CA Strong Authentication Administration Guide › Configuring SSL › Enable Secured Communication between arwfutil and CA AuthMinder Server › Enable One-Way SSL

Enable One-Way SSL

Follow these steps:

1. Access the Administration Console in a Web browser.
2. Log in to Administration Console as the MA.
3. Click the Services and Server Configurations tab in the main menu.
4. Click the CA Strong Authentication tab in the submenu.
5. Under Instance Configurations, click the Protocol Management link to display the corresponding page.

   The Protocol Configuration page appears.

6. Select the Server Instance for which you want to configure the protocols.
7. In the List of Protocols section, click the Server Management Web Services link.

   The page to configure the protocol appears.

8. Configure the following fields:
   • Ensure that the protocol is enabled.
   • In the Transport field, select SSL (1-Way).
   • Select Key in HSM if you want to store the SSL key in HSM.
   • (Only if you selected Key in HSM in the preceding step) Click the Browse button adjacent to the Certificate Chain (in PEM Format) field to select the CA AuthMinder root certificate.
   • Click the Browse button adjacent to the P12 File Containing Key Pair field to select the CA AuthMinder root certificate.
   • Enter the password for the PKCS#12 store in the P12 File Password field.
9. Click Save.
10. Restart the CA AuthMinder Server instance. See Restarting a Server Instance for instructions on how to restart the CA AuthMinder Server.
11. Navigate to the following location:
    • On Windows:

      <install_location>\Arcot Systems\conf
      

    • On UNIX:

      <install_location>/arcot/conf
      

12. Open the arcotcommon.ini file in an editor window to add the SSL configuration parameters.
    1. Add the following section at the end of the file:

       [arcot/webfort/wfutil]
       Transport=
       ReadTimeOut=
       ServerRootPEM=
       ClientP12=
       ClientP12PwdKey=
       ClientPEM=
       

       The following section explains these parameters:

       Transport

       The communication mode between the arwfutil utility and the CA AuthMinder Server. Following are the supported values:

       • TCP
       • 1SSL
       • 2SSL

         Default: TCP

       ReadTimeout

       The maximum time in milliseconds allowed for a response from CA AuthMinder Server.

       Default: No default.

       ServerRootPEM

       Provide the complete path for the CA certificate file of the server. The file must be in PEM format.

       For example:

       server.CACertPEMPath=<%SystemDrive%>/certs/webfort_ca.pem

       Default: No default.

       (For software encryption) ClientP12

       Provide the path for the client certificate, which is in p12 format.

       Default: No default.

       (For software encryption) ClientP12PwdKey

       Enter the key label that is used to access the client P12 password stored in the securestore.enc file.

       Default: No default.

       (For hardware encryption) ClientPEM

       Provide the complete path for the CA certificate file of the client. The file must be in PEM format.

       Default: No default.

    2. Save the changes and close the file.
13. Verify that the CA AuthMinder Server is enabled for SSL communication by performing the following steps:
    1. Navigate to the following location:
    2. Open the arcotwebfortstartup.log file in a text editor.
    3. Check for the following line in the [ArWFProtocolConfiguration] section of the Server Management Web Services protocol ([ServerManagement-WS]):

       PORTTYPE : [SSL]
       

    4. Close the file.