CA Risk Authentication Administration Guide › Configure SSL › Prepare for SSL Communication › Enable SSL Between CA Advanced Authentication and CA Risk Authentication Case Management Server › For Server Refresh and Restart Activities › Two-Way SSL
Two-Way SSL
To set up two-way SSL communication between CA Advanced Authentication and Case Management Queuing Server for server management activities:
- Access CA Advanced Authentication in a Web browser window.
- Log in to CA Advanced Authentication as the MA.
- Activate the Services and Server Configurations tab.
- Ensure that the CA Risk Authentication tab is active.
- Under System Configuration, click the Trusted Certificate Authorities link to display the CA Risk Authentication Server Trusted Certificate Authorities page.
- Set the following information on the page:
- In the Name field, enter the name for the SSL truststore.
- Click the Browse button adjacent to the first Root CAs field and navigate to and select the root certificate of the application server where CA Advanced Authentication is deployed.
- Click the Save button.
- Under Instance Configuration, click the Protocol Configuration link to display the Protocol Configuration page.
- Select the Server Instance for which you want to configure SSL communication.
- In the List of Protocols section, click the Case Management Queuing Administration link.
The page to configure the Case Management Queuing Administration protocol appears.
- Configure the following fields:
- Click the Save button.
- Restart Case Management Queuing Server:
- On Windows: Click the Start button, navigate to Settings, Control Panel, Administrative Tools, and Services. Double-click Arcot Case Management Queuing Service from the listed services.
- On UNIX Platforms: Navigate to <install_location>/arcot/bin/ and specify the ./casemanagementserver start command in the console window.
- Under System Configuration, click the CA Risk Authentication Connectivity link to display the CA Risk Authentication Connectivity page.
- On the CA Risk Authentication Connectivity page:
- Ensure that the IP address or the host name of Case Management Server is correctly set in the Server field.
- Ensure that the Server Management Port is also set to point the Case Management Server port that is open to Server Management requests.
- Select SSL from the Transport list.
- Click the Browse button adjacent to the Server CA Root Certificate field to navigate to and select the Case Management Server root certificate.
- Click the Browse button adjacent to the Client Certificate-Key Pair in PKCS#12 field to navigate to and select the root certificate of the application server where CA Advanced Authentication is deployed.
- Enter the PKCS#12 file password in the Client PKCS#12 Password field.
- Click the Save button.
- Restart Case Management Queuing Server:
- On Windows: Click the Start button, navigate to Settings, Control Panel, Administrative Tools, and Services. Double-click Arcot Case Management Queuing Service from the listed services.
- On UNIX Platforms: Navigate to <install_location>/arcot/bin/ and specify the ./casemanagementserver start command in the console window.
- Restart CA Advanced Authentication.
- Verify that Case Management Server is enabled for SSL communication by performing the following steps:
- Navigate to the following location:
- Open the arcotriskfortcasemgmtserverstartup.log file in a text editor.
- Check for the following line:
Started listener for [Case Management Admin] [7780] [SSL] [srvmgrwsprotocol]
If you located this line, then two-way SSL was set successfully.
- Close the file.
Copyright © 2014 CA Technologies.
All rights reserved.
|
|