CA Strong Authentication Web Services Guide › Enabling SSL for Web Services › Setting up SSL › Two-Way SSL

Two-Way SSL

To enable SSL communication mode between Web services and AuthMinder Server:

1. Enable the application server where your client integrated with Web services is deployed for SSL communication. Refer to your application server vendor documentation for more information on how to do this.
2. Log in to Administration Console as the MA.
3. Activate the Services and Server Configurations tab in the main menu.
4. Activate the WebFort tab in the submenu.
5. Under Instance Configurations, click the Trusted Certificate Authorities link to display the corresponding page.

   The Trusted Certificate Authorities page appears.

6. Set the following information:
   • In the Name field, enter the name for the SSL trust store.
   • Click the Browse button to select the root certificate of the application server where Web services client is deployed.
7. Click the Save button.
8. Under Instance Configurations, click the Protocol Management link to display the corresponding page.

   The Protocol Configuration page appears.

9. Select the Server Instance for which you want to configure the protocols.
10. In the List of Protocols section, click the Transaction Web Services link.

    The page to configure the protocol appears.

11. Configure the following fields:
    • Ensure that the protocol is enabled.
    • In the Transport field, select SSL (2-Way).
    • Select Key in HSM if you want to store the SSL key in HSM.
    • (Only if you selected Key in HSM in the preceding step) Click the Browse button adjacent to the Certificate Chain (in PEM Format) field to select the AuthMinder root certificate.
    • Click the Browse button adjacent to the P12 File Containing Key Pair field to select the AuthMinder root certificate.
    • Enter the password for the PKCS#12 store in the P12 File Password field.
    • Select the Client Store that you created in Step 6.
12. Click the Save button.
13. Restart the AuthMinder Server instance.
14. Activate the Services and Server Configurations tab in the main menu.
15. Activate the WebFort tab in the submenu.
16. Under System Configuration, click the WebFort Connectivity link to display the corresponding page.

    The WebFort Connectivity page appears.

17. Set the following for the Transaction Web Services protocol:
    • Ensure that the IP Address and Port number of AuthMinder Server is set appropriately.
    • In the Transport field, select SSL.
    • Click the Browse button adjacent to the Server CA Certificate in PEM field to select the AuthMinder root certificate.
    • Click the Browse button adjacent to the Client Certificate-Key Pair in PKCS#12 field to select the PKCS#12 file that contains the root certificate of the application server where Java SDKs are deployed.
    • Enter the PKCS#12 file password in the Client PKCS#12 Password field.
18. Click the Save button.
19. Restart the AuthMinder Server instance.
20. Verify that the AuthMinder Server is enabled for SSL communication by performing the following steps:
    1. Navigate to the following location:
       • On Windows:

         <install_location>\Arcot Systems\logs
         

       • On UNIX-Based Platforms:

         <install_location>/arcot/logs
         

    2. Open the arcotwebfortstartup.log file in a text editor.
    3. Search for the following section:

       Listing : [Successful listeners(Type-Port-FD)]

    4. In this section, you must find the following line:

       Transaction-WS............................... : [SSL-9744-<Internal_listener_identifier>-[subject [<cert_subject>] issuer [<cert_issuer>] sn [<cert_serial_number>] device [<device_name>]]]
       

    5. Close the file.