Two-Way SSL

CA RiskMinder Administration Guide › Configuring SSL › Enable SSL Between Administration Console and RiskMinder Server › For Server Refresh, Restart, Instance Management, and Protocol Management Activities › Two-Way SSL

Two-Way SSL

To set up two-way SSL communication between Administration Console and RiskMinder Server for server management activities:

Access Administration Console in a Web browser window.
Log in to Administration Console as the MA.
Activate the Services and Server Configurations tab.
Ensure that the RiskFort tab is active.
Under System Configuration, click the Trusted Certificate Authorities link to display the Riskfort Server Trusted Certificate Authorities page.
Set the following information on the page:
- In the Name field, enter the name for the SSL truststore.
- Click the Browse button adjacent to the first Root CAs field and navigate to and select the root certificate of the application server where Administration Console is deployed.
Click the Save button.
Under Instance Configuration, click the Protocol Configuration link to display the Protocol Configuration page.
Select the Server Instance for which you want to configure SSL communication.
In the List of Protocols section, click the Server Management link.
The page to configure the Server Management protocol appears.
Configure the following fields:
- Ensure that the Protocol Status is Enabled.
  If not, then select the Change Protocol Status option and then from the Action list, select Enable.
- Ensure that the Port is set to the correct SSL port value.
- Select SSL from the Transport list.
- If you want to store the SSL key on an HSM, then select the Key in HSM option.
- Click the Browse button adjacent to the Server Certificate Chain field to select the RiskMinder Server root certificate.
- (Only if you did not select the Key in HSM option) Click the Browse button adjacent to the Server Private Key field to select the RiskMinder Server private key.
- Select Client Store that you created in Step 6.
Click the Save button.
Restart RiskMinder Server:
- On Windows: Click the Start button, navigate to Settings, Control Panel, Administrative Tools, and Services. Double-click Arcot RiskFort Service from the listed services.
- On UNIX Platforms: Navigate to <install_location>/arcot/bin/ and specify the ./riskfortserver start command in the console window.
Under System Configuration, click the RiskFort Connectivity link to display the RiskFort Connectivity page.
On the RiskFort Connectivity page:
- Ensure that the IP address or the host name of RiskMinder Server is correctly set in the Server field.
- Ensure that the Server Management Port is also set to point the RiskMinder Server port that is open to Server Management requests.
- Select SSL from the Transport list.
- Click the Browse button adjacent to the Server CA Root Certificate field to navigate to and select the RiskMinder root certificate.
- Click the Browse button adjacent to the Client Certificate-Key Pair in PKCS#12 field to navigate to and select the root certificate of the application server where Administration Console is deployed.
- Enter the PKCS#12 file password in the Client PKCS#12 Password field.
Click the Save button.
Restart RiskMinder Server:
- On Windows: Click the Start button, navigate to Settings, Control Panel, Administrative Tools, and Services. Double-click Arcot RiskFort Service from the listed services.
- On UNIX Platforms: Navigate to <install_location>/arcot/bin/ and specify the ./riskfortserver start command in the console window.
Restart Administration Console.
Verify that RiskMinder Server is enabled for SSL communication by performing the following steps:
1. Navigate to the following location:
2. Open the arcotriskfortstartup.log file in a text editor.
3. Check for the following line:
```
Started listener for [Server Management] [7980] [SSL] [srvmgrwsprotocol]
```
  If you located this line, then two-way SSL was set successfully.
4. Close the file.