Two-Way SSL

CA AuthMinder Administration Guide › Configuring SSL › Enable SSL Between arwfutil and AuthMinder Server › Two-Way SSL

Two-Way SSL

Perform the following steps to enable two-way SSL between arwfutil and the AuthMinder Server:

Log in to Administration Console using a Master Administrator account.
Activate the Services and Server Configurations tab in the main menu.
Activate the WebFort tab in the submenu.
Under Instance Configurations, click the Trusted Certificate Authorities link to display the corresponding page.
The Trusted Certificate Authorities page appears.
Set the following information:
- In the Name field, enter the name for the SSL trust store.
- Click the Browse button to select the root certificate used by arwfutil.
Click the Save button.
Under Instance Configurations, click the Protocol Management link to display the corresponding page.
The Protocol Configuration page appears.
Select the Server Instance for which you want to configure the protocols.
In the List of Protocols section, click the Server Management Web Services link.
The page to configure the protocol appears.
Configure the following fields:
- Ensure that the protocol is enabled.
- In the Transport field, select SSL (2-Way).
- Select Key in HSM if you want to store the SSL key in HSM.
- (Only if you selected Key in HSM in the preceding step) Click the Browse button adjacent to the Certificate Chain (in PEM Format) field to select the AuthMinder root certificate.
- Click the Browse button adjacent to the P12 File Containing Key Pair field to select the AuthMinder root certificate.
- Enter the password for the PKCS#12 store in the P12 File Password field.
- Select the Client Store that you created in Step 6.
Click the Save button.
Restart the AuthMinder Server instance. See "Restarting a Server Instance" for instructions on how to restart the AuthMinder Server.

Navigate to the following location:

On Windows:
```
<install_location>\Arcot Systems\conf
```
On UNIX-Based Platforms:
```
<install_location>/arcot/conf
```

Open the arcotcommon.ini file in an editor window to add the SSL configuration parameters.
1. Add the following section at the end of the file:
```
[arcot/webfort/wfutil]
Transport=
ReadTimeOut=
ServerRootPEM=
ClientP12=
ClientP12PwdKey=
ClientPEM=
```
  The following table explains these parameters:

Parameter	Default Value	Description
Transport	TCP	The communication mode between the arwfutil utility and the AuthMinder Server. Following are the supported values: TCP 1SSL 2SSL
ReadTimeout	No Default	The maximum time in milliseconds allowed for a response from AuthMinder Server.
ServerRootPEM	No Default	Provide the complete path for the CA certificate file of the server. The file must be in PEM format. For example: server.CACertPEMPath=<%SystemDrive%>/certs/webfort_ca.pem
(For software encryption) ClientP12	No Default	Provide the path for the client certificate, which is in p12 format.
(For software encryption) ClientP12PwdKey	No Default	Enter the key label that is used to access the client P12 password stored in the securestore.enc file.
(For hardware encryption) ClientPEM	No Default	Provide the complete path for the CA certificate file of the client. The file must be in PEM format.

Save the changes and close the file.

Verify that the AuthMinder Server is enabled for SSL communication by performing the following steps:
1. Navigate to the following location:
  - On Windows:
```
<install_location>\Arcot Systems\logs
```
  - On UNIX-Based Platforms:
```
<install_location>/arcot/logs
```
2. Open the arcotwebfortstartup.log file in a text editor.
3. Search for the following section:
  Listing : [Successful listeners(Type-Port-FD)]
4. In this section, you must find the following line:
```
ServerManagement-WS............................... : [SSL-9743-<Internal_listener_identifier>-[subject [<cert_subject>] issuer [<cert_issuer>] sn [<cert_serial_number>] device [<device_name>]]]
```
5. Close the file.