About the 3DOrchestrate Checker

The 3DOrchestrate Checker enables you to verify that the 3DOrchestrate Distribution Server and every 3DOrchestrate Station have all the required certificates of different 3DEXPERIENCE services.

See Also
Verifying the Java Store Certificate

These certificates are required because the 3DOrchestrate Distribution Server and every 3DOrchestrate Station must connect and communicate securely with the 3DSpace Server and all other 3DEXPERIENCE servers using SSL/HTTPS. This communication typically goes through a reverse proxy server.

You must import public key certificates for all platform endpoints into the key stores of the 3DOrchestrate Distribution Server and all stations to create a working SSL certificate chain.

When you install the 3DOrchestrate Distribution Server, you can provide the necessary certificates for the reverse proxy server or 3DSpace and the other 3DEXPERIENCE servers. The 3DOrchestrate Distribution Server installer prompts you to provide a directory from which it can read the certificates. The installer then imports them into the trusted key store of the JRE used by the 3DOrchestrate Distribution Server (in TomEE). If you do not provide the 3DEXPERIENCE certificates to the installer, you will have to import them manually using the Java keytool utility.

To import certificates into the Java JRE, you can use the import_certificates script/batch file that is provided in the 3DSpace installation and in the 3DOrchestrate Distribution Server installation. For more information, see Installing HTTPS Certificates in 3DOrchestrate.

The 3DOrchestrate Checker is used to verify if the 3DOrchestrate Distribution Server and regular 3DOrchestrate Station JRE Keystore have all the required certificates of different 3DEXPERIENCE services. It also provides a way for SSL verification using Host & port.

The 3DOrchestrate Checker has two limitations:

  • When you run the 3DOrchestrate Checker in automatic mode, it verifies all the required server certificates for the regular 3DOrchestrate infrastructure except for the certificates on the 3DOrchestrate Distribution Server. You can verify the server certificates on the 3DOrchestrate Distribution Server by running the checker in SLL Verification using Host and Port mode.
  • The 3DOrchestrate private stations on Windows uses the Windows trust store instead of the Java trust store. The 3DOrchestrate Checker does not verify Windows trust store certificates.