These certificates are required because the 3DOrchestrate Distribution Server and every 3DOrchestrate Station must connect and communicate securely with the 3DSpace Server and all other 3DEXPERIENCE servers using SSL/HTTPS. This communication typically goes through a reverse proxy server. You must import public key certificates for all platform endpoints into the key stores of the 3DOrchestrate Distribution Server and all stations to create a working SSL certificate chain. When you install the 3DOrchestrate Distribution Server, you can provide the necessary certificates for the reverse proxy server or 3DSpace and the other 3DEXPERIENCE servers. The 3DOrchestrate Distribution Server installer prompts you to provide a directory from which it can read the certificates. The installer then imports them into the trusted key store of the JRE used by the 3DOrchestrate Distribution Server (in TomEE). If you do not provide the 3DEXPERIENCE certificates to the installer, you will have to import them manually using the Java keytool utility. To import certificates into the Java JRE, you can use the import_certificates script/batch file that is provided in the 3DSpace installation and in the 3DOrchestrate Distribution Server installation. For more information, see Installing HTTPS Certificates in 3DOrchestrate. The 3DOrchestrate Checker is used to verify if the 3DOrchestrate Distribution Server and regular 3DOrchestrate Station JRE Keystore have all the required certificates of different 3DEXPERIENCE services. It also provides a way for SSL verification using Host & port. The 3DOrchestrate Checker has two limitations:
|