Installing HTTPS Certificates in 3DOrchestrate

The 3DOrchestrate Distribution Server and all 3DOrchestrate Stations must connect and communicate securely with the 3DSpace server and all other 3DEXPERIENCE servers using SSL/HTTPS (typically through a reverse proxy server).

For an overview of certificates in the entire 3DEXPERIENCE platform, see 3DEXPERIENCE Platform Installation Guide: Before Starting the Installation.

Public key certificates for all platform endpoints as well as the corresponding root and intermediate certificates must be imported into the key stores of the 3DOrchestrate Distribution Server and all stations to create a working SSL certificate chain.

All certificates can be exported from a working browser connection to a platform endpoint or obtained from a system administrator.

When you install the 3DOrchestrate Distribution Server, you can provide the necessary certificate (or certificates) for the reverse proxy server or for 3DSpace and the other 3DEXPERIENCE servers. The 3DOrchestrate Distribution Server installer prompts you to provide a folder/directory from where it can read the certificates—the installer then imports them into the trusted key store of the JRE used by the 3DOrchestrate Distribution Server (in TomEE). If you do not provide the 3DEXPERIENCE certificates to the installer, you will have to import them manually using the Java keytool utility.

Ensure that every 3DOrchestrate component listed in the table below has the necessary certificates for your 3DEXPERIENCE system:

3DOrchestrate ComponentCertificate/Key Store to Use
3DOrchestrate Distribution ServerJava key store of the JRE being used by the TomEE application server
3DOrchestrate public (regular) stationJava JRE key store (the station application runs in the local Java Runtime Environment)
3DOrchestrate private (local) stationWindows (operating system) certificate store
3DEXPERIENCE native client appsWindows (operating system) certificate store
3DEXPERIENCE web client apps (including 3DDashboard apps)

Depends on which web browser the client app runs in:

Internet Explorer
Windows certificate store
Google Chrome
Windows certificate store
Firefox
Firefox has its own built-in certificate manager in which you can import certificates.
  • To add certificates in Windows, use the Certificate Manager (certmgr.msc) which is a Microsoft Management Console (MMC) snap-in.

  • To import certificates into the Java JRE, you can use the following script/batch file that is provided in the 3DSpace installation and in the 3DOrchestrate Distribution Server installation:

    <server_install_dir>/<os>/code/command/import_certificates.[bat|sh]

    This script uses the Java keytool utility, which can also be used directly, for example:

    <jre_path>/bin/keytool -importcert -keystore <jre_path>\lib\security\cacerts -storepass <pswd> -file <file> -alias <alias> -noprompt

    Documentation for the Java keytool can be found here: