Changing Public Stations from HTTP to HTTPS

You can change the communication protocol used by regular public stations from HTTP to HTTPS to reduce the protocols and ports required by the system.

Private local stations always use HTTPS but public stations use HTTP and TCP-based JMS by default to communicate with the 3DOrchestrate Distribution Server. If you want to reconfigure your public stations to use HTTPS and JMS-over-HTTPS, you must edit the .cpr connection profile of each station. If you do this, it must be done for all of your public stations. Making this change lets you standardize on HTTPS for all public and private stations.

The default form of a station's .cpr file, which causes the station to communicate with the 3DOrchestrate Distribution Server by HTTP, is as follows: 

# Connection Profile for TomEE on <3DOrch-server-name>
server=<3DOrch-server-name>
port=8080
jmsport=61616
Sys_ServerSupportDir=tomee1
Sys_LibraryType=shared
Sys_ProfileDescription=<3DOrch-server-name> TomEE+
Sys_ConnectionType=SERVER
Sys_PromptForExtendedCredentials=false
Sys_LocalLibraryDir=

The .cpr file of a station is located in either of the following places:

  • <station_install_dir>/config/ directory of the station installation
  • root directory (Windows or Linux) of the user who will start the station program

See Also
Network Communication Protocols
Installing and Starting a Public (Regular) Station
To change to HTTPS, edit the .cpr file to change the following lines: 

server=<FQDN-3DOrch-server-name>
EJBandJMSTransportProtocol=https
port=<reverse-proxy-port>
  • Change the server setting to give the fully qualified domain name (FQDN) of your 3DOrchestrate Distribution Server.
  • Add the 2nd line verbatim: EJBandJMSTransportProtocol=https
  • Change the port setting to the port number configured for connecting to your reverse proxy server
  • Remove the entire jmsport=61616 line

Notes:

  • When you start a public station, always use the following credentials in the Logon Station dialog:

    • User ID: fiperstation
    • Password: fiperstation

  • Every public station must have the required certificates imported into the station's Java JRE key store (on Windows and Linux). This certificate is usually the certificate of your reverse proxy server, depending on how your network is configured.
  • HTTP is not deprecated and you can revert all the public stations to HTTP at any time.