CA Risk Authentication Administration Guide › Configure SSL › To enable two-way SSL communication mode between the Risk Evaluation Web service and CA Risk Authentication Server › Two-Way SSL

Two-Way SSL

To enable two-way SSL communication mode between the Administration Web Service and CA Risk Authentication Server:

1. Log in to CA Advanced Authentication as the MA.
2. Activate the Services and Server Configurations tab in the main menu.
3. Ensure that the CA Risk Authentication tab in the sub menu is active.
4. Under System Configuration, click the Trusted Certificate Authorities link to display the CA Risk Authentication Server Trusted Certificate Authorities page.
5. Set the following information on the page:
   • In the Name field, enter the name for the SSL truststore.
   • Click the Browse button adjacent to the first Root CAs field and navigate to and select the root certificate of the application server where your Web services client is deployed.
6. Click the Save button.
7. Under Instance Configuration, click the Protocol Configuration link to display the Protocol Configuration page.
8. Select the Server Instance for which you want to configure the SSL communication.
9. In the List of Protocols section, click the Administration Web Service link.

   The page to configure Administration Web Service protocol appears.

10. Configure the following fields:
    • Ensure that the Protocol Status is Enabled.

      If not, then select the Change Protocol Status option and then from the Action list, select Enable.

    • Ensure that the Port is set to the correct SSL port value.
    • Select SSL from the Transport list.
    • If you want to store the SSL key on an HSM, then select the Key in HSM option.
    • Click the Browse button adjacent to the Server Certificate Chain field to select the CA Risk Authentication Server root certificate.
    • (Only if you did not select the Key in HSM option) Click the Browse button adjacent to the Server Private Key field to select the CA Risk Authentication Server private key.
    • Select the Client Store that you created in Step 5.
11. Click the Save button.
12. Restart CA Risk Authentication Server:
    • On Windows: Click the Start button, navigate to Settings, Control Panel, Administrative Tools, and Services. Double-click CA Risk Authentication Service from the listed services.
    • On UNIX Platforms: Navigate to <install_location>/arcot/bin/ and specify the ./riskfortserver start command in the console window.
13. Verify that CA Risk Authentication Server is enabled for SSL communication by performing the following steps:
    1. Navigate to the following location:
    2. Open the arcotriskfortstartup.log file in a text editor.
    3. Check for the following line:

       Started listener for [RiskFort Admin WS] [7777] [SSL] [aradminwsprotocol]
       

       If you located this line, then two-way SSL was set successfully.

    4. Close the file.