-
Uninstall the existing 3DEXPERIENCE launcher if available.
-
Select the Start
> Control Panel
> Programs > Programs and
Features then double-click the Uninstall a
Program control, and select 3DEXPERIENCE
Launcher.
A User Account Control (UAC) dialog box appears. Enter a username and
a password with administration privileges.
-
Remove the following remaining directories:
- C\:Program Files\Dassault Systemes\3DEXPERIENCE
Launcher
C\:ProgramData\DassaultSystemes\3DEXPERIENCE
Launcher
-
Install the launcher as follows:
-
On the Windows desktop, select the Start
> Control Panel
> System > Advanced System
Settings.
-
Click Environment Variables and in both the
User
and System
variables fields,
set the following
variable:DSYLauncherSkipDomainInstall with the
value as 1.
After the variable set up, the installation will not install the
default template and will not start the 3DEXPERIENCE Launcher
service at the end of the installation.
-
Go to the directory that contains the launcher's MSI file, for
example:
C:\Program Files\Dassault
Systemes\B424
\Win_b64\resources\MSI
-
Double-click the 3DEXPERIENCELauncher.msi file to start the
installation.
A User Account Control (UAC) dialog box appears.
Enter a username
and password with administration privileges. Continue to the end of
the installation.
-
Customize the domain name and port for the launcher:
Create two files in the launcher installation folder:
C\:Program Files\Dassault Systemes\3DEXPERIENCE
Launcher
The launcher reads these files during the startup to set up the HTTPS server
context. Name the file as follows:
- serv.domain: must contain the given domain to use,
on a single line, for example:
launcherdomain.mycom.com
- serv.port: must contain the given port to use, on a
single line. We strongly recommend that you use one of the following
launcher default ports (20300, 33200, 40600) to facilitate the use of
the launcher: 20300
-
Install your own HTTPS certificates:
Import the target certificates on the client machine in the Local
Computer
repository under the Trusted Root
Certification Authorities
, Intermediate Certification
Authorities
and the Personal
sections before
associating the launcher port and your certificates.
If you are running Edge or Chrome:
-
Go to the Start menu and enter the following
command in the field:mmc to display the management
console.
-
Click File
> Add/Remove Snap-in ….
-
Click Certificates > Computer
account. Click Next , then
Finish, then OK to
return to the main management console window that displays the
Certificates (Local computer)
. Expand this node to
see the sub-nodes.
-
Right-click the
Trusted Root Certification Authorities
category.
Click All Tasks >
Import, then select the file
ca.cert.pem and import it. For example:
E:\MyCertificateAuthority\ca\certs\ca.cert.pem.
-
Right-click the
Intermediate Certification Authorities
category.
Select All Tasks ->
Import, then select the file
intermediate.cert.pem and import it. For example:
E:\MyCertificateAuthority\ca\intermediate\certs\intermediate.cert.pem.
-
Right-click the
Personal
category.
Select All Tasks ->
Import, then select the file
launcherdomain.mydomain.com.pkcs12 and
import it. For example:
E:\MyCertificateAuthority\ca\intermediate\certs\launcherdomain.mydomain.com.pkcs12.
If you are running Firefox:
-
Open Firefox and select Tools>
Options and go to
Privacy&Security
-
Select to access the certificate manager.
-
Locate the
Authorities
category.
Select the file ca.cert.pem and import it. For
example:
E:\MyCertificateAuthority\ca\certs\ca.cert.pem.
Then select the file intermediate.cert.pem and
import it. For example:
E:\MyCertificateAuthority\ca\intermediate\certs\intermediate.cert.pem.
-
Locate the
Your Certificates
category.
Select the file
launcherdomain.mydomain.com.pkcs12 and
import it. For example:
E:\MyCertificateAuthority\ca\intermediate\certs\launcherdomain.mydomain.com.pkcs12.
-
Associate the port with your imported certificates:
Windows needs to know the port on which communication will take place and the
certificate to use for the HTTPS encryption.
Use the netsh Windows command to associate a given
certificate to specific port. In a command prompt window (run as Administrator), enter the following command:
netsh http add sslcert ipport=0.0.0.0:[PORT] certhash=[CHASH]
appid=[APPID] sslctlstorename=MY
where:
- PORT
- The selected port on which the server set up the communication:
20300
. It must be the same value as specified
in the serv.port file.
- CHASH
- The thumbprint of the target certificate.
Make sure you remove
the spaces (if any) between the numbers:
11 20 62
8c 13 2c 55 e8 52 3a 93 88 9b b0 f3 fe c3 2c 76
63
is:
1120628c132c55e8523a93889bb0f3fec32c7663
- APPID
- guid of the launcher that must be set to:
{3073489c-ec98-4161-8379-1208180f6d9b}
This
value is hard-coded.
- MY
- Certificate Trust List Store Name (CTL Store Name). In our case:
MY
. For example, in a command prompt window
(run as Administrator), enter the following
command:
netsh http add sslcertipport=0.0.0.0:20300
certhash=1120628c132c55e8523a93889bb0f3fec32c7663 appid={3073489c-ec98-4161-8379-1208180f6d9b}
sslctlstorename=MY
SSL Certificate successfully added
To confirm that the configuration is correct, check the recorded contexts by
running the following command:
netsh http show sslcert ipport=0.0.0.0:[PORT]
This command will display all contexts associated with the given
ipport
.
In a cmd
window (run as Administrator), enter the following command:
C:\windows\system32>
netsh http show sslcert ipport=0.0.0.0:20300
to display output like this:
SSL Certificate bindings:
IP:port : 0.0.0.0:20300
Certificate Hash : 1120628c132c55e8523a93889bb0f3fec32c7663
Application ID : {3073489c-ec98-4161-8379-1208180f6d9b}
Certificate Store Name : (null)
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier : (null)
Ctl Store Name : MY
DS Mapper Usage : Disabled
Negotiate Client Certificate : Disabled
-
Edit the Windows /etc/hosts file:
This file allows you to specify to Windows that a specific domain must be
resolved to a specific IP. In our case, you need to set redirection for the
target domain name to localhost IP (both IPV4 and IPV6).
Add the following lines to the
%SystemRoot%\System32\drivers\etc\hosts file:
127.0.0.1 [DOMAIN]
::1 [DOMAIN]
where [DOMAIN]
is the target domain name to use. So in our
example, this would be:
127.0.0.1 launcherdomain.mycom.com
::1 launcherdomain.mycom.com
- Restart your computer.
The launcher is ready to be used with the new domain name, but for reliability reasons, we
recommend that you restart the computer that in turn restarts the
3DEXPERIENCE Launcher
service.
-
Test that the launcher has been correctly configured:
Enter the following URL containing your customized domain name in your
browser:
https://launcherdomain.mycom.com:20300/iframe
If the launcher has been correctly configured, the following message will be
displayed in the browser window:
Communication Frame V0.1
-
Customize the domain name on the 3DEXPERIENCE platform:
Log in to the 3DEXPERIENCE platform as platform Administrator. In the Platform Management dashboard, click the
Members tab, then click Configure Apps
Installation, and enter the customized URL (with the
protocol but without the port):
https://launcherdomain.mycom.com
in the 3DEXPERIENCE Launcher setting
field. This setting
will override the 3DEXPERIENCE platform default.
- Make sure that you update the launcher configuration when necessary.
Typical maintenance and updating operations are:
- updating the HTTPS certificate, refreshing certificate validity or changing the port
You may
need to replace the certificate (or the port) used for HTTPS
communication: for example, when your certificate is about to
expire, or when you want to change the domain name or the port in
use. This involves removing the old configuration or the current
certificate/ipport association, by running the following
command:
netsh http delete sslcert
ipport=0.0.0.0:[PORT]
For example, running the
following command in a command prompt window (run as Administrator):
C:\Windows\system32>
netsh http delete
sslcert ipport=0.0.0.0:20300
displays the
following message:
SSL Certificate successfully deleted
To refresh certificate validity, you just have to re-associate
the certificate (or port) to the given port (or certificate) by
performing step 5 again. Keep in mind that a new certificate also
involves a new thumbprint.
- changing the domain
name: perform steps 3 to 6
again (along with specific compass and DNS-specific configuration).
- uninstall or upgrade the 3DEXPERIENCE launcher after importing your own
custom certificate: If you have changed the certificate in use, we
strongly recommend that you remove the outdated certificate from the
Windows certificate repository to avoid confusion.
The launcher may
be upgraded either manually through the launcher's MSI or by
installing a new media that may contain a new version of the
launcher. Upgrading removes the custom certificate. To prevent
removal of the custom certificate, make sure the
DSYLauncherSkipDomainInstall
environment
variable is still set.