RiskMinder Java Developer's Guide › Additional SDK Configurations › RM_3.1--Setting Up SSL Communication Between Java SDK and RiskMinder Server › Configuring One-Way SSL

Configuring One-Way SSL

To set up one-way SSL between the Risk Evaluation SDK and RiskFort Server, you must first configure the RiskFort Native (SSL) protocol by using Administration Console and then configure the riskfort.risk-evaluation.properties file.

To configure one-way SSL between Java SDK and RiskFort Server:

1. Ensure that you are logged in as the MA.
2. Activate the Services and Server Configurations tab in the main menu.
3. Ensure that the RiskFort tab is active.
4. Under the Instance Configuration section, click the Protocol Configuration link to display the Protocol Configuration page.
5. Select the Server Instance for which you want to configure the SSL.
6. In the List of Protocols section, click the Native (SSL) protocol link to display the page for configuring the protocol.
7. Configure the following fields:
   • Ensure that the Protocol Status is Enabled.

     If not, then select the Change Protocol Status option and then from the Action list, select Enable.

   • Ensure that the Port is set to the correct SSL port value.
   • Select SSL from the Transport list.
   • If you want to store the SSL key on an HSM, then select the Key in HSM option.
   • Click the Browse button adjacent to the Server Certificate Chain field to select RiskFort Server root certificate.
   • (Only if you did not select the Key in HSM option) Click the Browse button adjacent to the Server Private Key field to select RiskFort Server private key.
8. Click the Save button.
9. Restart RiskFort Server:
   • On Microsoft Windows: Click the Start button, navigate to Settings, Control Panel, Administrative Tools, and Services. Double-click Arcot RiskFort Service from the listed services.
   • On UNIX-Based Platforms: Navigate to <install_location>/arcot/bin/ and specify the ./riskfortserver start command in the console window.
10. Navigate to the following location:
    • On Microsoft Windows:

      <install_location>\Arcot Systems\sdk\java\properties\
      

    • On UNIX-Based Platforms:

      <install_location>/arcot/sdk/java/properties/
      

11. Open the riskfort.risk-evaluation.properties file in an editor window of your choice.

    Book: Refer to appendix, "Configuration Files and Options" in CA RiskMinder Installation and Deployment Guide for more information on the riskfort.risk-evaluation.properties file.

    1. Set the following parameters:
       • TRANSPORT_TYPE= SSL (By default, this parameter is set to TCP.)
       • CA_CERT_FILE= <absolute_path_to_Server_root_certificate_in_PEM_format>

         For example, you can specify one of the following:

         CA_CERT_FILE=<install_location>/certs/<ca_cert>.pem

         CA_CERT_FILE=<install_location>\\certs\\<ca_cert>.pem

         For example, you can specify CA_CERT_FILE= <install_location>/certs/<ca_cert>.pem.

         Important! In the absolute path that you specify, ensure that you use \\ or / instead of \. This is because the change might not work, if you use the conventional \ that is used in Microsoft Windows for specifying paths.

       • CLIENT_P12_FILE=cliencert.p12
       • CLIENT_P12_PASSWORD=******
    2. Save the changes and close the file.
12. Restart the application server where your Java SDK is deployed.