Previous Topic: Enable SSL Between arwfutil and AuthMinder ServerNext Topic: Two-Way SSL

CA AuthMinder Administration GuideConfiguring SSLEnable SSL Between arwfutil and AuthMinder ServerOne-Way SSL

One-Way SSL

Perform the following steps to enable one-way SSL between arwfutil and the AuthMinder Server:

  1. Access the Administration Console in a Web browser.
  2. Log in to Administration Console as the MA.
  3. Activate the Services and Server Configurations tab in the main menu.
  4. Activate the WebFort tab in the submenu.
  5. Under Instance Configurations, click the Protocol Management link to display the corresponding page.

    The Protocol Configuration page appears.

  6. Select the Server Instance for which you want to configure the protocols.
  7. In the List of Protocols section, click the Server Management Web Services link.

    The page to configure the protocol appears.

  8. Configure the following fields:
  9. Click the Save button.
  10. Restart the AuthMinder Server instance. See "Restarting a Server Instance" for instructions on how to restart the AuthMinder Server.
  11. Navigate to the following location:
  12. Open the arcotcommon.ini file in an editor window to add the SSL configuration parameters.
    1. Add the following section at the end of the file: 
      [arcot/webfort/wfutil]
Transport=
ReadTimeOut=
ServerRootPEM=
ClientP12=
ClientP12PwdKey=
ClientPEM=

      The following table explains these parameters:

Parameter

Default Value

Description

Transport

TCP

The communication mode between the arwfutil utility and the AuthMinder Server. Following are the supported values:

  • TCP
  • 1SSL
  • 2SSL

ReadTimeout

No Default

The maximum time in milliseconds allowed for a response from AuthMinder Server.

ServerRootPEM

No Default

 

Provide the complete path for the CA certificate file of the server. The file must be in PEM format.

For example:

server.CACertPEMPath=<%SystemDrive%>/certs/webfort_ca.pem

(For software encryption) ClientP12

No Default

Provide the path for the client certificate, which is in p12 format.

(For software encryption) ClientP12PwdKey

No Default

Enter the key label that is used to access the client P12 password stored in the securestore.enc file.

(For hardware encryption)

ClientPEM

No Default

 

Provide the complete path for the CA certificate file of the client. The file must be in PEM format.
  1. Save the changes and close the file.
  1. Verify that the AuthMinder Server is enabled for SSL communication by performing the following steps:
    1. Navigate to the following location:
    2. Open the arcotwebfortstartup.log file in a text editor.
    3. Check for the following line in the [ArWFProtocolConfiguration] section of the Server Management Web Services protocol ([ServerManagement-WS]): 
      PORTTYPE : [SSL]
    4. Close the file.