Network Computingwww.networkcomputing.com

No Scary Surprises But such complaints aside, the server performed without any surprises and appeared to be quite stable once we had it up and running. Certificate Server relies on its Informix database for key storage and management, but the database must be running before the Certificate Server can be installed. Although we're comfortable with Informix as the database of choice, its necessity adds another layer of complexity when troubleshooting. Fortunately, nothing went wrong during our testing.

Typical of any Netscape server line, most of the administration is done via the browser, and administrators get a decent set of tools. To request a certificate, users fill out an included form, which go es to the administration queue for approval over a separate, secured page. When a request is approved and a certificate is issued, the server can e-mail the administrator with a URL of where to pick up the certificate. From the user's perspective, dealing with the Netscape Certificate Server is like dealing with a larger public CA--the same ease of use is there.

However, Certificate Server's 1.0 strength lies not in the server itself but in its potential to integrate into a fully functioning public key infrastructure (PKI). Netscape's Certificate Server interoperates with the Lightweight Directory Access Protocol (LDAP)-based Netscape Directory Server, which in turn works with the Netscape Mail Server. This trio, combined with Secure/

Multipurpose Internet Mail Extensions (S/MIME) and other e-mail capabilities expected to be included in the final release of Netscape's Communicator (the next version of Navigator), will allow Netscape to offer a significant contribution to a standards-based environment --provided all the pieces are implemented correctly.

Xcert Software's Sentry CA
If you're one of those people who thinks all Unix-based products are plagued by intricate installations that require deeper knowledge of the OS, you're in for a surprise with Xcert's Sentry CA. Netscape should take some lessons from Xcert: We installed Xcert's Sentry CA product on Solaris x86, and it took all of 10 minutes--it was that simple. Best of all, the brief documentation was completely accurate. Once up, Xcert's Sentry CA functions much like Netscape's server. Users may request certificates via included forms, administrators can approve and e-mail responses, and everything can be done using standard browsers. Where Sentry CA varies from other CAs is in its back end. Xcert uses its own database, called XUDA, which communicates via SSL-LDAP. By using LDAP securely, companies can create robust certificate systems incorporating multiple servers, all using industry-standard proto cols.

Xcert is working with Fischer International Systems Corp. to create an S/MIME client that takes advantage of Fischer's smart-card products. Although Xcert doesn't have the internal product tie-ins Netscape can offer, what it does have works very well.

Frontier Technologies Corp.'s e-Lock
Frontier takes a package approach to certificate authentication: Its e-Lock product ties right into its other TCP/IP-based applications. We tested e-Lock, which includes a Simple Mail Transfer Protocol/Post Office Protocol (SMTP/POP)-based mail server, Web server and a certificate issuer, using NT 4.0 on an Intel platform. Frontier is one of the first vendors to have a Windows-based client that supports S/MIME--a protocol that uses public key encryption over e-mail.