Preparing the Installation

This section specifies the prerequisites to follow before starting the 3DSearch service installation.

This task shows you how to:

See Also
Installing 3DSearch
Operations
Configuring the Reverse Proxy

Create an OS User to Install the Service

Create an OS user to install and run the service.

OS Action
Linux Create a user WITHOUT root privileges to install and run the service, for example x3ds. This user will be used for:
  • Performing the installation of the 3DSearch service.
  • Running the 3DSearch service.
  • Running all service processes and own installed files.
  • Post install and admin tasks
  • Uninstalling 3DSearch service when not required.
Important: This user must have read/write access to the /var/DassaultSystemes folder.
Windows Create a user WITH administrator privileges to install and run the service. This user will be used for:
  • Performing the installation of the 3DSearch service.
  • Running the 3DSearch service.
  • Post install and admin tasks
  • Uninstalling 3DSearch service when not required.
This user needs administrator rights at installation time for several tasks such as updating the registry and registering services.

Set Up Certificates

Warning: Do not use self-signed certificates. Firefox (since version 55) and Chrome-based browsers (since version 80), block them.

Before you begin: All services must communicate with one another and with the client through HTTPS only. Before starting the installation, make sure that the certificates identifying the service endpoints are available.
  1. Generate certificate requests files with the openssl command: 

    openssl req -new -newkey rsa:2048 -nodes -days 365 -subj
"/C=country/ST=state/L=city/O=organization/OU=departement/CN=fully.qualified.server.name"
-out my_certificate.csr -keyout my_certificate.key

    Important:

    The certificate CN attribute must be equal to:

    • The ServerName, as set in the Reverse Proxy.
    • The FQDN of the service (including case).

    The certificate must not contain protocol (https://) or port information (443).

    Note: If you use an optional pass phrase (use that only if you know how to handle it), you need to provide it to the reverse proxy (not covered here).

    This command generates .key and .csr files.
  2. Keep the .key files and send the .csr files to the authority in charge of signing your certificates.

    Specify that the certificates are intended for Apache Httpd if you use it. The certificate authority then sends back to you the .cer (or .crt) files.

    When installing the different platform services, use only the .cer (or .crt) files. On the reverse proxy, however, use both the .cer (or .crt) and the .key files.

    Each TomEE application server will contact other services, and must therefore have recognized certificates, that is, certificates from a recognized authority or inserted into the JVM keystores using the keytool command.

  3. On the reverse proxy, check that your SSL certificate has the following configuration: 

    SSLCertificateFile /path/to/your.cer
SSLCertificateKeyFile /path/to/your.key