RiskMinder Java Developer's Guide › Additional SDK Configurations › RM_3.1--Setting Up SSL Communication Between Java SDK and RiskMinder Server › Configuring Two-Way SSL

Configuring Two-Way SSL

To set up two-way SSL between the Risk Evaluation SDK and RiskMinder Server, you must first upload the root certificates for the CAs trusted by RiskMinder, then configure the RiskFort Native (SSL) protocol by using Administration Console, and finally configure the riskfort.risk-evaluation.properties file.

To configure two-way SSL between Java SDK and RiskMinder Server:

1. Enable the application server where Java SDKs are deployed for SSL communication.

   Refer to your application server vendor documentation for detailed information.

2. Log in to Administration Console using a Master Administrator account.
3. Activate the Services and Server Configurations tab in the main menu.
4. Ensure that the RiskFort tab is active.
5. Under the Instance Configuration section, click the Protocol Configuration link to display the Protocol Configuration page.
6. Under System Configuration, click the Trusted Certificate Authorities link to display the RiskMinder Server Trusted Certificate Authorities page.
7. Set the following information on the page:
   • In the Name field, enter the name for the SSL trust store.
   • Click the Browse button adjacent to the first Root CAs field and navigate to and select the root certificate of the application server where Java SDKs are deployed.
8. Click the Save button.
9. Under the Instance Configuration section, click the Protocol Configuration link to display the Protocol Configuration page.
10. Select the Server Instance for which you want to configure the SSL.
11. In the List of Protocols section, click the Native (SSL) protocol link to display the page for configuring the protocol.
12. Configure the following fields:
    • Ensure that the Protocol Status is Enabled.

      If not, then select the Change Protocol Status option and then from the Action list, select Enable.

    • Ensure that the Port is set to the correct SSL port value.
    • Select SSL from the Transport list.
    • If you want to store the SSL key on an HSM, then select the Key in HSM option.
    • Click the Browse button adjacent to the Server Certificate Chain field to select the RiskMinder Server root certificate.
    • (Only if you did not select the Key in HSM option) Click the Browse button adjacent to the Server Private Key field to select the RiskMinder Server private key.
    • Select the Client Store that you created in Step 7.
13. Click the Save button.
14. Restart RiskMinder Server:
    • On Microsoft Windows: Click the Start button, navigate to Settings, Control Panel, Administrative Tools, and Services. Double-click Arcot RiskFort Service from the listed services.
    • On UNIX-Based Platforms: Navigate to <install_location>/arcot/bin/ and specify the ./riskfortserver start command in the console window.
15. Navigate to the following location:
    • On Microsoft Windows:

      <install_location>\Arcot Systems\sdk\java\properties\
      

    • On UNIX-Based Platforms:

      <install_location>/arcot/sdk/java/properties/
      

16. Open the riskfort.risk-evaluation.properties file in an editor window of your choice.

    Book: Refer to appendix, "Configuration Files and Options" in CA RiskMinder Installation and Deployment Guide for more information on the riskfort.risk-evaluation.properties file.

    1. Set the following parameters:
       • TRANSPORT_TYPE= SSL (By default, this parameter is set to TCP.)
       • CA_CERT_FILE= <absolute_path_to_Server_root_certificate_in_PEM_format>

       For example, you can specify one of the following:

       • CA_CERT_FILE=<install_location>/certs/<ca_cert>.pem
       • CA_CERT_FILE=<install_location>\\certs\\<ca_cert>.pem

       For example, you can specify CA_CERT_FILE= <install_location>/certs/<ca_cert>.pem.

       Important! In the absolute path that you specify, ensure that you use \\ or / instead of \. This is because the change might not work, if you use the conventional \ that is used in Microsoft Windows for specifying paths.

    2. Save the changes and close the file.
17. Restart the application server where your Java SDK is deployed.
18. Verify that RiskMinder Server is enabled for SSL communication by performing the following steps:
    1. Navigate to the following location:
    2. Open the arcotriskfortstartup.log file in a text editor.
    3. Check for the following line:

       Started listener for [RiskFort Native (SSL)] [7681] [SSL] [RiskFort]
       

       If you located this line, then two-way SSL was set successfully.

    4. Close the file.