Two-Way SSL

CA RiskMinder Administration Guide › Configuring SSL › Enable SSL Between Administration Console and Case Management Queuing Server › For Fetching Cases › Two-Way SSL

Two-Way SSL

To set up two-way SSL communication between Administration Console and Case Management Server for case activities:

Access Administration Console in a Web browser window.
Log in to Administration Console as the MA.
Activate the Services and Server Configurations tab.
Ensure that the RiskFort tab is active.
Under System Configuration, click the Trusted Certificate Authorities link to display the Riskfort Server Trusted Certificate Authorities page.
Set the following information on the page:
- In the Name field, enter the name for the SSL truststore.
- Click the Browse button adjacent to the first Root CAs field and navigate to and select the root certificate of the application server where Administration Console is deployed.
Click the Save button.
Under Instance Configuration, click the Protocol Configuration link to display the Protocol Configuration page.
Select the Server Instance for which you want to configure SSL communication.
In the List of Protocols section, click the Case Management Queuing Server link.
The page to configure the Case Management Queuing Server protocol appears.
Configure the following fields:
- Ensure that the Protocol Status is Enabled.
  If not, then select the Change Protocol Status option and then from the Action list, select Enable.
- Ensure that the Port is set to the correct SSL port value.
- Select SSL from the Transport list.
- If you want to store the SSL key on an HSM, then select the Key in HSM option.
- Click the Browse button adjacent to the Server Certificate Chain field to select the RiskMinder Server root certificate.
- (Only if you did not select the Key in HSM option) Click the Browse button adjacent to the Server Private Key field to select the RiskMinder Server private key.
- Select Client Store that you created in Step 6.
Click the Save button.
Restart Case Management Queuing Server:
- On Windows: Click the Start button, navigate to Settings, Control Panel, Administrative Tools, and Services. Double-click Arcot Case Management Queuing Service from the listed services.
- On UNIX Platforms: Navigate to <install_location>/arcot/bin/ and specify the ./casemanagementserver start command in the console window.
Under System Configuration, click the RiskFort Connectivity link to display the RiskFort Connectivity page.
On the RiskFort Connectivity page, under the Case Management Queuing Server Connectivity section:
- Ensure that the IP address or the host name of Case Management Server is correctly set in the Server field.
- Ensure that the Port is also set to point the Case Management Server port that is open to case requests.
- Select SSL from the Transport list.
- Click the Browse button adjacent to the Server CA Root Certificate field to navigate to and select the Case Management Server root certificate.
- Click the Browse button adjacent to the Client Certificate-Key Pair in PKCS#12 field to navigate to and select the root certificate of the application server where Administration Console is deployed.
- Enter the PKCS#12 file password in the Client PKCS#12 Password field.
Click the Save button.
Restart Case Management Queuing Server:
- On Windows: Click the Start button, navigate to Settings, Control Panel, Administrative Tools, and Services. Double-click Arcot Case Management Queuing Service from the listed services.
- On UNIX Platforms: Navigate to <install_location>/arcot/bin/ and specify the ./casemanagementserver start command in the console window.
Restart Administration Console.
Verify that Case Management Server is enabled for SSL communication by performing the following steps:
1. Navigate to the following location:
2. Open the arcotriskfortstartup.log file in a text editor.
3. Check for the following line:
```
Started listener for [Case Management Server] [7779] [SSL] [RiskFortCaseManagement]
```
  If you located this line, then two-way SSL was set successfully.
4. Close the file.