We have noticed that even after enabling the native SSL port the regular transactions for the users are working fine even though we noticed the Cert expiry message in arcotafm.log file, we wanted to check if there are any additional configurations which is making this successful.
Release : 9.0
Component : AuthMinder(Arcot WebFort), Arcot Riskfort
In case of LDAP+RISK flow the Risk evaluation is done by the State Manager and we looked at the arcotsm.properties file which was configured for non SSL port and that is why all the user transactions were working just fine. Risk is done through the State Manager in case of LDAP auth + Risk or User Risk evaluation + LDAP password authentication.
State Manager is an internal component so it is fine to have it configured for non SSL port with Risk server.