Set https Support on Client system using browser and ENOVIA Integration Exchange Framework Client

Use the following steps on the client computer to configure the ENOVIA Integration Exchange Framework Client and the browser to work with a SSL server.


Before you begin:
  • Open a browser with Administrator privileges
  1. Using Internet Explorer, connect to the URL: https://<MCS Server full computer name>:<https port>/<ENOVIA application name>/emxLogin.jsp.
    A certificate error appears in the address bar.
  2. Click Continue to this website (not recommended).
  3. Click Certificate Error in the address bar and select View certificate in the certificate dialog. In the General tab click Install Certificate.
    The Certificate Import Wizard appears
  4. Click Next and select the following
    • Automatically select the certificate store based on the type of certificate.
    • Place all the certificate in the following store.
  5. Click Next and the details of the selected options appear. Click Finish.
    The import was successful message appears
  6. Click Tools > Internet Options > Content tab in your browser.
  7. Click Certificates and select the Trusted Root Certification Authorities tab.
  8. Select the certificate issued to servername which is issued by servername.

    Note: servername is the full computer name of the machine on which the application server, in which the MCS application is deployed, is running.

  9. Click Export.
  10. Click Next in the Certificate Export Wizard.
  11. Select the default option for "Export File Format" (DER encoded binary X.509 (.CER)) and click Next.
  12. Enter an appropriate file name and note down the full path which is specified. For example, the full path can be C:\root.der.
  13. Click Next and click Finish.
  14. Close other dialogs and open the command prompt.

    Warning: On certain operating systems, because of the OS security, the command prompt has to be run as an Administrator. To run command prompt as the Administrator, search for cmd.exe in <OS install drive>/Windows/system32 folder. Right-click cmd.exe and select Run as Administrator.

  15. Identify the JRE that is being used by ENOVIA Integration Exchange Framework Client.

    The value of JRE can be found in file <IEFClient installation folder>\win_b64\reffiles\IEFClientWorkspaceService\config.xml in the <jrehome> tag.

    Go to the <JRE_HOME>/bin folder for this JRE and then run the following command:

    keytool -list -keystore <JRE_HOME>\lib\security\cacerts

  16. Enter the keystore password.

    Note: Contact your administrator for the keystore password.

    The following information is displayed along with a list of certificates:

    Keystore type: JKS

    Keystore provider: SUN

    Your keystore contains <x> entries.

  17. Import the certificate which was exported in steps 6 to 13 using the following command

    keytool -importcert -trustcacerts -v -file <FullPathOfCertificateFile> -alias <UniqueAliasName> -keystore <JRE_HOME>\lib\security\cacerts

    where,

    FullPathOfCertificateFile is the full path of the file into which the certificate was exported in step 12. For example, C:\root.der.

    Important: For settings on the FCS server machine, replace <JRE_HOME> with <JAVA_HOME>\jre.

  18. Enter the keystore password.
    Note: Contact your administrator for the keystore password.
    The information about the certificate is displayed in a confirmation message.
  19. Type Yes and press Enter.
    A success message is displayed.
  20. In <JRE_HOME>/bin run the following command:

    keytool -list -keystore <JRE_HOME>\lib\security\cacerts

  21. Enter the keystore password.
    Note: Contact your administrator for the keystore password.

    The following information is displayed along with a list of certificates.

    Keystore type: JKS

    Keystore provider: SUN

    Your keystore contains <x+1> entries

This message confirms that your private root certificate is added to the Extranet server cacerts keystore, as a trusted certificate authority.