CA Strong Authentication Administration Guide › Configuring SSL › Enable Secured Communication between Administration Console and CA AuthMinder Server › Enable Two-Way SSL

Enable Two-Way SSL

Follow these steps:

1. Click the application server where Administration Console is deployed for SSL communication. See your application server vendor documentation for more information about how to do this.
2. Log in to Administration Console using a Master Administrator account.
3. Activate the Services and Server Configurations tab in the main menu.
4. Activate the CA Strong Authentication tab in the submenu.
5. Under Instance Configurations, click the Trusted Certificate Authorities link to display the corresponding page.

   The Trusted Certificate Authorities page appears.

6. Set the following information:
   • In the Name field, enter the name for the SSL trust store.
   • Click the Browse button to select the root certificate of the application server where Administration Console is deployed.
7. Click the Save button.
8. Under Instance Configurations, click the Protocol Management link to display the corresponding page.

   The Protocol Configuration page appears.

9. Select the Server Instance for which you want to configure the protocols.
10. In the List of Protocols section, click the Server Management Web Services link.

    The page to configure the protocol appears.

11. Configure the following fields:
    • Ensure that the protocol is enabled.
    • In the Transport field, select SSL (2-Way).
    • Select Key in HSM if you want to store the SSL key in HSM.
    • (Only if you selected Key in HSM in the preceding step) Click the Browse button adjacent to the Certificate Chain (in PEM Format) field to select the CA AuthMinder root certificate.
    • Click the Browse button adjacent to the P12 File Containing Key Pair field to select the CA AuthMinder root certificate.
    • Enter the password for the PKCS#12 store in the P12 File Password field.
    • Select the Client Store that you created in Step 6.
12. Click Save.
13. Restart the CA AuthMinder Server instance. See Restarting a Server Instance for instructions on how to restart the CA AuthMinder Server.
14. Activate the Services and Server Configurations tab in the main menu.
15. Activate the WebFort tab in the submenu.
16. Under System Configuration, click the WebFort Connectivity link to display the corresponding page.

    The WebFort Connectivity page appears.

17. Set the following for the Server Management Web Services protocol:
    • Ensure that the IP Address and Port number of the CA AuthMinder Server is set appropriately.
    • In the Transport field, select SSL(2-Way).
    • Click the Browse button adjacent to the Server CA Certificate in PEM field to select the CA AuthMinder root certificate.
    • Click the Browse button adjacent to the Client Certificate-Key Pair in PKCS#12 field to select the PKCS#12 file that contains the root certificate of the application server where Administration Console is deployed.
    • Enter the PKCS#12 file password in the Client PKCS#12 Password field.
18. Click the Save button.
19. Restart the CA AuthMinder Server instance. See Restarting a Server Instance for instructions on how to restart the CA AuthMinder Server.
20. Verify that the CA AuthMinder Server is enabled for SSL communication by performing the following steps:
    1. Navigate to the following location:
       • On Windows:

         <install_location>\Arcot Systems\logs
         

       • On UNIX:

         <install_location>/arcot/logs
         

    2. Open the arcotwebfortstartup.log file in a text editor.
    3. Search for the following section:

       Listing : [Successful listeners(Type-Port-FD)]

    4. In this section, you must find the following line:

       ServerManagement-WS............................... : [SSL-9743-<Internal_listener_identifier>-[subject [<cert_subject>] issuer [<cert_issuer>] sn [<cert_serial_number>] device [<device_name>]]]
       

    5. Close the file.