Symantec Access Management

  • 1.  Configure secure Webservice URL

    Posted Oct 06, 2017 10:26 AM

    Anybody has procedures to configure secure WebService URL?

     

    by default, it uses http

     

    http://servername.company.com:7777/axis2/services/ArcotRiskFortAdminSvc

     

    We need to use https:

     

    Thanks



  • 2.  Re: Configure secure Webservice URL
    Best Answer

    Broadcom Employee
    Posted Oct 09, 2017 09:15 PM

    The answer for this question depends on what is serving the URL

     

    Port 7777 is not the default of any software that I know of.

     

    I typed this into google:

    Arcot RiskFort Admin Svc configuring SSL

     

    and the second return in the list was:

    https://docops.ca.com/ca-advanced-authentication/8-2-1/en/administrating/administrating-ca-risk-authentication/configure-ssl/to-enable-ssl-between-the-administration-web-service-and-ca-risk-authentication-server

     

    Find the document for your version, follow all of the steps up to step 13 and you should be fine. This is step 13:

    Verify that CA Risk Authentication Server is enabled for SSL communication by performing the following steps:

    1. Navigate to the following location:
    2. Open the arcotriskfortstartup.log file in a text editor.
    3. Check for the following line: 

      Started listener for [RiskFort Admin WS] [7777] [SSL] [aradminwsprotocol]

      If you located this line, then two-way SSL was set successfully.

    4. Close the file.


  • 3.  Re: Configure secure Webservice URL

    Posted Oct 17, 2017 11:54 AM
      |   view attached

    Hi Bill,

     

    Thanks for the reply.

     

     

    I was able to generate the cert. and I see the message in arcotriskfortstartup.log that shows port 7777 is configured using SSL.

     

     

     

    Thu Oct 12 16:20:00.806 2017 INFO:    pid 27127 tid 4104153312: 2: 0: Started listener for   

     

     

     

    However, I am not able to connect to that port using SoapUI.

     

     

     

    In SoapUI log, it says

     

     

     

    16:16:43,106 ERROR  Exception in request: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

     

    16:16:43,106 ERROR  An error occurred , see error log for details

     

    16:16:43,202 INFO   Error getting response for ; javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

     

     

     

    At this point, I can't be sure that the configuration is done correctly.

     

    In riskfortstrtup log, I saw a warning message. I guess this may not be related because we are using one way SSL>

     

     

     

    Thu Oct 12 16:19:50.787 2017 WARNING: pid 27127 tid 4104153312: 2: 0: 212: Unable to obtain Protocol SSL client certificate data from DB  for Admin WS. SSL communication may not work correctly.

     

    Thanks

     

    Victor Lu (CISSP)

    973-548-7107

    Web Infrastructure-Ecommerce

    Prudential Financial