CA AuthMinder Java Developer's Guide › Additional Settings › Setting up SSL › Two-Way SSL

Two-Way SSL

To enable SSL communication mode between Java SDKs and AuthMinder Server:

1. Enable the application server where Java SDKs are deployed for SSL communication. Refer to your application server vendor documentation for more information on how to do this.
2. Access the Administration Console in a Web browser.
3. Log in to Administration Console as the MA.
4. Activate the Services and Server Configurations tab in the main menu.
5. Activate the WebFort tab in the submenu.
6. Under Instance Configurations, click the Trusted Certificate Authorities link to display the corresponding page.

   The Trusted Certificate Authorities page appears.

7. Set the following information:
   • In the Name field, enter the name for the SSL trust store.
   • Click the Browse button to select the root certificate of the application server where Java SDKs are deployed.
8. Click the Save button.
9. Under Instance Configurations, click the Protocol Management link to display the corresponding page.

   The Protocol Configuration page appears.

10. Select the Server Instance for which you want to configure the protocols.
11. In the List of Protocols section, click the Transaction Native link.

    The page to configure the protocol appears.

12. Configure the following fields:
    • Ensure that the protocol is enabled.
    • In the Transport field, select SSL (2-Way).
    • Select Key in HSM if you want to store the SSL key in HSM.
    • (Only if you selected Key in HSM in the preceding step) Click the Browse button adjacent to the Certificate Chain (in PEM Format) field to select the AuthMinder root certificate.
    • Click the Browse button adjacent to the P12 File Containing Key Pair field to select the AuthMinder root certificate.
    • Enter the password for the PKCS#12 store in the P12 File Password field.
    • Select the Client Store that you created in Step 7.
13. Click the Save button.
14. Restart the AuthMinder Server instance.
15. Activate the Services and Server Configurations tab in the main menu.
16. Activate the WebFort tab in the submenu.
17. Under System Configuration, click the WebFort Connectivity link to display the corresponding page.

    The WebFort Connectivity page appears.

18. Set the following for the Transaction Native protocol:
    • Ensure that the IP Address and Port number of the AuthMinder Server is set appropriately.
    • In the Transport field, select SSL.
    • Click the Browse button adjacent to the Server CA Certificate in PEM field to select the AuthMinder root certificate.
    • Click the Browse button adjacent to the Client Certificate-Key Pair in PKCS#12 field to select the PKCS#12 file that contains the root certificate of the application server where Java SDKs are deployed.
    • Enter the PKCS#12 file password in the Client PKCS#12 Password field.
19. Click the Save button.
20. Restart the AuthMinder Server instance.
21. Navigate to the following location:
    • On Windows:

      <install_location>\Arcot Systems\sdk\client\java\properties
      

    • On UNIX-Based Platforms:

      <install_location>/arcot/sdk/client/java/properties
      

22. Open the webfort.authentication.properties file in an editor window.
    1. Set the following parameters:
       • authentication.transport = SSL (By default, this parameter is set to TCP.)
       • authentication.serverCACertPEMPath = <absolute_path_of_Root_Certificate_in_PEM_FORMAT>

       For example, you can specify authentication.serverCACertPEMPath = <install_location>/certs/<ca_cert>.pem.

       Book: Refer to appendix, "Configuration Files and Options" in the CA AuthMinder Installation and Deployment Guide for more information on the webfort.authentication.properties file.

    2. Save the changes and close the file.
23. Open the webfort.issuance.properties file in an editor window.
    1. Set the following parameters:
       • issuance.transport = SSL (By default, this parameter is set to TCP.)
       • issaunce.serverCACertPEMPath = <absolute_path_of_Root_Certificate_in_PEM_FORMAT>

       For example, you can specify issuance.serverCACertPEMPath = <install_location>/certs/<ca_cert>.pem.

       Book: Refer to appendix, "Configuration Files and Options" in the CA AuthMinder Installation and Deployment Guide for more information on the webfort.issuance.properties file.

    2. Save the changes and close the file.
24. Restart the application server where your Java SDKs are deployed.
25. Verify that the AuthMinder Server is enabled for SSL communication by performing the following steps:
    1. Navigate to the following location:
       • On Windows:

         <install_location>\Arcot Systems\logs
         

       • On UNIX-Based Platforms:

         <install_location>/arcot/logs
         

    2. Open the arcotwebfortstartup.log file in a text editor.
    3. Search for the following section:

       Listing : [Successful listeners(Type-Port-FD)]
       

    4. In this section, you must find the following line:

       Transaction-Native............................... : [SSL-9742-<Internal_listener_identifier>-[subject [<cert_subject>] issuer [<cert_issuer>] sn [<cert_serial_number>] device [<device_name>]]]
       

    5. Close the file.