CA Risk Authentication Administration Guide › Configure SSL › Enable SSL Between CA Advanced Authentication and CA Risk Authentication Server › For Rule Configurations Activities › One-Way SSL

One-Way SSL

To set up one-way SSL communication between CA Advanced Authentication and CA Risk Authentication Server for administrative activities:

1. Access CA Advanced Authentication in a Web browser window.
2. Log in to CA Advanced Authentication as the MA.
3. Activate the Services and Server Configurations tab.
4. Ensure that the CA Risk Authentication subtab is activated.
5. Under Instance Configuration, click the Protocol Configuration link to display the Protocol Configuration page.
6. Select the Server Instance for which you want to configure SSL communication.
7. In the List of Protocols section, click the Administration Web Service link.

   The page to configure the Administration Web Service protocol appears.

8. Configure the following fields:
   • Ensure that the Protocol Status is Enabled.

     If not, then select the Change Protocol Status option and then from the Action list, select Enable.

   • Ensure that the Port is set to the correct SSL port value.
   • Select SSL from the Transport list.
   • If you want to store the SSL key on an HSM, then select the Key in HSM option.
   • Click the Browse button adjacent to the Server Certificate Chain field to select the CA Risk Authentication Server root certificate.
   • (Only if you did not select the Key in HSM option) Click the Browse button adjacent to the Server Private Key field to select the CA Risk Authentication Server private key.
9. Click the Save button.
10. Restart CA Risk Authentication Server:
    • On Windows: Click the Start button, navigate to Settings, Control Panel, Administrative Tools, and Services. Double-click CA Risk Authentication Service from the listed services.
    • On UNIX Platforms: Navigate to <install_location>/arcot/bin/ and specify the ./riskfortserver start command in the console window.
11. Under System Configuration, click the CA Risk Authentication Connectivity link to display the CA Risk Authentication Connectivity page.
12. Scroll down to the CA Risk Authentication Administration Connectivity section.
13. In the CA Risk Authentication Administration Connectivity section:
    • Ensure that the IP address or the host name of CA Risk Authentication Server is correctly set in the Server field.
    • Ensure that the Server Management Port is also set to point the CA Risk Authentication Server port that is open to Administration Web Service requests.
    • Select SSL from the Transport list.
    • Click the Browse button adjacent to the Server CA Root Certificate field to navigate to and select the CA Risk Authentication root certificate.
14. Click the Save button.
15. Restart CA Risk Authentication Server:
    • On Windows: Click the Start button, navigate to Settings, Control Panel, Administrative Tools, and Services. Double-click CA Risk Authentication Service from the listed services.
    • On UNIX Platforms: Navigate to <install_location>/arcot/bin/ and specify the ./riskfortserver start command in the console window.
16. Restart CA Advanced Authentication