CA Strong Authentication Administration Guide › Configuring SSL › Enable Secured Communication between Java SDKs and CA AuthMinder Server › Enable Two-Way SSL

Enable Two-Way SSL

Follow these steps:

1. Enable the application server where Java SDKs are deployed for SSL communication. See your application server vendor documentation for more information about how to do this.
2. Access the Administration Console in a Web browser.
3. Log in to Administration Console as the MA.
4. Click the Services and Server Configurations tab in the main menu.
5. Click the CA Strong Authentication tab in the submenu.
6. Under Instance Configurations, click the Trusted Certificate Authorities link to display the corresponding page.

   The Trusted Certificate Authorities page appears.

7. Set the following information:
   • In the Name field, enter the name for the SSL trust store.
   • Click the Browse button to select the root certificate of the application server where Java SDKs are deployed.
8. Click Save.
9. Under Instance Configurations, click the Protocol Management link to display the corresponding page.

   The Protocol Configuration page appears.

10. Select the Server Instance for which you want to configure the protocols.
11. In the List of Protocols section, click the Transaction Native link.

    The page to configure the protocol appears.

12. Configure the following fields:
    • Ensure that the protocol is enabled.
    • In the Transport field, select SSL (2-Way).
    • Select Key in HSM if you want to store the SSL key in HSM.
    • (Only if you selected Key in HSM in the preceding step) Click the Browse button adjacent to the Certificate Chain (in PEM Format) field to select the CA AuthMinder root certificate.
    • Click the Browse button adjacent to the P12 File Containing Key Pair field to select the CA AuthMinder root certificate.
    • Enter the password for the PKCS#12 store in the P12 File Password field.
    • Select the Client Store that you created in Step 7.
13. Click the Save button.
14. Restart the CA AuthMinder Server instance. See Restarting a Server Instance for instructions on how to restart the CA AuthMinder Server.
15. Click the Services and Server Configurations tab in the main menu.
16. Click the CA Strong Authentication tab in the submenu.
17. Under System Configuration, click the WebFort Connectivity link to display the corresponding page.

    The WebFort Connectivity page appears.

18. Set the following for the Transaction Native protocol:
    • Ensure that the IP Address and Port number of the CA AuthMinder Server is set appropriately.
    • In the Transport field, select SSL(2-Way).
    • Click the Browse button adjacent to the Server CA Certificate in PEM field to select the CA AuthMinder root certificate.
    • Click the Browse button adjacent to the Client Certificate-Key Pair in PKCS#12 field to select the PKCS#12 file that contains the root certificate of the application server where Java SDKs are deployed.
    • Enter the PKCS#12 file password in the Client PKCS#12 Password field.
19. Click the Save button.
20. Restart the CA AuthMinder Server instance. See Restarting a Server Instance for instructions on how to restart the CA AuthMinder Server.
21. Navigate to the following location:
    • On Windows:

      <install_location>\Arcot Systems\sdk\client\java\properties
      

    • On UNIX:

      <install_location>/arcot/sdk/client/java/properties
      

22. Open the webfort.authentication.properties file in an editor window.
    1. Set the following parameters:
       • authentication.transport = 2SSL (By default, this parameter is set to TCP.)
       • authentication.serverCACertPEMPath = <absolute_path_of_Root_Certificate_in_PEM_FORMAT>

       For example, you can specify authentication.serverCACertPEMPath = <install_location>/certs/<ca_cert>.pem.

       • authentication.clientCertKeyP12Path = <absolute_path_of_Client_Certificate_in_P12_FORMAT>
       • authentication.clientCertKeyPassword = Password for the client PKCS#12 file.

       Note: See "Configuration Files and Options" in the CA AuthMinder Installation Guide for more information about the webfort.authentication.properties file.

    2. Save the changes and close the file.
23. Open the webfort.issuance.properties file in an editor window.
    1. Set the following parameters:
       • issuance.transport = SSL (By default, this parameter is set to TCP.)
       • issaunce.serverCACertPEMPath = <absolute_path_of_Root_Certificate_in_PEM_FORMAT>

       For example, you can specify issuance.serverCACertPEMPath = <install_location>/certs/<ca_cert>.pem.

       • issuance.clientCertKeyP12Path = <absolute_path_of_Client_Certificate_in_P12_FORMAT>
       • issuance.clientCertKeyPassword = Password for the client PKCS#12 file.

       Note: See "Configuration Files and Options" in the CA AuthMinder Installation Guide for more information about the webfort.issuance.properties file.

    2. Save the changes and close the file.
24. Restart the application server where your Java SDKs are deployed.
25. Verify that the CA AuthMinder Server is enabled for SSL communication by performing the following steps:
    1. Navigate to the following location:
       • On Windows:

       <install_location>\Arcot Systems\logs

       • On UNIX-Based Platforms:

       <install_location>/arcot/logs

    2. Open the arcotwebfortstartup.log file in a text editor.
    3. Search for the following section:

       Listing : [Successful listeners(Type-Port-FD)]

    4. In this section, you must find the following line:

       Transaction-Native............................... : [SSL-9742-<Internal_listener_identifier>-[subject [<cert_subject>] issuer [<cert_issuer>] sn [<cert_serial_number>] device [<device_name>]]]
       

    5. Close the file.