CA Risk Authentication Administration Guide › Configure SSL › Enable SSL Between CA Advanced Authentication and CA Risk Authentication Server › For Server Refresh, Restart, Instance Management and Protocol Management Activities › Two-Day SSL
Two-Day SSL
To set up two-way SSL communication between CA Advanced Authentication and CA Risk Authentication Server for server management activities:
- Access CA Advanced Authentication in a Web browser window.
- Log in to CA Advanced Authentication as the MA.
- Activate the Services and Server Configurations tab.
- Ensure that the CA Risk Authentication tab is active.
- Under System Configuration, click the Trusted Certificate Authorities link to display the CA Risk Authentication Server Trusted Certificate Authorities page.
- Set the following information on the page:
- In the Name field, enter the name for the SSL truststore.
- Click the Browse button adjacent to the first Root CAs field and navigate to and select the root certificate of the application server where CA Advanced Authentication is deployed.
- Click the Save button.
- Under Instance Configuration, click the Protocol Configuration link to display the Protocol Configuration page.
- Select the Server Instance for which you want to configure SSL communication.
- In the List of Protocols section, click the Server Management link.
The page to configure the Server Management protocol appears.
- Configure the following fields:
- Click the Save button.
- Restart CA Risk Authentication Server:
- On Windows: Click the Start button, navigate to Settings, Control Panel, Administrative Tools, and Services. Double-click CA Risk Authentication Service from the listed services.
- On UNIX Platforms: Navigate to <install_location>/arcot/bin/ and specify the ./riskfortserver start command in the console window.
- Under System Configuration, click the CA Risk Authentication Connectivity link to display the CA Risk Authentication Connectivity page.
- On the CA Risk Authentication Connectivity page:
- Ensure that the IP address or the host name of CA Risk Authentication Server is correctly set in the Server field.
- Ensure that the Server Management Port is also set to point the CA Risk Authentication Server port that is open to Server Management requests.
- Select SSL from the Transport list.
- Click the Browse button adjacent to the Server CA Root Certificate field to navigate to and select the CA Risk Authentication root certificate.
- Click the Browse button adjacent to the Client Certificate-Key Pair in PKCS#12 field to navigate to and select the root certificate of the application server where CA Advanced Authentication is deployed.
- Enter the PKCS#12 file password in the Client PKCS#12 Password field.
- Click the Save button.
- Restart CA Risk Authentication Server:
- On Windows: Click the Start button, navigate to Settings, Control Panel, Administrative Tools, and Services. Double-click CA Risk Authentication Service from the listed services.
- On UNIX Platforms: Navigate to <install_location>/arcot/bin/ and specify the ./riskfortserver start command in the console window.
- Restart CA Advanced Authentication.
- Verify that CA Risk Authentication Server is enabled for SSL communication by performing the following steps:
- Navigate to the following location:
- Open the arcotriskfortstartup.log file in a text editor.
- Check for the following line:
Started listener for [Server Management] [7980] [SSL] [srvmgrwsprotocol]
If you located this line, then two-way SSL was set successfully.
- Close the file.
Copyright © 2014 CA Technologies.
All rights reserved.
|
|