1. After you install IIS 3.0 in NT Server 4.0, reinstall Service Pack (SP) 2 or SP3.
2. Add four WebCA directoriesdocadm, doccli, cgi-adm, and cgi-clito IIS Web directories. Assign read permission to docadm and doccli, and read and execute permissions to cgi-adm and cgi-cli.
3. You can use IE 3.02 as the WebCA administrator's browser, but you must install Microsoft JavaScript 2.0 on the workstation. You can download JavaScript 2.0 from http://www.microsoft.com/jscript.
4. If your IE can't connect to an SSL-enabled Web server, clear the PCT (Private Communications TechnologyMicrosoft's SSL-like Internet security protocol) setting in View, Options, Advanced, Cryptography Settings.
5. In the server certificate application form, be sure to use the fully qualified name of the IIS server name as the DNS name (e.g., www.acme.com). Netscape Navigator gives a warning message when it connects to a server that has a different server name in the server certificate.
6. IIS lets you use SSL at the directory level. Enable SSL over only directories having pages that contain sensitive information. SSL encrypts every item (including graphics) on a page and increases transmission time.
7. To remove a browser certificate for IE 3.x in an NT workstation, delete the certificate file at c:\winnt\profiles\username\personal and delete the Registry entry of the private key name of the certificate at HKEY_CURRENT_USER\Software\Microsoft\Cryptography\Userkeys.
