a>, or <a href="glossary.htm#1018895">certificate</a>. For an overview of Personal Security Manager and network security concepts, see <a href="help.htm#1057187">Introduction to Personal Security Manager</a>.</P></A>
<A NAME="Information About Stored Email Messages"></A><A NAME="1046060">&nbsp</A>
<h2><FONT Face="arial, helvetica, sans-serif" size="+1">
Information About Stored Email Messages</FONT></h2>
<A NAME="1046063">
When you click the lock icon while viewing an email message (either one that you have received or one that was stored when you sent it), Personal Security Manager displays information about authentication and encryption for the message you are viewing. The following sections describe the information provided for each case you may encounter:</P></A>
<ul><A NAME="1029144"><LI><a href="help.htm#1029195">Message Has No Digital Signature&#151;Message Not Encrypted</a></LI></A><BR><A NAME="1030535"><LI><a href="help.htm#1029556">Message Is Signed&#151;Message Is Encrypted</a></LI></A><BR><A NAME="1032042"><LI><a href="help.htm#1031844">Message Is Signed&#151;Message Not Encrypted</a></LI></A><BR><A NAME="1032051"><LI><a href="help.htm#1032052">Digital Signature Is Not Valid&#151;Message Is Encrypted</a></LI></A><BR><A NAME="1029148"><LI><a href="help.htm#1029380">Message Has No Digital Signature&#151;Message Cannot Be Decrypted</a></LI></A><BR><A NAME="1057462"><LI><a href="help.htm#1031860">Digital Signature Is Not Valid&#151;Message Not Encrypted</a></LI></A><BR></ul><A NAME="1057463">
<B>Note:</B> The information panels described here are displayed only if you are running Communicator 4.7 or a later version. Netscape Mail (the email program that comes with Netscape 6) does not currently support digital signatures or encryption.</P></A>
<A NAME="Message Has No Digital Signature&#151;Message Not Encrypted"></A><A NAME="1029195">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Message Has No Digital Signature&#151;Message Not Encrypted</FONT></b></p><A NAME="1029440">
If you click the lock icon when you are viewing a message that is neither digitally signed nor encrypted, Personal Security Manager displays panels with these boldface headings:</P></A>
<ul><P><A NAME="1033224"><LI><B>Message Has No Digital Signature. </B>Personal Security Manager cannot verify the identity of the sender or the integrity of the message unless the message has been digitally signed. For most email messages, the absence of a digital signature does not indicate a problem. However, if the message comes from someone whose messages are normally signed, or if it contains important information, you should consider verifying its contents by other means, such as checking with the sender.</LI></A><P><A NAME="1033245"><LI><B>Message Not Encrypted. </B>It is possible, though unlikely, that other people could have read the message while it was in transit. This should be of concern only if the message contains confidential or critical information.</LI></A></ul><A NAME="1046091">
For short definitions, click <a href="glossary.htm#1013995">digital signature</a> or <a href="glossary.htm#999078">encryption</a>. For an overview of Personal Security Manager and network security concepts, see <a href="help.htm#1057187">Introduction to Personal Security Manager</a>.</P></A>
<A NAME="Message Is Signed&#151;Message Is Encrypted"></A><A NAME="1029556">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Message Is Signed&#151;Message Is Encrypted</FONT></b></p><A NAME="1029855">
If you click the lock icon when you are viewing a message that has a valid signature and is also encrypted, Personal Security Manager displays panels with these boldface headings:</P></A>
<ul><P><A NAME="1033291"><LI><B>Message Is Signed. </B>Personal Security Manager has confirmed that the sender's private key was used to create the digital signature for the message you are viewing. Personal Security Manager has also added the certificate to your certificate store (if it wasn't there already).</LI></A><P><A NAME="1033279"><LI><B>Message Is Encrypted. </B>The message you are viewing was encrypted when it was sent and remains encrypted when it is stored in your computer. It is decrypted only when you open the message to read it. To decrypt the message, Personal Security Manager must have access to your private key corresponding to the public key in the certificate the sender used to encrypt the message.</LI></A></ul><ul><P><A NAME="1053154">
In general, encryption strength depends on the length of the key use for
encryption, measured in bits. The longer the key, the stronger the
encryption&#151;that is, the harder it is to for an unauthorized person to
unscramble the encrypted information.
</A></P>
<P><A NAME="1046260">
Personal Security Manager describes encryption strength in one of three
ways:
</A></P>
<ul>
<P><A NAME="1037705"><LI><B>High-grade encryption.</B> Strongest encryption available, using 128-bit keys at a minimum.</LI></A><P><A NAME="1037706"><LI><B>Medium-grade encryption.</B> Somewhat stronger than low-grade encryption, using 56- or 64-bit keys</LI></A><P><A NAME="1037707"><LI><B>Low-grade encryption.</B> Weakest encryption available, using 40-bit keys.</LI></A></ul>
</ul><A NAME="1046331">
If you have your own <a href="glossary.htm#1018895">certificate</a>, you can digitally sign all the mail you send, to let people know that it really came from you and hasn't been altered. Your certificate also allows people who receive your signed messages to send you encrypted mail.</P></A>
<A NAME="1046210">
For short definitions, click <a href="glossary.htm#1023462">certificate store</a>, <a href="glossary.htm#1013995">digital signature</a>, or <a href="glossary.htm#999078">encryption</a>. For an overview of Personal Security Manager and network security concepts, see <a href="help.htm#1057187">Introduction to Personal Security Manager</a>.</P></A>
<A NAME="Message Is Signed&#151;Message Not Encrypted"></A><A NAME="1031844">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Message Is Signed&#151;Message Not Encrypted</FONT></b></p><A NAME="1033739">
If you click the lock icon when you are viewing a message that has a valid digital signature but has not been encrypted, Personal Security Manager displays panels with these boldface headings:</P></A>
<ul><P><A NAME="1046318"><LI><B>Message Is Signed. </B>Personal Security Manager has confirmed that the sender's private key was used to create the digital signature for the message you are viewing. Personal Security Manager has also added the certificate to your certificate store (if it wasn't there already).</LI></A><P><A NAME="1033772"><LI><B>Message Not Encrypted. </B>It is possible, though unlikely, that other people could have read the message while it was in transit. This should be of concern only if the message contains confidential or critical information.</LI></A></ul><A NAME="1046391">
If you have your own <a href="glossary.htm#1018895">certificate</a>, you can digitally sign all the mail you send, to let people know that it really came from you and hasn't been altered. Your certificate also allows people who receive your signed messages to send you encrypted mail.</P></A>
<A NAME="1046404">
For short definitions, click <a href="glossary.htm#1023462">certificate store</a>, <a href="glossary.htm#1013995">digital signature</a>, or <a href="glossary.htm#999078">encryption</a>. For an overview of Personal Security Manager and network security concepts, see <a href="help.htm#1057187">Introduction to Personal Security Manager</a>.</P></A>
<A NAME="Digital Signature Is Not Valid&#151;Message Is Encrypted"></A><A NAME="1032052">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Digital Signature Is Not Valid&#151;Message Is Encrypted</FONT></b></p><A NAME="1033885">
If you click the lock icon when you are viewing a message that has an invalid digital signature but has been successfully encrypted, Personal Security Manager displays panels with these boldface headings:</P></A>
<ul><P><A NAME="1034208"><LI><B>Digital Signature Is Not Valid. </B>If Personal Security Manager reports that the signature is invalid because the certificate authority that issued the sender's certificate is unknown, you can choose to trust just the sender's certificate by clicking the Edit button labeled "Edit trust settings for this certificate." This may be appropriate if you have other means of verifying the authenticity of the message and want to trust the sender's certificate in the future.</LI></A></ul><ul><P><A NAME="1057030">
If verification failed while OCSP was enabled, you should check the OCSP
settings. To do so, click the Advanced tab, then click Options, then click the
OCSP Settings button and confirm that OCSP is configured correctly. If you
are not familiar with OCSP, you may need to check with your system
administrator to confirm these settings. If your settings are correct, either
there is some problem with the OCSP service or the certificate used to create
the signature is no longer valid.
</A></P>
<P><A NAME="1034216">
If Personal Security Manager reports that the signature is invalid because
the certificate authority (CA) that issued the sender's certificate is one that
you have not designated as trusted, you can take one of two actions:
</A></P>
<ul>
<P><A NAME="1034217"><LI>If you want to trust the sender's certificate in the future, but not all certificates issued by this CA, click the Edit button labeled "Edit trust settings for this certificate." This may be appropriate if you have other means of verifying the authenticity of the message and want to trust the sender's certificate in the future.</LI></A><P><A NAME="1034218"><LI>If you want to trust all certificates issued by the CA for signing and encrypting email, click the Edit button labeled "Edit trust settings for this certificate authority." You should do this only if you approve of the CA's issuance policies.</LI></A></ul>
</ul><ul><P><A NAME="1034244"><LI><B>Message Is Encrypted. </B>The message you are viewing was encrypted when it was sent and remains encrypted when it is stored in your computer. It is decrypted only when you open the message to read it. To decrypt the message, Personal Security Manager must have access to your private key corresponding to the public key in the certificate the sender used to encrypt the message.</LI></A></ul><ul><P><A NAME="1046467">
In general, encryption strength depends on the length of the key use for
encryption, measured in bits. The longer the key, the stronger the
encryption&#151;that is, the harder it is to for an unauthorized person to
unscramble the encrypted information.
</A></P>
<P><A NAME="1034248">
Personal Security Manager describes encryption strength in one of three
ways:
</A></P>
<ul>
<P><A NAME="1037773"><LI><B>High-grade encryption.</B> Strongest encryption available, using 128-bit keys at a minimum.</LI></A><P><A NAME="1037774"><LI><B>Medium-grade encryption.</B> Somewhat stronger than low-grade encryption, using 56- or 64-bit keys</LI></A><P><A NAME="1037775"><LI><B>Low-grade encryption.</B> Weakest encryption available, using 40-bit keys.</LI></A></ul>
</ul><A NAME="1046474">
If you have your own <a href="glossary.htm#1018895">certificate</a>, you can digitally sign all the mail you send, to let people know that it really came from you and hasn't been altered. Your certificate also allows people who receive your signed messages to send you encrypted mail.</P></A>
<A NAME="1046484">
For short definitions, click <a href="glossary.htm#1023462">certificate store</a>, <a href="glossary.htm#1013995">digital signature</a>, or <a href="glossary.htm#999078">encryption</a>. For an overview of Personal Security Manager and network security concepts, see <a href="help.htm#1057187">Introduction to Personal Security Manager</a>.</P></A>
<A NAME="Message Has No Digital Signature&#151;Message Cannot Be Decrypted"></A><A NAME="1029380">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Message Has No Digital Signature&#151;Message Cannot Be Decrypted</FONT></b></p><A NAME="1036656">
If you click the Security button when you are viewing a message that cannot be decrypted, Personal Security Manager displays a panel with these boldface headings: </P></A>
<ul><P><A NAME="1053057"><LI><B>Message Has No Digital Signature. </B>Personal Security Manager cannot verify the identity of the sender or the integrity of the message unless the message has been digitally signed. For a message that cannot be decrypted, Personal Security Manager cannot detect a digital signature, but the message may in fact have one. Personal Security Manager can't detect and verify a digital signature unless it can decrypt the message.</LI></A><P><A NAME="1036674"><LI><B>Message Cannot Be Decrypted. </B>If possible, Personal Security Manager lists the reason or reasons that it can't decrypt the message. Here are some steps you can take:</LI></A><ul>
<P><A NAME="1036681"><LI>If the message's contents have been altered during transit, you should ask the sender to resend it. The changes may have been caused by network problems.</LI></A><P><A NAME="1054887"><LI>If a copy of your own certificate (used by the sender to encrypt the message) cannot be found in your certificate store, the private key required to decrypt the message cannot be retrieved. The only solution is to restore a backup copy of your certificate and its corresponding private key (click the Certificates tab, then Restore; see <a href="help.htm#1031427">Work with Certificates that Identify You</a> for details). If you don't have access to a backup copy of your certificate, you will not be able to decrypt the message. </LI></A><P><A NAME="1036683"><LI>If the message was encrypted using an encryption strength that this version of Personal Security Manager does not support, you must either obtain a version of Personal Security Manager that does support strong encryption or ask the sender to resend the message. If you ask the sender to resend the message, you must also request that the message be sent either without encryption or with export-level encryption.</LI></A></ul>
</ul><A NAME="1046545">
Browser software that supports encryption and is manufactured in the United States is subject to export regulations established by the US government. Under these regulations, software that supports the strongest forms of encryption can be sold and used only within the United States and Canada. </P></A>
<A NAME="1046574">
If you have your own <a href="glossary.htm#1018895">certificate</a>, you can digitally sign all the mail you send, to let people know that it really came from you and hasn't been altered. Your certificate also allows people who receive your signed messages to send you encrypted mail.</P></A>
<A NAME="1046584">
For short definitions, click <a href="glossary.htm#1023462">certificate store</a>, <a href="glossary.htm#1013995">digital signature</a>, or <a href="glossary.htm#999078">encryption</a>. For an overview of Personal Security Manager and network security concepts, see <a href="help.htm#1057187">Introduction to Personal Security Manager</a>.</P></A>
<A NAME="Digital Signature Is Not Valid&#151;Message Not Encrypted"></A><A NAME="1031860">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Digital Signature Is Not Valid&#151;Message Not Encrypted</FONT></b></p><A NAME="1034461">
If you click the Security button when you are viewing a message that has an invalid digital signature and has not been encrypted, Personal Security Manager displays panels with these boldface headings:</P></A>
<ul><P><A NAME="1034402"><LI><B>Digital Signature Is Not Valid. </B>Personal Security Manager has determined that the message's digital signature is not valid. </LI></A></ul><ul><P><A NAME="1056854">
If Personal Security Manager reports that the signature is invalid because
the certificate authority that issued the sender's certificate is unknown, you
can choose to trust just the sender's certificate by clicking the Edit button.
This may be appropriate if you have other means of verifying the
authenticity of the message and want to trust the sender's certificate in the
future.
</A></P>
<P><A NAME="1056944">
If verification failed while OCSP was enabled, you should check the OCSP
settings. To do so, click the Advanced tab, then click Options, then click the
OCSP Settings button and confirm that OCSP is configured correctly. If you
are not familiar with OCSP, you may need to check with your system
administrator to confirm these settings. If your settings are correct, either
there is some problem with the OCSP service or the certificate used to create
the signature is no longer valid.
</A></P>
<P><A NAME="1034410">
If Personal Security Manager reports that the signature is invalid because
the certificate authority (CA) that issued the sender's certificate is one that
you have not designated as trusted, you can take one of two actions:
</A></P>
<ul>
<P><A NAME="1046611"><LI>If you want to trust the sender's certificate in the future, but not all certificates issued by this CA, click the Edit button labeled "Edit trust settings for this certificate." This may be appropriate if you have other means of verifying the authenticity of the message and want to trust the sender's certificate in the future.</LI></A><P><A NAME="1034412"><LI>If you decide that you trust all certificates issued by the CA for signing and encrypting email, you indicate your choice by clicking the Edit button labeled "Edit trust settings for this certificate authority". You should do this only if you approve of the CA's issuance policies.</LI></A></ul>
</ul><ul><P><A NAME="1046661"><LI><B>Message Not Encrypted. </B>It is possible, though unlikely, that other people could have read the message while it was in transit. This should be of concern only if the message contains confidential or critical information.</LI></A></ul><A NAME="1046687">
If you have your own <a href="glossary.htm#1018895">certificate</a>, you can digitally sign all the mail you send, to let people know that it really came from you and hasn't been altered. Your certificate also allows people who receive your signed messages to send you encrypted mail.</P></A>
<A NAME="1046697">
For short definitions, click <a href="glossary.htm#1023462">certificate store</a>, <a href="glossary.htm#1013995">digital signature</a>, or <a href="glossary.htm#999078">encryption</a>. For an overview of Personal Security Manager and network security concepts, see <a href="help.htm#1057187">Introduction to Personal Security Manager</a>.</P></A>
<A NAME="Information About Email Messages You Are Composing"></A><A NAME="1046671">&nbsp</A>
<h2><FONT Face="arial, helvetica, sans-serif" size="+1">
Information About Email Messages You Are Composing</FONT></h2>
<A NAME="1032123">
When you click the Security button or the lock icon in an email message composition window, Personal Security Manager displays information about whether the message is marked to be signed or encrypted and if so whether it can be signed or encrypted. The following sections describe the information provided for each case you may encounter: </P></A>
<ul><A NAME="1030094"><LI><a href="help.htm#1057481">Message Can Be Signed&#151;Message Can Be Encrypted</a></LI></A><BR><A NAME="1030098"><LI><a href="help.htm#1030082">Message Can Be Signed&#151;Message Cannot Be Encrypted</a></LI></A><BR><A NAME="1030102"><LI><a href="help.htm#1030236">Message Cannot Be Signed&#151;Message Cannot Be Encrypted</a></LI></A><BR><A NAME="1034790"><LI><a href="help.htm#1034785">Message Cannot Be Signed&#151;Message Can Be Encrypted</a></LI></A><BR><A NAME="1050367"><LI><a href="help.htm#1050137">Message Not To Be Signed&#151;Message Not to Be Encrypted</a></LI></A><BR><A NAME="1050376"><LI><a href="help.htm#1050148">Message Not To Be Signed&#151;Message Can Be Encrypted</a></LI></A><BR><A NAME="1050385"><LI><a href="help.htm#1050175">Message Not To Be Signed&#151;Message Cannot Be Encrypted</a></LI></A><BR><A NAME="1050397"><LI><a href="help.htm#1050216">Message Can Be Signed&#151;Message Not to Be Encrypted</a></LI></A><BR><A NAME="1050415"><LI><a href="help.htm#1050244">Message Cannot Be Signed&#151;Message Not to Be Encrypted</a></LI></A><BR></ul><A NAME="1057486">
<B>Note:</B> The information panels described here are displayed only if you are running Communicator 4.7 or a later version. Netscape Mail (the email program that comes with Netscape 6) does not currently support digital signatures or encryption.</P></A>
<A NAME="Message Can Be Signed&#151;Message Can Be Encrypted"></A><A NAME="1057481">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Message Can Be Signed&#151;Message Can Be Encrypted</FONT></b></p><A NAME="1034496">
If you click the Security button or the lock icon when you are composing a message that can be signed and encrypted, Personal Security Manager displays panels with these boldface headings:</P></A>
<ul><P><A NAME="1034500"><LI><B>Message Can Be Signed. </B>You can use your own certificate to digitally sign the message that you are composing. If your certificate store includes more than one certificate that can be used for signing purposes, the pop-up menu allows you to select which one to use. </LI></A><P><A NAME="1034544"><LI><B>Message Can Be Encrypted. </B>You have certificates for all the recipients of the message you that are viewing. Personal Security Manager can use those certificates to encrypt each recipient's copy of the message before you send it.</LI></A></ul><ul><P><A NAME="1046772">
In general, encryption strength depends on the length of the key use for
encryption, measured in bits. The longer the key, the stronger the
encryption&#151;that is, the harder it is to for an unauthorized person to
unscramble the encrypted information.
</A></P>
<P><A NAME="1046776">
Personal Security Manager describes encryption strength in one of three
ways:
</A></P>
<ul>
<P><A NAME="1046777"><LI><B>High-grade encryption.</B> Strongest encryption available, using 128-bit keys at a minimum.</LI></A><P><A NAME="1046778"><LI><B>Medium-grade encryption.</B> Somewhat stronger than low-grade encryption, using 56- or 64-bit keys</LI></A><P><A NAME="1046779"><LI><B>Low-grade encryption.</B> Weakest encryption available, using 40-bit keys.</LI></A></ul>
</ul><A NAME="1046792">
For short definitions, click <a href="glossary.htm#1018895">certificate</a>, <a href="glossary.htm#1013995">digital signature</a>, or <a href="glossary.htm#999078">encryption</a>. For an overview of Personal Security Manager and network security concepts, see <a href="help.htm#1057187">Introduction to Personal Security Manager</a>.</P></A>
<A NAME="Message Can Be Signed&#151;Message Cannot Be Encrypted"></A><A NAME="1030082">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Message Can Be Signed&#151;Message Cannot Be Encrypted</FONT></b></p><A NAME="1030512">
If you click the Security button or the lock icon when you are composing a message that can be signed but not encrypted, Personal Security Manager displays panels with these boldface headings:</P></A>
<ul><P><A NAME="1046848"><LI><B>Message Can Be Signed. </B>You can use your own certificate to digitally sign the message that you are composing. If your certificate store includes more than one certificate that can be used for signing purposes, the pop-up menu allows you to select which one to use. </LI></A><P><A NAME="1034584"><LI><B>Message Cannot Be Encrypted.</B> This panel displays the reason you can't encrypt the message. (Note: you may have to scroll down to view this panel.) </LI></A></ul><ul><P><A NAME="1034595">
If you can't encrypt the message because you don't have certificates for all
the recipients, Personal Security Manager displays an Add button that you
can use to try to find and add the missing certificates. For instructions on
adding certificates to your certificate store, click Add, then click Help.
</A></P>
</ul><A NAME="1046883">
For short definitions, click <a href="glossary.htm#1018895">certificate</a>, <a href="glossary.htm#1013995">digital signature</a>, or <a href="glossary.htm#999078">encryption</a>. For an overview of Personal Security Manager and network security concepts, see <a href="help.htm#1057187">Introduction to Personal Security Manager</a>.</P></A>
<A NAME="Message Cannot Be Signed&#151;Message Cannot Be Encrypted"></A><A NAME="1030236">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Message Cannot Be Signed&#151;Message Cannot Be Encrypted</FONT></b></p><A NAME="1030289">
If you click the Security button or the lock icon when you are composing a message that cannot be signed or encrypted, Personal Security Manager displays panels with these boldface headings:</P></A>
<ul><P><A NAME="1034635"><LI><B>Message Cannot Be Signed. </B>This panel displays the reason you can't sign your message. You don't need to sign an email message unless you want the person receiving it to have verifiable assurance that the message really comes from you. To sign a message, you need a certificate.</LI></A><ul>
<P><A NAME="1034860"><LI>If you don't have a certificate, Personal Security Manager displays an Obtain New button that you can click to find out more about getting one.</LI></A><P><A NAME="1034885"><LI>If your certificate is not certified for signing messages, you need to obtain a new one that is certified for this purpose.</LI></A><P><A NAME="1034639"><LI>If your certificate has expired, you need to renew it or get a new one. To renew a certificate, request assistance from the certificate authority that originally issued it to you.</LI></A><P><A NAME="1034641"><LI>If your certificate has been revoked, you need to get a new one before you can sign messages. To find out the reason for revocation, request assistance from the certificate authority that originally issued the certificate. Any certificate authority whose criteria you can meet can issue you a new certificate.</LI></A></ul>
<P><A NAME="1046930"><LI><B>Message Cannot Be Encrypted.</B> This panel displays the reason you can't encrypt the message. (Note: you may have to scroll down to view this panel.) </LI></A></ul><ul><P><A NAME="1034677">
If you can't encrypt the message because you don't have certificates for all
the recipients, Personal Security Manager displays an Add button that you
may use to try to find and add the missing certificates. For instructions on
adding certificates to your certificate store, click Add, then click Help.
</A></P>
</ul><A NAME="1046943">
For short definitions, click <a href="glossary.htm#1018895">certificate</a>, <a href="glossary.htm#1013995">digital signature</a>, or <a href="glossary.htm#999078">encryption</a>. For an overview of Personal Security Manager and network security concepts, see <a href="help.htm#1057187">Introduction to Personal Security Manager</a>.</P></A>
<A NAME="Message Cannot Be Signed&#151;Message Can Be Encrypted"></A><A NAME="1034785">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Message Cannot Be Signed&#151;Message Can Be Encrypted</FONT></b></p><A NAME="1034995">
If you click the Security button or the lock icon when you are composing a message that can be encrypted but not signed, Personal Security Manager displays panels with these boldface headings:</P></A>
<ul><P><A NAME="1035017"><LI><B>Message Cannot Be Signed. </B>This panel displays the reason you can't sign your message. You don't need to sign an email message unless you want the person receiving it to have verifiable assurance that the message really comes from you. To sign a message, you need a certificate.</LI></A><ul>
<P><A NAME="1035021"><LI>If you don't have a certificate, Personal Security Manager displays an Obtain New button that you can click to find out more about getting one.</LI></A><P><A NAME="1035022"><LI>If your certificate is not certified for signing messages, you need to obtain a new one that is certified for this purpose.</LI></A><P><A NAME="1035023"><LI>If your certificate has expired, you need to renew it or get a new one. To renew a certificate, request assistance from the certificate authority that originally issued it to you.</LI></A><P><A NAME="1035024"><LI>If your certificate has been revoked, you need to get a new one before you can sign messages. To find out the reason for revocation, request assistance from the certificate authority that originally issued the certificate. Any certificate authority whose criteria you can meet can issue you a new certificate.</LI></A></ul>
<P><A NAME="1046991"><LI><B>Message Can Be Encrypted. </B>You have certificates for all the recipients of the message you that are viewing. Personal Security Manager can use those certificates to encrypt each recipient's copy of the message before you send it.</LI></A></ul><ul><P><A NAME="1046995">
In general, encryption strength depends on the length of the key use for
encryption, measured in bits. The longer the key, the stronger the
encryption&#151;that is, the harder it is to for an unauthorized person to
unscramble the encrypted information.
</A></P>
<P><A NAME="1046999">
Personal Security Manager describes encryption strength in one of three
ways:
</A></P>
<ul>
<P><A NAME="1047000"><LI><B>High-grade encryption.</B> Strongest encryption available, using 128-bit keys at a minimum.</LI></A><P><A NAME="1047001"><LI><B>Medium-grade encryption.</B> Somewhat stronger than low-grade encryption, using 56- or 64-bit keys</LI></A><P><A NAME="1047002"><LI><B>Low-grade encryption.</B> Weakest encryption available, using 40-bit keys.</LI></A></ul>
</ul><A NAME="1035049">
For short definitions, click <a href="glossary.htm#1018895">certificate</a>, <a href="glossary.htm#1013995">digital signature</a>, or <a href="glossary.htm#999078">encryption</a>. For an overview of Personal Security Manager and network security concepts, see <a href="help.htm#1057187">Introduction to Personal Security Manager</a>.</P></A>
<A NAME="Message Not To Be Signed&#151;Message Not to Be Encrypted"></A><A NAME="1050137">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Message Not To Be Signed&#151;Message Not to Be Encrypted</FONT></b></p><A NAME="1050719">
If you click the Security button or the lock icon when you are composing a message that is not going to be signed or encrypted, Personal Security Manager displays panels with these boldface headings:</P></A>
<ul><P><A NAME="1050147"><LI><B>Message Not To Be Signed.</B> If you want to sign your message, you must have a certificate for that purpose and you must indicate in the message composition window that you want to sign the message. </LI></A></ul><ul><P><A NAME="1050850">
To indicate that you want a single message to be signed, choose Options
from the View menu in a message composition window, then select Signed.
To indicate that you want to sign every message automatically, click the
Applications tab in the main Personal Security Manager window, then click
Messenger and follow the directions.
</A></P>
<P><A NAME="1050771">
If you don't have a certificate that identifies you for signing purposes, click
the Certificates Tab in the main Personal Security Manager window, then
click Obtain New for information about getting one.
</A></P>
</ul><ul><P><A NAME="1050795"><LI><B>Message Not To Be Encrypted.</B> If you want to encrypt your message, you must have a certificate for each recipient and you must indicate in the message composition window that you want to encrypt the message. </LI></A></ul><ul><P><A NAME="1050800">
To indicate that you want a message to be encrypted, choose Options from
the View menu in a message composition window, then select Encrypted.
To indicate that you want to encrypt every message automatically (if
possible), click the Applications tab in the main Personal Security Manager
window, then click Messenger and follow the directions.
</A></P>
<P><A NAME="1050861">
If you are missing certificates for any recipients, ask each of them to send
you a signed message (which always includes the signer's certificate).
Alternatively, click the Certificates Tab in the main Personal Security
Manager window, then Others, then Add.
</A></P>
</ul><A NAME="1051067">
For short definitions, click <a href="glossary.htm#1018895">certificate</a>, <a href="glossary.htm#1013995">digital signature</a>, or <a href="glossary.htm#999078">encryption</a>. For an overview of Personal Security Manager and network security concepts, see <a href="help.htm#1057187">Introduction to Personal Security Manager</a>.</P></A>
<A NAME="Message Not To Be Signed&#151;Message Can Be Encrypted"></A><A NAME="1050148">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Message Not To Be Signed&#151;Message Can Be Encrypted</FONT></b></p><A NAME="1051084">
If you click the Security button or the lock icon when you are composing a message that is not going to be signed and can be encrypted, Personal Security Manager displays panels with these boldface headings:</P></A>
<ul><P><A NAME="1051093"><LI><B>Message Not To Be Signed.</B> If you want to sign your message, you must have a certificate for that purpose and you must indicate in the message composition window that you want to sign the message. </LI></A></ul><ul><P><A NAME="1051094">
To indicate that you want a single message to be signed, choose Options
from the View menu in a message composition window, then select Signed.
To indicate that you want to sign every message automatically, click the
Applications tab in the main Personal Security Manager window, then click
Messenger and follow the directions.
</A></P>
<P><A NAME="1051098">
If you don't have a certificate that identifies you for signing purposes, click
the Certificates Tab in the main Personal Security Manager window, then
click Obtain New for information about getting one.
</A></P>
</ul><ul><P><A NAME="1051125"><LI><B>Message Can Be Encrypted. </B>You have certificates for all the recipients of the message you that are viewing. Personal Security Manager can use those certificates to encrypt each recipient's copy of the message before you send it.</LI></A></ul><ul><P><A NAME="1051129">
In general, encryption strength depends on the length of the key use for
encryption, measured in bits. The longer the key, the stronger the
encryption&#151;that is, the harder it is to for an unauthorized person to
unscramble the encrypted information.
</A></P>
<P><A NAME="1051133">
Personal Security Manager describes encryption strength in one of three
ways:
</A></P>
<ul>
<P><A NAME="1051134"><LI><B>High-grade encryption.</B> Strongest encryption available, using 128-bit keys at a minimum.</LI></A><P><A NAME="1051135"><LI><B>Medium-grade encryption.</B> Somewhat stronger than low-grade encryption, using 56- or 64-bit keys</LI></A><P><A NAME="1051136"><LI><B>Low-grade encryption.</B> Weakest encryption available, using 40-bit keys.</LI></A></ul>
</ul><A NAME="1051146">
For short definitions, click <a href="glossary.htm#1018895">certificate</a>, <a href="glossary.htm#1013995">digital signature</a>, or <a href="glossary.htm#999078">encryption</a>. For an overview of Personal Security Manager and network security concepts, see <a href="help.htm#1057187">Introduction to Personal Security Manager</a>.</P></A>
<A NAME="Message Not To Be Signed&#151;Message Cannot Be Encrypted"></A><A NAME="1050175">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Message Not To Be Signed&#151;Message Cannot Be Encrypted</FONT></b></p><A NAME="1051177">
If you click the Security button or the lock icon when you are composing a message that is not going to be signed and cannot be encrypted, Personal Security Manager displays panels with these boldface headings:</P></A>
<ul><P><A NAME="1051181"><LI><B>Message Not To Be Signed.</B> If you want to sign your message, you must have a certificate for that purpose and you must indicate in the message composition window that you want to sign the message. </LI></A></ul><ul><P><A NAME="1051182">
To indicate that you want a single message to be signed, choose Options
from the View menu in a message composition window, then select Signed.
To indicate that you want to sign every message automatically, click the
Applications tab in the main Personal Security Manager window, then click
Messenger and follow the directions.
</A></P>
<P><A NAME="1051186">
If you don't have a certificate that identifies you for signing purposes, click
the Certificates Tab in the main Personal Security Manager window, then
click Obtain New for information about getting one.
</A></P>
</ul><ul><P><A NAME="1051205"><LI><B>Message Cannot Be Encrypted.</B> This panel displays the reason you can't encrypt the message. </LI></A></ul><ul><P><A NAME="1051206">
If you can't encrypt the message because you don't have certificates for all
the recipients, Personal Security Manager displays an Add button that you
may use to try to find and add the missing certificates. For instructions on
adding certificates to your certificate store, click Add, then click Help.
</A></P>
</ul><A NAME="1051219">
For short definitions, click <a href="glossary.htm#1018895">certificate</a>, <a href="glossary.htm#1013995">digital signature</a>, or <a href="glossary.htm#999078">encryption</a>. For an overview of Personal Security Manager and network security concepts, see <a href="help.htm#1057187">Introduction to Personal Security Manager</a>.</P></A>
<A NAME="Message Can Be Signed&#151;Message Not to Be Encrypted"></A><A NAME="1050216">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Message Can Be Signed&#151;Message Not to Be Encrypted</FONT></b></p><A NAME="1051308">
If you click the Security button or the lock icon when you are composing a message that can be signed and is not to be encrypted, Personal Security Manager displays panels with these boldface headings:</P></A>
<ul><P><A NAME="1051255"><LI><B>Message Can Be Signed. </B>You can use your own certificate to digitally sign the message that you are composing. If your certificate store includes more than one certificate that can be used for signing purposes, the pop-up menu allows you to select which one to use. </LI></A><P><A NAME="1051259"><LI><B>Message Not To Be Encrypted.</B> If you want to encrypt your message, you must have a certificate for each recipient and you must indicate in the message composition window that you want to encrypt the message. </LI></A></ul><ul><P><A NAME="1051260">
To indicate that you want a message to be encrypted, choose Options from
the View menu in a message composition window, then select Encrypted.
To indicate that you want to encrypt every message automatically (if
possible), click the Applications tab in the main Personal Security Manager
window, then click Messenger and follow the directions.
</A></P>
<P><A NAME="1051264">
If you are missing certificates for any recipients, ask each of them to send
you a signed message (which always includes the signer's certificate).
Alternatively, click the Certificates Tab in the main Personal Security
Manager window, then Others, then Add.
</A></P>
</ul><A NAME="1051277">
For short definitions, click <a href="glossary.htm#1018895">certificate</a>, <a href="glossary.htm#1013995">digital signature</a>, or <a href="glossary.htm#999078">encryption</a>. For an overview of Personal Security Manager and network security concepts, see <a href="help.htm#1057187">Introduction to Personal Security Manager</a>.</P></A>
<A NAME="Message Cannot Be Signed&#151;Message Not to Be Encrypted"></A><A NAME="1050244">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Message Cannot Be Signed&#151;Message Not to Be Encrypted</FONT></b></p><A NAME="1051339">
If you click the Security button or the lock icon when you are composing a message that can cannot be signed and is not to be encrypted, Personal Security Manager displays panels with these boldface headings:</P></A>
<ul><P><A NAME="1051343"><LI><B>Message Cannot Be Signed. </B>This panel displays the reason you can't sign your message. You don't need to sign an email message unless you want the person receiving it to have verifiable assurance that the message really comes from you. To sign a message, you need a certificate.</LI></A><ul>
<P><A NAME="1051347"><LI>If you don't have a certificate, Personal Security Manager displays an Obtain New button that you can click to find out more about getting one.</LI></A><P><A NAME="1051348"><LI>If your certificate is not certified for signing messages, you need to obtain a new one that is certified for this purpose.</LI></A><P><A NAME="1051349"><LI>If your certificate has expired, you need to renew it or get a new one. To renew a certificate, request assistance from the certificate authority that originally issued it to you.</LI></A><P><A NAME="1051350"><LI>If your certificate has been revoked, you need to get a new one before you can sign messages. To find out the reason for revocation, request assistance from the certificate authority that originally issued the certificate. Any certificate authority whose criteria you can meet can issue you a new certificate.</LI></A></ul>
<P><A NAME="1051381"><LI><B>Message Not To Be Encrypted.</B> If you want to encrypt your message, you must have a certificate for each recipient and you must indicate in the message composition window that you want to encrypt the message. </LI></A></ul><ul><P><A NAME="1051382">
To indicate that you want a message to be encrypted, choose Options from
the View menu in a message composition window, then select Encrypted.
To indicate that you want to encrypt every message automatically (if
possible), click the Applications tab in the main Personal Security Manager
window, then click Messenger and follow the directions.
</A></P>
<P><A NAME="1051386">
If you are missing certificates for any recipients, ask each of them to send
you a signed message (which always includes the signer's certificate).
Alternatively, click the Certificates Tab in the main Personal Security
Manager window, then Others, then Add.
</A></P>
</ul><A NAME="1051399">
For short definitions, click <a href="glossary.htm#1018895">certificate</a>, <a href="glossary.htm#1013995">digital signature</a>, or <a href="glossary.htm#999078">encryption</a>. For an overview of Personal Security Manager and network security concepts, see <a href="help.htm#1057187">Introduction to Personal Security Manager</a>.</P></A>
<A NAME="1030083">&nbsp</A><A NAME="Applications Tab">
</A>
<H1><FONT Face="arial, helvetica, sans-serif" size="+2">
Applications Tab
</FONT></H1><A NAME="1057588">
When you click the Applications tab in the Personal Security Manager window, you can view and specify security settings for the browser, email application, and Java/JavaScript applications that are currently available. The following sections explain the panels available by clicking these labels in the left frame:</P></A>
<ul><A NAME="1036883"><LI><a href="help.htm#1030967">Navigator</a></LI></A><BR><A NAME="1036891"><LI><a href="help.htm#1031452">Messenger</a></LI></A><BR><A NAME="1036905"><LI><a href="help.htm#1031152">Java/JavaScript</a></LI></A><BR></ul><A NAME="Navigator"></A><A NAME="1030967">&nbsp</A>
<h2><FONT Face="arial, helvetica, sans-serif" size="+1">
Navigator</FONT></h2>
<A NAME="1047191">
To view the Personal Security Manager panel described in this section, you click the Applications tab and then click Navigator in the left frame. For instructions on how to use this panel, read the sections that follow.</P></A>
<ul><A NAME="1051639"><LI><a href="help.htm#1047193">Navigator Warnings</a></LI></A><BR><A NAME="1051646"><LI><a href="help.htm#1031040">Selection of Certificate</a></LI></A><BR></ul><A NAME="1047209">
For short definitions, click <a href="glossary.htm#1018895">certificate</a>, <a href="glossary.htm#1023462">certificate store</a>, or <a href="glossary.htm#999078">encryption</a>. For an overview of Personal Security Manager and network security concepts, see <a href="help.htm#1057187">Introduction to Personal Security Manager</a>.</P></A>
<A NAME="Navigator Warnings"></A><A NAME="1047193">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Navigator Warnings</FONT></b></p><A NAME="1030880">
It's easy to tell when the web site you are viewing is using an encrypted connection. If the connection is encrypted, the lock icon in the lower-left corner of the Navigator window is locked. If the connection is not encrypted, the lock icon is unlocked.</P></A>
<A NAME="1030900">
For many people, the lock icon provides sufficient information about a page's encryption status. If you want additional warnings, you can select one or more of the warning checkboxes in the Navigator section of the Applications tab. Think carefully about whether you want such warnings, since they can be annoying.</P></A>
<A NAME="1030978">
These are the choices you can make about Navigator warnings:</P></A>
<ul><P><A NAME="1030851"><LI>If you want to be reminded whenever you are entering or leaving a web site that supports encryption, select one or both of "Entering a site that supports encryption" and "Leaving a site that supports encryption." </LI></A><P><A NAME="1030919"><LI>If you want to be warned when you are viewing pages containing a mix of encrypted and unencrypted material (a situation in which the lock icon is unlocked), select "Viewing a page with an encrypted/unencrypted mix."</LI></A><P><A NAME="1030933"><LI>If you want some assurance that you won't inadvertently send sensitive information to a web site that doesn't provide an encrypted connection, select "Sending unencrypted information to a site." You may want to select this option even if you don't want any of the others.</LI></A></ul><A NAME="Selection of Certificate"></A><A NAME="1031040">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Selection of Certificate</FONT></b></p><A NAME="1031021">
Personal Security Manager maintains a certificate store of available certificates that belong to you, just as you can carry different credit cards or other pieces of identification that are used for different purposes. To view these certificates, click the Certificates tab, then click Mine.</P></A>
<A NAME="1031134">
You can choose how Navigator selects a certificate to identify you to a web site:</P></A>
<ul><P><A NAME="1030999"><LI>If you want Navigator to choose a certificate without asking you, click "Select automatically."</LI></A><P><A NAME="1031156"><LI>If you want Navigator to ask you to select a certificate each time a web site requests one, click "Ask every time."</LI></A></ul><A NAME="Messenger"></A><A NAME="1031452">&nbsp</A>
<h2><FONT Face="arial, helvetica, sans-serif" size="+1">
Messenger</FONT></h2>
<A NAME="1057261">
To view the Personal Security Manager panel described in this section, click the Applications tab and then click Messenger in the left frame. For instructions on how to use this panel, read the sections that follow.</P></A>
<ul><A NAME="1051658"><LI><a href="help.htm#1031311">Security Options for Sending Mail</a></LI></A><BR><A NAME="1051662"><LI><a href="help.htm#1054408">Certificate for Signing Mail</a></LI></A><BR><A NAME="1054343"><LI><a href="help.htm#1054315">Certificate Fetching</a></LI></A><BR></ul><A NAME="1057424">
<B>Note:</B> To use the Messenger panel described in this section, you must be running Communicator 4.7 or a later version. Netscape Mail (the email program that comes with Netscape 6) does not currently support digital signatures or encryption.</P></A>
<A NAME="1047296">
For short definitions, click <a href="glossary.htm#1018895">certificate</a>, <a href="glossary.htm#1013995">digital signature</a>, or <a href="glossary.htm#999078">encryption</a>. For an overview of Personal Security Manager and network security concepts, see <a href="help.htm#1057187">Introduction to Personal Security Manager</a>.</P></A>
<A NAME="Security Options for Sending Mail"></A><A NAME="1031311">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Security Options for Sending Mail</FONT></b></p><A NAME="1054388">
If you have certificates for all recipients of a message, Messenger can encrypt that message when you send it. (Otherwise, the message cannot be encrypted.) If you always want Messenger to encrypt messages that can be encrypted, select "Encrypt mail messages whenever possible."</P></A>
<A NAME="1054399">
<a href="help.htm#1054315">Certificate Fetching</a> describes how to use Personal Security Manager to fetch certificates automatically for recipients of a message that you want to encrypt.</P></A>
<A NAME="1054389">
If you have a valid certificate for yourself, you can digitally sign all your mail messages. To do so, select "Sign mail messages whenever possible."</P></A>
<A NAME="1042398">
If you have a valid certificate for yourself, you can also digitally sign all your discussion messages. To do so, select "Sign discussion messages whenever possible."</P></A>
<A NAME="Certificate for Signing Mail"></A><A NAME="1054408">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Certificate for Signing Mail</FONT></b></p><A NAME="1042403">
Personal Security Manager maintains a certificate store that may include several different certificates that belong to you, just as you may carry different credit cards or other pieces of identification that are used for different purposes. </P></A>
<A NAME="1031391">
The drop-down menu labeled "Select a security certificate to use for signing mail:" allows you to select the certificate you want Personal Security Manager to use for signing your mail messages. </P></A>
<A NAME="Certificate Fetching"></A><A NAME="1054315">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Certificate Fetching</FONT></b></p><A NAME="1054316">
If you don't have certificates for all recipients of a message that you want to encrypt, Personal Security Manager can automatically fetch their certificates (if available) from a specified directory at the time that you send the message. </P></A>
<A NAME="1054320">
Automatic certificate fetching won't work unless you have specified a directory server to search in. To do so, choose Preferences from the Edit menu, then click Addressing under Mail &amp; Newsgroups. In the right panel, click Directory Server under Pinpoint Addressing, select the directory you want to use from the drop-down menu, and click OK. Personal Security Manager uses this directory to search for any missing certificates when you click the Send button in a composition window for an encrypted message.</P></A>
<A NAME="1054324">
If the directory you want doesn't show up in the Pinpoint Addressing drop-down menu, you can add it to the list using the Communicator Address Book. To do so, choose Address Book from the Communicator menu, then choose New Directory from the File menu. Add information about the directory you want to add in the window that appears. Once the directory has been added to the Address book, you can specify it in your Communicator preferences as described above.</P></A>
<A NAME="Java/JavaScript"></A><A NAME="1031152">&nbsp</A>
<h2><FONT Face="arial, helvetica, sans-serif" size="+1">
Java/JavaScript</FONT></h2>
<A NAME="1042472">
To view the Personal Security Manager panel described in this section, you click the Applications tab and then click Java/JavaScript in the left frame. This panel allows you to reset all access privileges for digitally signed Java applets or JavaScript scripts. </P></A>
<A NAME="1053625">
A digital signature associated with a Java applet or JavaScript script allows Personal Security Manager to confirm the signer's identity, determine whether the software has been tampered with, and determine what kinds of actions it is permitted to perform on your computer.</P></A>
<A NAME="1042506">
When a digitally signed applet or script requests special access to your computer, you can grant or deny that form of access to all applets or scripts signed by the same software developer. For example, an applet signed by a game software company might request access privileges that allow it to read and write data to a scorecard file.</P></A>
<A NAME="1054635">
If you reset all privileges in the Java/JavaScript panel, Personal Security Manager erases its record of all such privileges that you have granted or denied and resets access privileges to their default status. If you then attempt to run any applets or scripts that require special privileges, you will again be asked to grant or deny privileges, even if you have previously made this decision.</P></A>
<A NAME="1053613">
For short definitions, click <a href="glossary.htm#1018895">certificate</a>, <a href="glossary.htm#1013995">digital signature</a>, or <a href="glossary.htm#1014095">object signing</a>. For an overview of Personal Security Manager and network security concepts, see <a href="help.htm#1057187">Introduction to Personal Security Manager</a>.</P></A>
<A NAME="Reset All Privileges"></A><A NAME="1053663">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Reset All Privileges</FONT></b></p><A NAME="1053756">
When you click the Reset All Privileges button, the Reset All Privileges window appears. If you attempt to run any applets or scripts that require special access privileges after you reset all privileges, you will be asked to grant or deny privileges, even if you have previously made this decision. </P></A>
<A NAME="1030743">&nbsp</A><A NAME="Certificates Tab">
</A>
<H1><FONT Face="arial, helvetica, sans-serif" size="+2">
Certificates Tab
</FONT></H1><A NAME="1035989">
When you click the Certificates tab in Personal Security Manager, you can view and work with different kinds of certificates in your <a href="glossary.htm#1023462">certificate store</a>. The sections that follow describe the panels available by clicking these labels in the left frame:</P></A>
<ul><A NAME="1035993"><LI><a href="help.htm#1047547">Certificates&#151;Mine</a></LI></A><BR><A NAME="1032221"><LI><a href="help.htm#1031428">Certificates&#151;Others</a></LI></A><BR><A NAME="1032225"><LI><a href="help.htm#1031432">Certificates&#151;Web Sites</a></LI></A><BR><A NAME="1047545"><LI><a href="help.htm#1031434">Certificates&#151;Authorities</a></LI></A><BR></ul><A NAME="Certificates&#151;Mine"></A><A NAME="1047547">&nbsp</A>
<h2><FONT Face="arial, helvetica, sans-serif" size="+1">
Certificates&#151;Mine</FONT></h2>
<A NAME="1035110">
The Mine panel of the Certificates tab in Personal Security Manager allows you to examine and work with the certificates in your certificate store that identify you, and to set related security passwords. For instructions on how to use this panel, read the sections that follow.</P></A>
<ul><A NAME="1035985"><LI><a href="help.htm#1031427">Work with Certificates that Identify You</a></LI></A><BR><A NAME="1036010"><LI><a href="help.htm#1051739">Choose a Personal Security Password</a></LI></A><BR><A NAME="1056167"><LI><a href="help.htm#1035146">Choose a Good Password</a></LI></A><BR><A NAME="1056175"><LI><a href="help.htm#1055908">Set the Frequency of Password Requests</a></LI></A><BR><A NAME="1056183"><LI><a href="help.htm#1056037">What To Do If You Forget Your Personal Security Password</a></LI></A><BR><A NAME="1036019"><LI><a href="help.htm#1056221">Choose a Portable Security Password</a></LI></A><BR><A NAME="1036930"><LI><a href="help.htm#1036816">Delete My Certificate</a></LI></A><BR></ul><A NAME="1048040">
For short definitions, click <a href="glossary.htm#1018895">certificate</a>, <a href="glossary.htm#1023462">certificate store</a>, <a href="glossary.htm#1013995">digital signature</a>, <a href="glossary.htm#999078">encryption</a>, or <a href="glossary.htm#1032744">Personal Security Password</a>. For an overview of Personal Security Manager and network security concepts, see <a href="help.htm#1057187">Introduction to Personal Security Manager</a>.</P></A>
<A NAME="Work with Certificates that Identify You"></A><A NAME="1031427">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Work with Certificates that Identify You</FONT></b></p><A NAME="1031498">
To perform any of the actions listed here, select the certificate on which you want to act and follow the instructions:</P></A>
<ul><P><A NAME="1031528"><LI>To examine the certificate, click View.</LI></A><P><A NAME="1031538"><LI>To initiate the process of renewing the certificate, click Renew. A web page appears that describes how to renew the certificate.</LI></A><P><A NAME="1031539"><LI>To initiate the process of backing up the selected certificate, click Backup. A window appears that allows you to choose a password to protect the backup. You can then save the backup in a directory of your choice. </LI></A><P><A NAME="1038545"><LI>To delete the selected certificate, click Delete. </LI></A></ul><A NAME="1038547">
The following actions don't require a certificate to be selected first:</P></A>
<ul><P><A NAME="1035962"><LI>To restore a certificate that was previously backed up, click Restore. When you click Restore, Personal Security Manager first asks you to locate the file that contains the backup. The names of certificate backup files typically end in <FONT FACE="courier, courier new, monospace">.p12</FONT>; for example, <FONT FACE="courier, courier new, monospace">MyCert.p12</FONT>. After you select the file to be restored, Personal Security Manager asks you to enter the portable security password that was set when the certificate was backed up.</LI></A><P><A NAME="1035966"><LI>To see information about applying for a new certificate, click Obtain New.</LI></A><P><A NAME="1054993"><LI>To initiate the process of backing up all the certificates stored on the default <a href="glossary.htm#1028962">security device</a> used by Personal Security Manager (called the PSM Private Keys security device), click Backup All. Note that certificates stored on any other security device, such as a smart card in a smart card reader attached to your computer, cannot be backed up by this method. To back up such a certificate, you must first select it, then click Backup.</LI></A></ul><A NAME="Choose a Personal Security Password"></A><A NAME="1051739">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Choose a Personal Security Password</FONT></b></p><A NAME="1055635">
Your Personal Security Password protects keys associated with your identity, such as the key that protects your stored passwords or a private key associated with a certificate. These keys are stored on a <a href="glossary.htm#1028962">security device</a>, such as the default device maintained internally by Personal Security Manager (called PSM Private Keys security device) or an external <a href="glossary.htm#1027625">smart card</a>. </P></A>
<A NAME="1055831">
The Personal Security Password for the default PSM Private Keys security device also protects your master key, which is a special key used by Personal Security Manager to encrypt information on behalf of other applications. For example, Netscape 6 uses Personal Security Manager and your master key to encrypt email passwords, web site passwords, and other stored sensitive information.</P></A>
<A NAME="1055833">
If someone uses your computer who knows or can guess the Personal Security Password for any security device available to Personal Security Manager, that person may be able to email or access web sites while pretending to be you. This can be dangerous&#151;for example, if you digitally sign important email messages or manage your financial accounts over the Internet. Therefore, it's important to select a Personal Security Password that is difficult to guess. For help creating a password that's hard to guess, see <a href="help.htm#1035146">Choose a Good Password</a>.</P></A>
<A NAME="1056050">
It's also important to record your Personal Security Password in a safe place&#151;and<I> not </I>anywhere that's easily accessible to someone else. If you forget this password, you may not be able to access important information, such as web sites that require passwords or certificates or encrypted mail stored on your computer. For more information about the consequences of losing your Personal Security Password, see <a href="help.htm#1056037">What To Do If You Forget Your Personal Security Password</a>.</P></A>
<A NAME="1056162">
For instructions on controlling the frequency with which Personal Security Manager requests your password, see <a href="help.htm#1055908">Set the Frequency of Password Requests</a>.</P></A>
<A NAME="1055927">
Note that each security device requires a separate Personal Security Password. For example, if you are using one or more smart cards to store some of your certificates, you must set a separate Personal Security Password for each one. </P></A>
<A NAME="Choose a Good Password"></A><A NAME="1035146">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Choose a Good Password</FONT></b></p><A NAME="1055935">
Good passwords have the following characteristics:</P></A>
<ul><A NAME="1035148"><LI>Passwords should be 6 to 14 characters long. (Note: If you're using a Macintosh, you cannot create passwords with more than 8 characters.)</LI></A><BR><A NAME="1035178"><LI>Do not use the "illegal" characters: *, ", or spaces. </LI></A><BR><A NAME="1035151"><LI>Do not use words that are in any dictionary, for any language.</LI></A><BR><A NAME="1035190"><LI>Include characters from as many of these categories as possible:</LI></A><BR><ul>
<A NAME="1035153"><LI>Uppercase letters </LI></A><BR><A NAME="1035154"><LI>Lowercase letters </LI></A><BR><A NAME="1035155"><LI>Numbers </LI></A><BR><A NAME="1055797"><LI>Symbols </LI></A><BR></ul>
</ul><A NAME="Set the Frequency of Password Requests"></A><A NAME="1055908">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Set the Frequency of Password Requests</FONT></b></p><A NAME="1055939">
The Personal Security Password window also allows you to set how often Personal Security Manager requires your Personal Security Password. Here are some things you should consider when selecting these options:</P></A>
<ul><P><A NAME="1035297"><LI><B>First time sensitive information (such as your certificate) is requested.</B> If you work in an office with strong physical security measures or if you feel that the consequences of somebody else using your computer to impersonate you are not extreme, click this radio button. This setting causes Personal Security Manager to request your Personal Security Password only the first time it is required after you launch your browser. Personal Security Manager will not request it again until after you exit and relaunch your browser. This setting provides the lowest level of protection.</LI></A><P><A NAME="1035296"><LI><B>Every time sensitive information (such as your certificate) is requested.</B> If you are very concerned about the possibility that somebody else might be able to use your computer to impersonate you, click this radio button. This setting ensures that Personal Security Manager will never access the private key database without first requesting your Personal Security Password. This setting provides the highest level of protection.</LI></A><P><A NAME="1035375"><LI><B>After </B><I>blank</I><B> minutes of inactivity on an encrypted site.</B> If you are somewhat concerned about the possibility that somebody else might be able to use your computer to impersonate you, but not enough to type in your Personal Security Password at frequent intervals, click this radio button and fill in the box with a value you feel comfortable with (for best protection, this should be a fairly low number of minutes, such as 20). This setting is appropriate if you sometimes send or receive confidential information to or from web sites that support encryption. <B>Note that this setting provides little protection against someone using your computer to send a signed email message in your name. </B></LI></A></ul><A NAME="What To Do If You Forget Your Personal Security Password"></A><A NAME="1056037">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
What To Do If You Forget Your Personal Security Password</FONT></b></p><A NAME="1056045">
The consequences of forgetting your Personal Security Password vary depending on your use of certificates and, if you are using Netscape 6, your use of the Password Manager:</P></A>
<ul><P><A NAME="1056219"><LI>If one or more of your own certificates are stored on a security device protected by a Personal Security Password and you forget the password, you will no longer be able to access those certificates. If you have made backups of your certificates, you can reset the Personal Security Password as described here and restore your backed up certificates. If you haven't backed up your certificates, you need to obtain new ones from the certificate authority that originally issued them. Also, if you haven't backed up your certificates, any stored email that you may have encrypted with the aid of an email certificate will not longer be accessible.</LI></A><P><A NAME="1056240"><LI>If you are using the Netscape 6 Password Manager to store passwords and other sensitive information in encrypted form and you forget the password for the PSM Private Keys security device, you will no longer be able to access that information. You will need to reset the Personal Security Password as described here and reenter all the passwords that the Password Manager was previously storing.</LI></A></ul><A NAME="1056236">
Steps for resetting the Personal Security Password vary depending on which security device is involved. Unless you are using a smart card, the only one available is the PSM Private Keys security device, which is also where the master key used by the Netscape 6 Password Manager is stored</P></A>
<A NAME="1056253">
To reset the Personal Security Password for the PSM Private Keys security device, follow these steps:</P></A>
<ol>
<P><a name="1056254"><B><FONT FACE="ARIAL"><LI></FONT></B>Exit the browser.</LI></a><P><a name="1056258"><B><FONT FACE="ARIAL"><LI></FONT></B>Delete your <FONT FACE="courier, courier new, monospace">cert7.db</FONT> and <FONT FACE="courier, courier new, monospace">key3.db</FONT> files. These are typically located in your user profile directory on Windows 95/98/2000/NT (located by default in <FONT FACE="courier, courier new, monospace">C:\\Program Files\Netscape\Users\</FONT>), or in the directory in which the Netscape executable resides on Unix.</LI></a><P><a name="1056278"><B><FONT FACE="ARIAL"><LI></FONT></B>Relaunch the browser.</LI></a><P><a name="1056283"><B><FONT FACE="ARIAL"><LI></FONT></B>Click the lock icon to open Personal Security Manager.</LI></a><P><a name="1056300"><B><FONT FACE="ARIAL"><LI></FONT></B>Click the Certificates tab, then click the Passwords button.</LI></a><P><a name="1056301"><B><FONT FACE="ARIAL"><LI></FONT></B>Before setting your new Personal Security password, determine what the new password will be according to the instructions in <a href="help.htm#1035146">Choose a Good Password</a>. Record your new password in a safe place&#151;and<I> not </I>anywhere that's easily accessible to someone else.</LI></a><P><a name="1056331"><B><FONT FACE="ARIAL"><LI></FONT></B>Set the new Personal Security Password according to the instructions on the screen.</LI></a><P><a name="1056336"><B><FONT FACE="ARIAL"><LI></FONT></B>Click Restore to restore your old certificates (if any). Unless you backed up all your certificates at once, you need to repeat this operation for each certificate.</LI></a><P><a name="1056353"><B><FONT FACE="ARIAL"><LI></FONT></B>If you previously set up the Netscape 6 Password Manager to encrypt stored passwords and other sensitive information, you will need to reenter each of your passwords again as they are requested.</LI></a></ol>
<A NAME="Choose a Portable Security Password"></A><A NAME="1056221">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Choose a Portable Security Password</FONT></b></p><A NAME="1031616">
A portable security password protects one or more certificates that you are backing up using the Backup or Backup All button in the Mine section of the Certificates tab. Personal Security Manager asks you to set a portable security password when you back up certificates, and requests it when you attempt to restore certificates that have previously been backed up. </P></A>
<A NAME="1054758">
<B>Important:</B> When you click the Backup All button, Personal Security Manager attempts to back up all of your certificates associated private keys stored on the default PSM Private Keys security device. Certificates backed up in this manner cannot be restored unless you are using a browser that has Personal Security Manager installed, or unless you are using Communicator 4.71 or later. </P></A>
<A NAME="1054840">
The Backup All button does<I> not</I> back up any certificates that are stored on security devices other than the default PSM Private Keys device. For example, Backup All will not back up any certificates in the list that are stored on a smart card inserted in a smart card reader attached to your computer. Certificates stored on security devices other than PSM Private Keys must each be backed up individually by selecting the name of the certificate and clicking the Backup button.</P></A>
<A NAME="1035482">
If someone obtains the file containing a certificate that you have backed up and successfully restores the certificate, that person can send messages or access web sites while pretending to be you. This can have negative consequences, for example, if you digitally sign important email messages or manage your bank or investment accounts over the Internet. Therefore, it's important to select a Portable Security Password that is difficult to guess. It's also important to record the password in a safe place&#151;and<I> not </I>anywhere that's easily accessible to someone else. If you forget this password, you can't restore the backup of your certificate.</P></A>
<A NAME="1035483">
For help in choosing a good password, see <a href="help.htm#1035146">Choose a Good Password</a>.</P></A>
<A NAME="Delete My Certificate"></A><A NAME="1036816">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Delete My Certificate</FONT></b></p><A NAME="1047932">
Before deleting a certificate&#151;even one that has expired&#151;make sure that you won't need it again some day. For example, you can use your own expired certificate for reading old email messages that you may have encrypted with the corresponding private key. If you delete someone else's certificate and then attempt to read email messages it was used to encrypt, your email software may not run correctly. </P></A>
<A NAME="Certificates&#151;Others"></A><A NAME="1031428">&nbsp</A>
<h2><FONT Face="arial, helvetica, sans-serif" size="+1">
Certificates&#151;Others</FONT></h2>
<A NAME="1057774">
The Others panel of the Certificates tab in Personal Security Manager allows you to examine and work with the certificates in your certificate store that identify other people. This can be useful if you send or receive digitally signed or encrypted email messages.</P></A>
<A NAME="1057775">
<B>Note:</B> To use the Others panel, you must be running Communicator 4.7 or a later version. Netscape Mail (the email program that comes with Netscape 6) does not currently support digital signatures or encryption.</P></A>
<A NAME="1048094">
For instructions on how to use this panel with Communicator 4.7x, read the sections that follow.</P></A>
<ul><A NAME="1048077"><LI><a href="help.htm#1035560">Work with Others' Certificates</a></LI></A><BR><A NAME="1048119"><LI><a href="help.htm#1036027">Edit Certificate Settings for Others' Certificates</a></LI></A><BR><A NAME="1048129"><LI><a href="help.htm#1031501">Add Someone Else's Certificate to Your Certificate Store</a></LI></A><BR><A NAME="1048137"><LI><a href="help.htm#1036838">Delete Someone Else's Certificate</a></LI></A><BR></ul><A NAME="1048106">
For short definitions, click <a href="glossary.htm#1018895">certificate</a>, <a href="glossary.htm#1023462">certificate store</a>, <a href="glossary.htm#1013995">digital signature</a>, or <a href="glossary.htm#999078">encryption</a>. For an overview of Personal Security Manager and network security concepts, see <a href="help.htm#1057187">Introduction to Personal Security Manager</a>.</P></A>
<A NAME="Work with Others' Certificates"></A><A NAME="1035560">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Work with Others' Certificates</FONT></b></p><A NAME="1038470">
To perform any of the actions listed here, select the certificate on which you want to act and follow the instructions:</P></A>
<ul><P><A NAME="1038471"><LI>To examine the certificate, click View.</LI></A><P><A NAME="1038475"><LI>To change the settings that Personal Security Manager associates with the certificate, click Edit. You can use these settings to designate a certificate as one that you trust or don't trust for identification purposes. </LI></A><P><A NAME="1038483"><LI>To delete the certificate, click Delete. </LI></A><P><A NAME="1038734"><LI>To find a certificate for somebody else (either because you don't have it or because the one you have has expired) click Add. </LI></A></ul><A NAME="Edit Certificate Settings for Others' Certificates"></A><A NAME="1036027">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Edit Certificate Settings for Others' Certificates</FONT></b></p><A NAME="1036031">
When you select someone else's certificate and click Edit, you see a window titled Edit Security Certificate Settings. Here you specify whether you want to trust the selected certificate to identify messages from and send encrypted email messages to the email address shown.</P></A>
<ul><P><A NAME="1038012"><LI>If you select "Do not trust the authenticity of this certificate" and click OK, Personal Security Manager will no longer trust this certificate for the purposes of identification or encryption.</LI></A><P><A NAME="1038034"><LI>If you select "Trust the authenticity of this certificate" and click OK, Personal Security Manager will henceforth trust this certificate for the purposes of identification or encryption.</LI></A></ul><A NAME="1048771">
In addition to specifying trust settings for the certificate shown in the Edit Security Certificate Settings window, you can specify trust settings for the <a href="glossary.htm#1020903">certificate authority (CA)</a> that issued that certificate&#151;that is, you can choose to trust or not to trust different kinds of certificates issued by that certificate authority. For example, you can choose not to trust any email certificates issued by that certificate authority. </P></A>
<A NAME="1048642">
To edit the certificate settings for the certificate authority that issued the certificate described in the window, click the Edit button.</P></A>
<A NAME="Add Someone Else's Certificate to Your Certificate Store"></A><A NAME="1031501">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Add Someone Else's Certificate to Your Certificate Store</FONT></b></p><A NAME="1035637">
When you click Add in the Others section of the Certificates tab, you see a window called Add Security Certificate. This window allows you to search for certificates in a directory and add them to your <a href="glossary.htm#1023462">certificate store</a>. </P></A>
<A NAME="1054426">
If the directory you want to search doesn't show up in the drop-down menu labeled "Directory to search", add it to your list of directories using the Communicator Address Book. To do so, choose Address Book from the Communicator menu, then choose New Directory from the File menu. Enter the requested information about the directory you want to add. Once the directory has been added to the Address book, it appears in the drop-down menu in the Add Security Certificate window.</P></A>
<A NAME="1054519">
After you specify the directory to search, type the email address of the person whose certificate you want to find. When you click OK, Personal Security Manager searches for a certificate corresponding to the address you typed. If it finds a valid certificate, Personal Security Manager adds it to your certificate store. If more than one valid certificate is available, Personal Security Manager adds the one issued most recently.</P></A>
<A NAME="1054526">
If Personal Security Manager can't find a certificate matching the email address you specified, you may have typed it incorrectly. To try again, click Add again. If Personal Security Manager still can't locate the certificate, you can obtain it by asking the person whose certificate you want to send you a signed email message. The certificate whose corresponding private key was used to create the digital signature is automatically sent with any signed message, and Personal Security Manager automatically adds it to your certificate store. </P></A>
<A NAME="Delete Someone Else's Certificate"></A><A NAME="1036838">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Delete Someone Else's Certificate</FONT></b></p><A NAME="1037958">
Before deleting someone else's certificate, make sure you won't need it again some day to send encrypted email to that person or to verify digital signatures on messages from that person.</P></A>
<A NAME="Certificates&#151;Web Sites"></A><A NAME="1031432">&nbsp</A>
<h2><FONT Face="arial, helvetica, sans-serif" size="+1">
Certificates&#151;Web Sites</FONT></h2>
<A NAME="1039114">
The Web Sites section of the Certificates tab in Personal Security Manager allows you to examine and work with the certificates in your certificate store that identify web sites. </P></A>
<A NAME="1038505">
To perform any of the actions listed here, select the certificate on which you want to act from the list of web site certificates, then follow these instructions:</P></A>
<ul><P><A NAME="1038506"><LI>To examine the selected certificate, click View.</LI></A><P><A NAME="1038510"><LI>To change the settings that Personal Security Manager associates with the selected certificate, click Edit. </LI></A></ul><ul><P><A NAME="1048377">
You can use these settings to designate a web site certificate as one that you
trust or don't trust for identification purposes.
</A></P>
</ul><ul><P><A NAME="1038517"><LI>To delete the selected certificate, click Delete.</LI></A></ul><A NAME="1048357">
For short definitions, click <a href="glossary.htm#1018895">certificate</a>, <a href="glossary.htm#1023462">certificate store</a>, <a href="glossary.htm#1013995">digital signature</a>, or <a href="glossary.htm#999078">encryption</a>. For an overview of Personal Security Manager and network security concepts, see <a href="help.htm#1057187">Introduction to Personal Security Manager</a>.</P></A>
<A NAME="Edit Web Site Certificate Settings"></A><A NAME="1035916">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Edit Web Site Certificate Settings</FONT></b></p><A NAME="1038129">
When you select a web site certificate and click Edit, you see a window titled Edit Security Certificate Settings. Here you specify whether you want to trust the selected certificate for identifying the web site and setting up an encrypted connection with it.</P></A>
<ul><P><A NAME="1038157"><LI>If you select "Do not trust the authenticity of this certificate" and click OK, Personal Security Manager will no longer trust this certificate for the purposes of identifying this web site or setting up an encrypted connection. If you select this setting and then attempt to visit the web site, you will see one or more warning messages before you can access the site.</LI></A><P><A NAME="1038161"><LI>If you select "Trust the authenticity of this certificate" and click OK, Personal Security Manager will henceforth trust this certificate for the purposes of identifying this web site or setting up an encrypted connection. If you select this setting and then attempt to visit the web site, your browser will access the site with few, if any, warnings.</LI></A></ul><A NAME="1038138">
In addition to specifying these settings for the certificate shown, you can specify trust settings for the <a href="glossary.htm#1020903">certificate authority (CA)</a> that issued the certificate&#151;that is, you can choose to trust or not to trust different kinds of certificates issued by that certificate authority. For example, you can choose not to trust any web site certificates issued by that certificate authority. </P></A>
<A NAME="1048807">
To edit the certificate settings for the certificate authority that issued the certificate described in the window, click the Edit button.</P></A>
<A NAME="Delete Web Site Certificate"></A><A NAME="1036851">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Delete Web Site Certificate</FONT></b></p><A NAME="1038198">
Before deleting a certificate, make sure that you won't need it again for the purposes of identifying a web site and setting up an encrypted connection. </P></A>
<A NAME="Certificates&#151;Authorities"></A><A NAME="1031434">&nbsp</A>
<h2><FONT Face="arial, helvetica, sans-serif" size="+1">
Certificates&#151;Authorities</FONT></h2>
<A NAME="1038699">
The Authorities section of the Certificates tab in Personal Security Manager allows you to examine and work with the certificates in your certificate store that identify certificate authorities (CAs). </P></A>
<A NAME="1038700">
To perform any of the actions listed here, select the CA certificate on which you want to act from the list of CA certificates and then follow the instructions:</P></A>
<ul><P><A NAME="1038701"><LI>To examine the CA certificate, click View.</LI></A><P><A NAME="1038803"><LI>To change the settings that Personal Security Manager associates with the CA certificate, click Edit. You can use these settings to specify the certificate authority identified by that certificate as one that you trust or don't trust. </LI></A><P><A NAME="1038639"><LI>To delete a certificate, click Delete. </LI></A></ul><A NAME="1048851">
For short definitions, click <a href="glossary.htm#1018895">certificate</a>, <a href="glossary.htm#1023462">certificate store</a>, or <a href="glossary.htm#1020903">certificate authority (CA)</a>. For an overview of Personal Security Manager and network security concepts, see <a href="help.htm#1057187">Introduction to Personal Security Manager</a>.</P></A>
<A NAME="Edit CA Certificate Settings"></A><A NAME="1036857">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Edit CA Certificate Settings</FONT></b></p><A NAME="1038826">
When you select a CA certificate and click Edit, you see a window titled Edit Security Certificate Settings. Here you specify the kinds of certificates you trust this CA to certify. If you deselect all the checkboxes, Personal Security Manager will not trust any certificates issued by this CA.</P></A>
<ul><P><A NAME="1038827"><LI>If you select "This CA can identify web sites," Personal Security Manager will trust certificates issued by this CA for purposes of identifying web sites and encrypting web site connections. If you deselect this checkbox, Personal Security Manager will not trust web site certificates issued by this CA.</LI></A><P><A NAME="1038831"><LI>If you select "This CA can identify mail users," Personal Security Manager will trust certificates issued by this CA for purposes of signing or encrypting email. If you deselect this checkbox, Personal Security Manager will not trust email certificates issued by this CA.</LI></A><P><A NAME="1038973"><LI>If you select "This CA can identify software makers," Personal Security Manager will trust certificates issued by this CA for the purpose of identifying software makers. If you deselect this checkbox, Personal Security Manager will not trust such certificates issued by this CA.</LI></A></ul><A NAME="1039035">
Click OK to implement the settings you have selected.</P></A>
<A NAME="Delete Authority Certificate"></A><A NAME="1036865">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Delete Authority Certificate</FONT></b></p><A NAME="1039044">
Before deleting a CA certificate, make sure that you won't need it again to validate certificates issued by that CA. If you delete the only valid certificate you have for a CA, Personal Security Manager will no longer trust any certificates issued by that CA. For example, it will no longer be possible to validate the digital signatures for email messages you have received that were signed with the aid of a certificate issued by that CA. </P></A>
<A NAME="1036138">&nbsp</A><A NAME="Advanced Tab">
</A>
<H1><FONT Face="arial, helvetica, sans-serif" size="+2">
Advanced Tab
</FONT></H1><A NAME="1040699">
When you click the Advanced tab in Personal Security Manager, you can view and work with different kinds of certificates in your certificate store. This section describes the panels available by clicking the labels in the left frame:</P></A>
<ul><A NAME="1036150"><LI><a href="help.htm#1036162">Modules</a></LI></A><BR><A NAME="1042427"><LI><a href="help.htm#1036164">Options</a></LI></A><BR></ul><A NAME="Modules"></A><A NAME="1036162">&nbsp</A>
<h2><FONT Face="arial, helvetica, sans-serif" size="+1">
Modules</FONT></h2>
<A NAME="1048962">
A Public Key Cryptography Standard (PKCS) #11 module (sometimes called a <I>security module</I>) is a program that works with Personal Security Manager to manage cryptographic services such as encryption and decryption. PKCS #11 modules control security devices that can be implemented in either hardware or software.</P></A>
<A NAME="1048967">
A PKCS #11 module controls one or more security devices (sometimes called <I>tokens</I>) in much the same way that a software driver controls an external device such as a printer or modem. A security device, which can be implemented in software or hardware, provides cryptographic services such as encryption and decryption and optionally stores certificates and keys. Personal Security Manager contains its own internal software security devices. A smart card is one example of an external hardware security device. Each security device is protected by its own <a href="glossary.htm#1032744">Personal Security Password</a>. </P></A>
<A NAME="1040800">
Personal Security Manager provides a built-in PKCS #11 module that controls the internal Personal Security Manager security devices. You may install additional modules on your computer to control smart cards or other external security devices. </P></A>
<A NAME="1052615">
The Modules panel allows you to add to or delete modules from the list of PKCS #11 modules recognized by Personal Security Manager and to manage the security devices controlled by each module. </P></A>
<A NAME="1040804">
Before you can add a PKCS #11 module to the list shown in the Modules panel, you must first install the module on your computer and if necessary connect any associated hardware (such as a smart card reader). Follow the instructions that come with the hardware.</P></A>
<A NAME="1040875">
The buttons under the list of modules give you these options: </P></A>
<ul><P><A NAME="1036163"><LI>To add a module, click the Add button. </LI></A><P><A NAME="1040889"><LI>To delete a module, select it and click the Delete button.</LI></A></ul><A NAME="1040832">
When a module is selected in the list of modules, its available security devices (including, for example, a smart card inserted in a smart card reader) appear in the list of devices. Information about the selected module appears below the module list. Information about the selected security device appears below the security device list. Personal Security Manager must be logged into a security device before using it to provide cryptographic services.</P></A>
<A NAME="1040899">
The buttons under the list of security devices allow you to perform the following actions:</P></A>
<ul><P><A NAME="1040833"><LI>To log into a security device, select the device's module from the list of modules, then select the device name from the list of security devices and click Login. </LI></A><P><A NAME="1040907"><LI>To log out of an active security device, select the device name and click Logout. </LI></A><P><A NAME="1040912"><LI>To log out of all security devices at once, click Logout All. </LI></A></ul><A NAME="1040935">
The Enable FIPS-mode button at the bottom of the Modules panel allows you to switch to FIPS mode. For more information, see <a href="help.htm#1040870">Enable FIPS Mode</a>.</P></A>
<A NAME="Add New Security Module"></A><A NAME="1040860">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Add New Security Module</FONT></b></p><A NAME="1040874">
When you click the Add button below the list of modules, the Add New Security Module window appears. You provide the name of the module and the filename and location of the file on your hard disk, then click Install.</P></A>
<a name="1040980">Before you can add a PKCS #11 module to the list of modules maintained by
Personal Security Manager, you must first install the module on your computer
and if necessary connect any associated hardware device. The instructions that
come with such a device should provide both the name of the module and
information about how to install the software and connect the hardware.
</a><P><A NAME="1040961">
For more information about PKCS #11 modules, see <a href="help.htm#1036162">Modules</a>.</P></A>
<A NAME="Enable FIPS Mode"></A><A NAME="1040870">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Enable FIPS Mode</FONT></b></p><A NAME="1054657">
Federal Information Processing Standards Publications (FIPS PUBS) 140-1 is a US government standard for implementations of cryptographic modules&#151;that is, hardware or software that encrypts and decrypts data or performs other cryptographic operations (such as creating or verifying digital signatures). Many products sold to the US government must comply with one or more of the FIPS standards. </P></A>
<A NAME="1054661">
When you click the Enable button in the Modules panel of the Advanced tab, FIPS-mode, Personal Security Manager begins operating according to FIPS PUBS 140-1 and the Enable button changes to Disable. To disable FIPS-mode, click Disable.</P></A>
<A NAME="Options"></A><A NAME="1036164">&nbsp</A>
<h2><FONT Face="arial, helvetica, sans-serif" size="+1">
Options</FONT></h2>
<A NAME="1051942">
To view the Personal Security Manager panel described in this section, you click the Advanced tab and then click Options in the left frame. </P></A>
<A NAME="SSL Settings"></A><A NAME="1049123">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
SSL Settings</FONT></b></p><A NAME="1049127">
The Secure Sockets Layer (SSL) protocol defines rules governing mutual <a href="glossary.htm#998782">authentication</a> between a web site and your browser software and <a href="glossary.htm#999078">encryption</a> of the information that flows between them. </P></A>
<A NAME="1052011">
You should normally leave both SSL settings in the Options panel selected to ensure that both older and newer web servers can support authentication and encryption with Personal Security Manager.</P></A>
<A NAME="OCSP Settings"></A><A NAME="1049128">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
OCSP Settings</FONT></b></p><A NAME="1049124">
The Online Certificate Status Protocol (OCSP) makes it possible for Personal Security Manager to perform an online check of a certificate's validity each time the certificate is viewed or used. This process involves checking the certificate against a certificate revocation list (CRL) maintained at a specified web site. Your computer must be online for OCSP to work.</P></A>
<A NAME="1052092">
To specify how Personal Security Manager uses OCSP, you click OCSP Settings in the Options panel of the Advanced tab. You can choose one of these settings:</P></A>
<ul><P><A NAME="1052068"><LI><B>Do not use OCSP for certificate verification.</B> Select this setting if you don't want Personal Security Manager to perform an on-line status check each time it verifies a certificate. Instead, whenever Personal Security Manager performs <a href="glossary.htm#1025527">certificate verification</a> it only confirms the certificate's validity period and that it is correctly signed by a CA whose own CA certificate is both present in the certificate store and marked as trusted for issuing that kind of certificate.</LI></A><P><A NAME="1052069"><LI><B>Use OCSP to verify only certificates that specify an OCSP service URL.</B> Select this setting if you want Personal Security Manager perform an on-line status check each time it verifies a certificate that specifies a URL for the purpose of performing such a check. If a URL is specified by the certificate, Personal Security Manager makes sure that the certificate is listed there as valid as well as performing the standard checks of validity period and trust settings.</LI></A><P><A NAME="1056737"><LI><B>Use OCSP to verify all certificates, using the URL and signer specified here.</B> Select this setting if you want Personal Security Manager to perform an on-line status check each time it verifies any certificate. If you select this setting, you should also choose the Response Signer certificate that identifies the signer of the OCSP responses (scroll to the right to use the pop-up menu). With this setting, the only certificates Personal Security Manager recognizes are those that can be verified by an OCSP response signed with the Response Signer certificate (or signed using a certificate that chains to it).<br><br>When you choose a Response Signer certificate from the pop-up menu, Personal Security Manager fills in the Service URL (if available) for that signer automatically. If the Service URL is not filled in automatically, you must provide it yourself; ask your system administrator for details.</LI></A></ul><A NAME="1056728">&nbsp</A><A NAME="Other Personal Security Manager Windows">
</A>
<H1><FONT Face="arial, helvetica, sans-serif" size="+2">
Other Personal Security Manager Windows
</FONT></H1><A NAME="1035662">
Personal Security Manager sometimes displays additional windows, either in response to security-related events (such as a web site's request for identification) or when you click buttons within the main Personal Security Manager window. The sections that follow describe these windows. To see the Help text for any Personal Security Manager window, click the Help button at the bottom of the window.</P></A>
<ul><A NAME="1041118"><LI><a href="help.htm#1055385">Certificate Information</a></LI></A><BR><A NAME="1041160"><LI><a href="help.htm#1035650">Choose Security Device</a></LI></A><BR><A NAME="1041298"><LI><a href="help.htm#1041171">Enrollment Information</a></LI></A><BR><A NAME="1055273"><LI><a href="help.htm#1055232">Certificate Renewal</a></LI></A><BR><A NAME="1041307"><LI><a href="help.htm#1041200">Choosing a Certificate</a></LI></A><BR><A NAME="1041334"><LI><a href="help.htm#1036401">New Certificate Authority</a></LI></A><BR><A NAME="1041343"><LI><a href="help.htm#1041248">Web Site Certificates</a></LI></A><BR><A NAME="1041352"><LI><a href="help.htm#1036488">Request for Signature</a></LI></A><BR></ul><A NAME="Certificate Information"></A><A NAME="1055385">&nbsp</A>
<h2><FONT Face="arial, helvetica, sans-serif" size="+1">
Certificate Information</FONT></h2>
<A NAME="1055391">
Personal Security Manager displays three kinds of windows for viewing information about a certificate:</P></A>
<ul><A NAME="1055392"><LI><a href="help.htm#1049021">View Security Certificate</a></LI></A><BR><A NAME="1055476"><LI><a href="help.htm#1055417">View Certificate Details</a></LI></A><BR><A NAME="1055485"><LI><a href="help.htm#1055437">View Security Certificate&#151;Issuer Not Found</a></LI></A><BR></ul><A NAME="View Security Certificate"></A><A NAME="1049021">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
View Security Certificate</FONT></b></p><A NAME="1055405">
The View Security Certificate window displays information about the certificate you selected in one of the panels available under the Certificate tab. You can also click View More Info in the top right corner of the window to see a complete text version of the certificate (normally of interest to IS professionals only).</P></A>
<A NAME="1049027">
The View Security Certificate window shows the following information about the selected certificate: </P></A>
<ul><P><A NAME="1049028"><LI>Whether the certificate has been verified, and if so for what uses. See <a href="glossary.htm#1025527">certificate verification</a> for a discussion of how Personal Security Manager verifies certificates. Uses can include any of the following: <B></B></LI></A><ul>
<P><A NAME="1037565"><LI><B>SSL Client.</B> Certificate used to identify you to web sites.</LI></A><P><A NAME="1037569"><LI><B>SSL Server.</B> Certificate used to identify a web site server to browsers.</LI></A><P><A NAME="1037570"><LI><B>Email Signer.</B> Certificate used to identify you for the purposes of digitally signing email messages.</LI></A><P><A NAME="1037571"><LI><B>Email Recipient.</B> Certificate used to identify someone else, for example so you can send that person encrypted email.</LI></A><P><A NAME="1037572"><LI><B>Status Responder.</B> Certificate used to identify an on-line status responder that uses the Online Certificate Status Protocol (OCSP) to check the validity of certificates. For more information about OCSP, see <a href="help.htm#1049128">OCSP Settings</a>.</LI></A><P><A NAME="1037574"><LI><B>Certificate Authority.</B> Certificate used to identify a certificate authority&#151;that is, a service that issues certificates for use as identification over computer networks.</LI></A></ul>
<P><A NAME="1037620"><LI><B>Name.</B> The name of the person or other entity that the certificate identifies.</LI></A><P><A NAME="1037684"><LI><B>Issued Under.</B> The name of the organization that issued the certificate. You can click this name to view the issuer's certificate (if it is available to Personal Security Manager) in a new View Security Certificate window. By clicking the "Issued Under" name in successive View Security Certificate windows, you can view each certificate in the original certificate's <a href="glossary.htm#1018500">certificate chain</a>.</LI></A><P><A NAME="1037628"><LI><B>Serial Number.</B> The certificate's serial number.</LI></A><P><A NAME="1037629"><LI><B>Validity.</B> The period of time during which the certificate can be used.</LI></A><P><A NAME="1037642"><LI><B>Fingerprint.</B> A unique number associated with a certificate. The number is produced by applying a mathematical function to the contents of the certificate. A certificate's fingerprint can be used to verify that the certificate has not been tampered with.</LI></A></ul><A NAME="1049045">
For a short definition, click <a href="glossary.htm#1018895">certificate</a>. For an overview of Personal Security Manager and network security concepts, see <a href="help.htm#1057187">Introduction to Personal Security Manager</a>.</P></A>
<A NAME="View Certificate Details"></A><A NAME="1055417">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
View Certificate Details</FONT></b></p><A NAME="1055420">
When you click View More Info in the upper-right corner of the View Security Certificate window, a View Certificate Details window opens that displays the complete contents of the certificate. This information is normally of interest to IS professionals only. </P></A>
<A NAME="1055418">
Personal Security Manager displays basic ANSI types in human-readable form wherever possible. For fields whose contents it cannot interpret, Personal Security Manager simply displays the actual values contained in the certificate.</P></A>
<A NAME="View Security Certificate&#151;Issuer Not Found"></A><A NAME="1055437">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
View Security Certificate&#151;Issuer Not Found</FONT></b></p><A NAME="1055445">
When you click the name of a certificate's issuer (labeled "Issued Under:") in the View Security Certificate window, a new View Security Certificate window opens with information about the issuer's certificate&#151;unless that certificate is not available in the <a href="glossary.htm#1023462">certificate store</a> maintained by Personal Security Manager. In this case, the new window informs you that the issuer's certificate could not be found.</P></A>
<A NAME="Choose Security Device"></A><A NAME="1035650">&nbsp</A>
<h2><FONT Face="arial, helvetica, sans-serif" size="+1">
Choose Security Device</FONT></h2>
<A NAME="1043337">
A security device (sometimes called a <I>token</I>) is a hardware or software device that provides cryptographic services such as encryption and decryption and stores certificates and keys. The Choose Security Device window appears when Personal Security Manager needs help deciding which security device to use when importing a certificate and its keys or performing a cryptographic operation, such as generating keys for a new certificate. This window allows you to select one of two or more security devices that Personal Security Manager has detected on your machine.</P></A>
<A NAME="1039199">
A smart card is one example of a security device. For example, if a smart card reader connected to your computer has a smart card inserted in it, the name of the smart card will show up in the drop-down menu. In this case, you must choose the name of the smart card from the menu to be able to use it with Personal Security Manager.</P></A>
<A NAME="1039188">
Personal Security Manager also supplies its own default, built-in security device, which can always be used no matter what additional devices are or aren't available.</P></A>
<A NAME="1049072">
For a brief description of security devices and their relationship with PKCS #11 modules and slots, click <a href="glossary.htm#1025197">PKCS #11 module</a>. For an overview of Personal Security Manager and network security concepts, see <a href="help.htm#1057187">Introduction to Personal Security Manager</a>.</P></A>
<A NAME="Enrollment Information"></A><A NAME="1041171">&nbsp</A>
<h2><FONT Face="arial, helvetica, sans-serif" size="+1">
Enrollment Information</FONT></h2>
<A NAME="1041177">
The following windows may appear while you are attempting to obtain a certificate from a certificate authority (a process sometimes called <I>certificate</I> <I>enrollment</I>): </P></A>
<ul><A NAME="1041180"><LI><a href="help.htm#1036310">Encryption Key Copy</a></LI></A><BR><A NAME="1041191"><LI><a href="help.htm#1036319">Security Certificate Backup</a></LI></A><BR></ul><A NAME="Encryption Key Copy"></A><A NAME="1036310">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Encryption Key Copy</FONT></b></p><A NAME="1036317">
Certificate authorities (CAs) that issue separate signing and encryption email certificates typically make backup copies of your private encryption key during the certificate enrollment process. Separate signing and encryption certificates require client software that supports <a href="glossary.htm#1020489">dual key pairs</a> for use in signing and encrypting email.</P></A>
<A NAME="1039231">
It's important to understand that a CA that has archived a backup copy of your encryption key has the potential capability of decrypting any messages encrypted with your public key. If you trust your CA with this capability, click OK. After your CA makes a backup copy of the encryption key, you will be able to use that key to access your encrypted mail even if you lose your password or lose your own copy of the key. If no backup copy of your encryption key exists and you lose your password or the key, you will have no way of reading any of your encrypted email messages.</P></A>
<A NAME="1036318">
If you don't trust the CA that is requesting the backup copy, don't request a certificate from it. Click Cancel to stop both the backup procedure and the request for a certificate.</P></A>
<A NAME="1039243">
If you are not sure whether to trust the CA that is requesting the backup copy, talk to your system administrator.</P></A>
<A NAME="Security Certificate Backup"></A><A NAME="1036319">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Security Certificate Backup</FONT></b></p><A NAME="1036327">
When you receive a certificate, make a backup copy of the certificate and its private key, then store the copy in a safe place. For example, you can put the copy on a floppy disk and store it with other valuable items under lock and key. That way, even if you have hard disk or file corruption problems, you can easily restore the certificate.</P></A>
<A NAME="1039285">
It can be inconvenient, at best, and in some situations catastrophic to lose your certificate and its associated private key, depending on what you use it for. For example:</P></A>
<ul><P><A NAME="1039517"><LI>If you lose a certificate that identifies you to important web sites, you will not be able to access those web sites until you obtain a new certificate. </LI></A><P><A NAME="1052738"><LI>If you lose a certificate used to encrypt email messages, you will not be able to read any of your encrypted email&#151;including both encrypted messages that you have sent and encrypted messages that you have received. In this case, if you cannot obtain a backup of the private encryption key associated with the certificate, you will never be able to read any of the messages encrypted with that key.</LI></A></ul><A NAME="1039286">
Like any other valuable data, certificates should be backed up to avoid future trouble and expense. Do it now so you don't forget.</P></A>
<A NAME="1049332">
For a short definition, click <a href="glossary.htm#1018895">certificate</a>. For an overview of Personal Security Manager and network security concepts, see <a href="help.htm#1057187">Introduction to Personal Security Manager</a>.</P></A>
<A NAME="Certificate Renewal"></A><A NAME="1055232">&nbsp</A>
<h2><FONT Face="arial, helvetica, sans-serif" size="+1">
Certificate Renewal</FONT></h2>
<A NAME="1055238">
Like a credit card, a driver's license, and many other forms of identification, a certificate is valid for a specified period of time. When a certificate expires, you need to get a new one&#151;unless you have decided that you don't need that certificate anymore. </P></A>
<A NAME="1055242">
Personal Security Manager displays the Certificate Renewal window when it detects that one of your certificates is about to expire. Information about the certificate is displayed at the top of the window. The information provided includes the name of the CA that issued the certificate (labeled "Issued Under").</P></A>
<A NAME="1055243">
The Certificate Renewal window allows you to make one of two decisions:</P></A>
<ul><P><A NAME="1055246"><LI><B>Renew this certificate now.</B> If you select this option, Personal Security Manager initiates the renewal process.</LI></A><P><A NAME="1055252"><LI><B>Remind me to renew this certificate later.</B> If you select this option, Personal Security Manager will not initiate the renewal process, but will remind you again later.</LI></A></ul><A NAME="1055262">
For a short definition, click <a href="glossary.htm#1018895">certificate</a> or <a href="glossary.htm#1031319">certificate renewal</a>. For an overview of Personal Security Manager and network security concepts, see <a href="help.htm#1057187">Introduction to Personal Security Manager</a>.</P></A>
<A NAME="Choosing a Certificate"></A><A NAME="1041200">&nbsp</A>
<h2><FONT Face="arial, helvetica, sans-serif" size="+1">
Choosing a Certificate</FONT></h2>
<A NAME="1041370">
The following windows may appear when you view a web page that requires your certificate, or when you have more than one certificate with the same name.</P></A>
<ul><A NAME="1041208"><LI><a href="help.htm#1036330">User Identification Request</a></LI></A><BR><A NAME="1052285"><LI><a href="help.htm#1052302">Choose Security Certificate</a></LI></A><BR></ul><A NAME="User Identification Request"></A><A NAME="1036330">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
User Identification Request</FONT></b></p><A NAME="1039320">
Some web sites require that you identify yourself with a certificate rather than a name and password, because certificates provide a more reliable form of identification. However, Personal Security Manager may have more than one certificate that can be used for the purposes of identifying yourself to a web site. In this case, Personal Security Manager presents the User Identification Request window, which allows you to select the appropriate certificate for the web site you want to visit.</P></A>
<A NAME="1039428">
Web sites can also use certificates to identify themselves. The certificate presented by the web site you want to visit is displayed in the top part of this window. The information provided includes the name of the CA that issued the certificate (labeled "Issued Under").</P></A>
<A NAME="1036341">
The certificates you have available for the purposes of identifying yourself to a web site are listed in the drop-down menu in the bottom part of the window. Choose the certificate that seems most likely to be recognized by the web site you want to visit.</P></A>
<A NAME="1049225">
For short definitions, click <a href="glossary.htm#1018895">certificate</a> or <a href="glossary.htm#1021054">client authentication</a>. For an overview of Personal Security Manager and network security concepts, see <a href="help.htm#1057187">Introduction to Personal Security Manager</a>.</P></A>
<A NAME="Choose Security Certificate"></A><A NAME="1052302">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Choose Security Certificate</FONT></b></p><A NAME="1052303">
The Choose Security Certificate window appears when Personal Security Manager has more than one certificate with the same name in its certificate store. Use this window to select the certificate you want to use. For example, if there are several certificates with the same name but different validity periods, you would normally want choose the one most recently issued.</P></A>
<A NAME="New Certificate Authority"></A><A NAME="1036401">&nbsp</A>
<h2><FONT Face="arial, helvetica, sans-serif" size="+1">
New Certificate Authority</FONT></h2>
<A NAME="1036402">
The certificate store maintained by Personal Security Manager includes all certificates available to it, whether stored on your computer or on an external device such as a smart card.</P></A>
<A NAME="1052794">
Your certificate store includes certificates that identify a <a href="glossary.htm#1020903">certificate authority (CA)</a>. To recognize other people's certificates, your <a href="glossary.htm#1023462">certificate store</a> must include certificates for the CAs that issued or authorized issuance of those certificates. When you decide to trust a CA, Personal Security Manager adds its certificate to your certificate store and recognizes the kinds of certificates you trust it to issue.</P></A>
<A NAME="1052802">
Personal Security Manager displays two windows that allow you to specify that you trust a new CA:</P></A>
<ul><P><A NAME="1039980"><LI><B>New Certificate Authority: Step 1.</B> Before you decide to trust a new CA, make sure that you know who is operating it. Make sure the CA's policies and procedures and are appropriate for the kinds of certificates it issues. For example, if the CA issues certificates identifying web sites you use for financial transactions, make sure you are comfortable with the level of assurance the CA provides.</LI></A><P><A NAME="1039965"><LI><B>New Certificate Authority: Step 2.</B> At this stage, you need to decide what kinds of certificates issued by this CA you want to trust. You can select any of the following options:</LI></A><ul>
<P><A NAME="1040097"><LI><B>Trust this CA to identify web sites. </B>As noted above, web site certificates for some sites, such as those that handle financial transactions, can be extremely important, and inappropriate or false identification can have negative consequences.</LI></A><P><A NAME="1040098"><LI><B>Trust this CA to identify email users. </B>If you intend to send email users confidential information in encrypted form, or if accurate identification of email users is important to you for any other reason, you should consider carefully the CA's procedures for identifying prospective certificate owners and whether they are appropriate for your purposes before selecting this option.</LI></A><P><A NAME="1052784"><LI><B>Trust this CA to identify software developers.</B> Selecting this option means that you trust the CA to issue certificates that identify the origin of Java applets and JavaScript scripts requesting special access to your computer, such as the ability to change files. Since such access privileges can be misused, for example to destroy data stored on your hard disk, be very careful about selecting this option unless you are certain that you trust the CA for this purpose.</LI></A></ul>
</ul><A NAME="1049493">
For an overview of Personal Security Manager and network security concepts, see <a href="help.htm#1057187">Introduction to Personal Security Manager</a>.</P></A>
<A NAME="Web Site Certificates"></A><A NAME="1041248">&nbsp</A>
<h2><FONT Face="arial, helvetica, sans-serif" size="+1">
Web Site Certificates</FONT></h2>
<A NAME="1041373">
One of the following windows may appear when you attempt to go to a web site that supports <a href="glossary.htm#998782">authentication</a> and <a href="glossary.htm#999078">encryption</a>:</P></A>
<ul><A NAME="1041252"><LI><a href="help.htm#1036414">New Web Site Certificate</a></LI></A><BR><A NAME="1041263"><LI><a href="help.htm#1036462">Expired Web Site Certificate</a></LI></A><BR><A NAME="1041273"><LI><a href="help.htm#1036465">Web Site Certificate Not Yet Valid</a></LI></A><BR><A NAME="1041282"><LI><a href="help.htm#1036471">Unexpected Certificate Name</a></LI></A><BR></ul><A NAME="New Web Site Certificate"></A><A NAME="1036414">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
New Web Site Certificate</FONT></b></p><A NAME="1040180">
Many web sites use certificates to identify themselves when you visit the site. If Personal Security Manager doesn't recognize the <a href="glossary.htm#1020903">certificate authority (CA)</a> that issued a web site's certificate, it displays the following windows:</P></A>
<ul><P><A NAME="1040184"><LI><B>New Web Site Certificate: Step 1.</B> To examine the certificate, click View. If you believe that this web site is the site the certificate says it is, click Next. If you suspect that the web site is not what it claims to be, you can either click Cancel (in which case you will not connect to the web site) or click Next to go to Step 2.</LI></A><P><A NAME="1040198"><LI><B>New Web Site Certificate: Step 2.</B> If you clicked Next in Step 1, you now have to decide how long you are willing to trust this certificate, if at all:</LI></A><ul>
<P><A NAME="1040219"><LI><B>Accept this certificate permanentl</B>y means that Personal Security Manager will recognize this certificate as legitimate identification until it expires. You should not select this option unless you are absolutely sure that you trust the web site identified by the certificate.</LI></A><P><A NAME="1040237"><LI><B>Accept this certificate temporarily for this session</B> means that Personal Security Manager will recognize this certificate as legitimate identification for this session only. If you select this option, Personal Security Manager will connect with the web site this time, but will display the New Web Site Certificate window again the next time you visit the web site.</LI></A><P><A NAME="1040288"><LI><B>Do not accept this certificate and do not connect to the web site</B> means that Personal Security Manager will not accept this certificate. If you select this option, Personal Security Manager will not connect with this web site this time and will display the New Web Site Certificate window again the next time you visit the web site.</LI></A></ul>
</ul><A NAME="1049516">
For an overview of Personal Security Manager and network security concepts, see <a href="help.htm#1057187">Introduction to Personal Security Manager</a>.</P></A>
<A NAME="Expired Web Site Certificate"></A><A NAME="1036462">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Expired Web Site Certificate</FONT></b></p><A NAME="1040329">
Like a credit card, a driver's license, and many other forms of identification, a <a href="glossary.htm#1018895">certificate</a> is valid for a specified period of time. When a certificate expires, the owner of the certificate needs to get a new one.</P></A>
<A NAME="1036463">
Personal Security Manager displays the Expired Web Site Certificate window when you attempt to visit a web site whose certificate has expired. As the window explains, the first thing you should do is make sure the time and date displayed by your computer is correct. If your computer's clock is set to a date that is after the expiration date, Personal Security Manager treats the web site's certificate as expired. </P></A>
<A NAME="1040353">
You can examine information about the certificate, including its validity period, by clicking the View button.</P></A>
<A NAME="1040354">
The decision whether to trust the site anyway depends on what you intend to do at the site and what else you know about it. Most commercial sites will make sure that they replace their certificates before they expire. </P></A>
<A NAME="1040359">
If you believe the certificate's expiration is an inadvertent error, you may want to accept the certificate anyway for this session and let the webmaster for the site know about the problem. </P></A>
<A NAME="1040360">
If you suspect that there may be a more significant problem, either accept the certificate and be cautious about any actions you take while you are visiting the site, or do not accept the certificate (in which case Personal Security Manager will not connect you to the site).</P></A>
<A NAME="1049526">
For an overview of Personal Security Manager and network security concepts, see <a href="help.htm#1057187">Introduction to Personal Security Manager</a>.</P></A>
<A NAME="Web Site Certificate Not Yet Valid"></A><A NAME="1036465">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Web Site Certificate Not Yet Valid</FONT></b></p><A NAME="1040372">
Like a credit card, a driver's license, and many other forms of identification, a <a href="glossary.htm#1018895">certificate</a> is valid for a specified period of time.</P></A>
<A NAME="1040403">
Personal Security Manager displays the Web Site Certificate Not Yet Valid window when you attempt to visit a web site whose certificate's validity period has not yet started. The first thing you should do is make sure the time and date displayed by your own computer is correct. If your computer's clock is set to the wrong date, Personal Security Manager may treat the web site's certificate not yet valid even if this is not the case. </P></A>
<A NAME="1040420">
You can examine information about the certificate, including its validity period, by clicking the View button.</P></A>
<A NAME="1040421">
The decision whether to trust the site anyway depends on what you intend to do at the site and what else you know about it. Most commercial sites will make sure that the validity period for their certificates has begun before beginning to use them. </P></A>
<A NAME="1040422">
If you believe the certificate's expiration is an inadvertent error, you may want to accept the certificate anyway for this session and let the webmaster for the site know about the problem. </P></A>
<A NAME="1040423">
If you suspect that there may be a more significant problem, either accept the certificate and be cautious about any actions you take while you are visiting the site, or do not accept the certificate (in which case Personal Security Manager will not connect you to the site).</P></A>
<A NAME="1049541">
For an overview of Personal Security Manager and network security concepts, see <a href="help.htm#1057187">Introduction to Personal Security Manager</a>.</P></A>
<A NAME="Unexpected Certificate Name"></A><A NAME="1036471">&nbsp</A>
<p><b><FONT Face="arial, helvetica, sans-serif">
Unexpected Certificate Name</FONT></b></p><A NAME="1036466">
A web site <a href="glossary.htm#1018895">certificate</a> specifies the name of the web site in the form of the site's host name. For example, the host name for Netscape Netcenter is <FONT FACE="courier, courier new, monospace">home.netscape.com</FONT>. If the host name in a web site's certificate doesn't match the actual host name of the web site, it may be a sign that someone is attempting to intercept your communication with the web site.</P></A>
<A NAME="1040473">
The decision whether to trust the site anyway depends on what you intend to do at the site and what else you know about it. Most commercial sites will make sure that the host name for a web site certificate matches the web site's actual host name.</P></A>
<A NAME="1040465">
If you decide to accept the certificate anyway for this session, you should be cautious about what you do on the web site, and you should treat any information you find there as potentially suspect.</P></A>
<A NAME="1049560">
For an overview of Personal Security Manager and network security concepts, see <a href="help.htm#1057187">Introduction to Personal Security Manager</a>.</P></A>
<A NAME="Request for Signature"></A><A NAME="1036488">&nbsp</A>
<h2><FONT Face="arial, helvetica, sans-serif" size="+1">
Request for Signature</FONT></h2>
<A NAME="1036467">
Personal Security Manager displays the Request for Signature window right before submitting a form that requires your digital signature. The upper portion of the window displays the exact text that needs to be signed. If you have more than one certificate available, the drop-down menu near the bottom of the window allows you to choose which of your certificates Personal Security Manager should use when it creates the digital signature. Choose the one that is most likely to be recognized by the web site that is requesting the signature. For example, if the web site is run by a brokerage firm that has issued you a certificate, choose that certificate.</P></A>
<A NAME="1040672">
When you choose a certificate and click OK, Personal Security Manager sends that certificate along with the digital signature and the signed text. When the server receives the signed data, it uses the public key and other information in the certificate to verify that the signature is valid.</P></A>
<A NAME="1056075">
For brief definitions, click <a href="glossary.htm#1018895">certificate</a> or <a href="glossary.htm#1013995">digital signature</a>. For an overview of Personal Security Manager and network security concepts, see <a href="help.htm#1057187">Introduction to Personal Security Manager</a>.</P></A>
<A NAME="1040513">
</P></A>
<BR>
&copy; Copyright 2000 Netscape Communications Corporation
</FONT> </CENTER>
<BR>
</BODY>
</HTML>
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку