Previous Topic: Root and Server CertificatesNext Topic: Use Third-Party Root and Server Certificates


Enable SSL Encryption

You configure encryption settings when you install CA ControlMinder. After installation, you can use the sechkey utility to change SSL encryption. You may also need to change the value of configuration settings.

Important! To avoid communication problems, use the same encryption method on all computers that run CA ControlMinder components.

To enable SSL encryption

  1. Stop CA ControlMinder.

    If you are changing the encryption settings on a CA ControlMinder Enterprise Management Server, also stop the CA ControlMinder Web Service.

  2. Change the value of the communication_mode configuration setting in the crypto section to one of the following:
    all_modes

    Specify this value if you want to enable both symmetric and SSL encryption. This value lets the computer communicate with all CA ControlMinder components.

    Note: If you specify this value, CA ControlMinder uses SSL encryption each time that it tries to communicate with another CA ControlMinder component. If SSL fails, it then uses symmetric encryption. This value lets you migrate your CA ControlMinder deployment from a symmetric encryption environment to an SSL encryption environment.

    use_ssl

    Specify this value to enable SSL encryption only. This value lets the computer communicate with only the CA ControlMinder components that use SSL encryption.

    Note: (Windows) If you are working with a third-party program that uses the CA ControlMinder SDK, the crypto section is located at the CA ControlMinder SDK registry path that you defined during installation.

  3. (Recommended) Configure SSL communication to do one of the following:

    Note: If you do not configure SSL encryption further, you can use the default CA ControlMinder X.509 certificates to encrypt and authenticate communication between CA ControlMinder components. However, we recommend that you change the default certificates instead.

  4. Start CA ControlMinder:

    SSL encryption is enabled.

More information:

crypto

crypto