For an overview of certificates in the entire 3DEXPERIENCE platform, see 3DEXPERIENCE Platform Installation Guide: Before Starting the
Installation.
Public key certificates for all platform endpoints as well as the corresponding root and
intermediate certificates must be imported into the key stores of the 3DOrchestrate Distribution Server and all stations to create a working SSL certificate chain.
All certificates can be exported from a working browser connection to a platform endpoint or obtained from a system administrator.
When you install the 3DOrchestrate Distribution Server, you can provide the necessary certificate (or certificates) for the reverse proxy server or for 3DSpace and the other 3DEXPERIENCE servers. The 3DOrchestrate Distribution Server installer prompts you to provide a folder/directory from where it can read the certificates—the installer then imports them into the trusted key store of the JRE used by the 3DOrchestrate Distribution Server (in TomEE). If you do not provide the 3DEXPERIENCE certificates to the installer, you will have to import them manually using the Java keytool
utility.
Ensure that every 3DOrchestrate component listed in the table below has the necessary certificates for your 3DEXPERIENCE
system:
3DOrchestrate Component | Certificate/Key Store to Use |
---|
3DOrchestrate Distribution Server | Java key store of the JRE being used by the TomEE application server |
3DOrchestrate public (regular) station | Java JRE key store (the station application runs in the local Java Runtime Environment) |
3DOrchestrate private (local) station | Windows (operating system) certificate store |
3DEXPERIENCE native client apps | Windows (operating system) certificate store |
3DEXPERIENCE web client apps (including 3DDashboard apps) | Depends on which web browser the client app runs in: - Internet Explorer
- Windows certificate store
- Google Chrome
- Windows certificate store
- Firefox
- Firefox has its own built-in certificate manager in which you can import certificates.
|
To add certificates in Windows, use the Certificate Manager (certmgr.msc) which is a Microsoft Management Console (MMC) snap-in.
To import certificates into the Java JRE, you can use the following script/batch file that is
provided in the 3DSpace
installation and in the 3DOrchestrate Distribution Server
installation:
<server_install_dir>/<os>/code/command/import_certificates.[bat|sh]
This script uses the Java keytool utility, which can also be used directly, for example:
<jre_path>/bin/keytool -importcert -keystore <jre_path>\lib\security\cacerts -storepass <pswd> -file <file> -alias <alias> -noprompt
Documentation for the Java keytool
can be found here: