Setting Up Environment for https Connection to ENOVIA Server for IEF Client

When connected to https server from a web browser, the web browser manages the associated certificate.

But when connecting to same server from IEFClient, there is a need to configure the IEFClient environment and java settings accordingly.

This section shows the steps to set up the environment for https connection to ENOVIA server for IEF Client.

This task shows you how to:

Before you begin:
  • Ensure that no CAD applications are connected to any ENOVIA server.
  • Ensure that IEFClient is not running. If IEFClient is already running, right-click the IEFClient icon in system tray and click Exit to stop IEFClient.

  1. Configuring IEFClient

    1. After IEFClient installation, modify the server url in the config.xml file.The config.xml file is located at:

      <IEFClient installation folder>\IEFClientWorkspaceService\config.xml For example,C:\Program Files\IEFClientV6R2011x\IEFClientWorkspaceService\config.xml.

    2. Locate the serverURL tag and specify the proper server url. For example, <serverURL>https://sterdsy.cloud.3dswymer.com/ematrix</serverURL>

      For some Collaborative Design products, the server URL must be manually specified for helpfilepath tag in the settings.ini file. By default, the settings.ini file is located at <CSE installation folder>\settings.ini.

  2. Configuring Java settings

    Download the certificate from the server, then import it into your java environment.

    1. Launch your browser and connect to server URL.
    2. Click icon to see the certificate ( icon is displayed on the right side of the URL in Internet Explorer 8.0 or on the bottom right side of the window in Firefox.)
    3. Export the certificate to a file with DER encoding format.
    4. Launch Java control panel, select the Security tab then click Certificates.



    5. In the Certification type drop down list, select Secure Site as the certificate type and click Import.



      The files generated from your browser is imported.

      In the Open dialog box, select All Files in the Files of types field.

  3. To validate whether the connection to server is okay through https from IEFClient, double-click the ENOVIA icon on your Windows desktop and wait for the login screen to open.

Set https Support on Client or FCS Machine

Use the following steps on the client machine to configure the IEF Client and the browser to work with a SSL server. These settings also should be used on FCS machine if FCS URL is also SSL enabled.

  1. Using your browser, connect to the URL https://<MCS Server full computer name>:<https port>/<ENOVIA application name>/emxLogin.jsp.

    A certificate error is displayed in the address bar.

  2. Click Continue to this website (not recommended).

  3. Select View certificate in the certificate dialog. Click the General tab and select Install Certificate.

  4. Select "Trusted Root Certification Authorities" while selecting certificate store to import the certificate. Click Next and then click Finish.

    A security warning message is displayed before the installation.

  5. Click Yes.

    A success message is displayed.

  6. Click Tools > Internet Options > Content tab in your browser.

  7. Click Certificates and select the Trusted Root Certification Authorities tab.

  8. Select the certificate issued to servername which is issued by servername.

    Note: servername is the full computer name of the machine on which the application server, in which the MCS application is deployed, is running.

  9. Click Export.

  10. Click Next in the Certificate Export Wizard.

  11. Select the default option for "Export File Format" (DER encoded binary X.509 (.CER)) and click Next.

  12. Enter an appropriate file name and note down the full path which is specified. For example, the full path can be C:\root.der.

  13. Click Next and click Finish.

    A success message is displayed.

  14. Close other dialogs and open the command prompt.

    Warning: On certain operating systems, because of the OS security, the command prompt has to be run as an Administrator. To run command prompt as the Administrator, search for cmd.exe in <OS install drive>/Windows/system32 folder. Right-click cmd.exe and select Run as Administrator.

  15. Go to <JRE_HOME>/bin folder and then run the following command:

    :

    keytool -list -keystore <JRE_HOME>\lib\security\cacerts

    Note: For settings on the FCS server machine, replace <JRE_HOME> in the following steps with <JAVA_HOME>\jre.

  16. Enter the keystore password.

    Note: Contact your administrator for the keystore password.

    The following information is displayed along with a list of certificates:

    Keystore type: JKS

    Keystore provider: SUN

    Your keystore contains <x> entries.

  17. Import the certificate which was exported in steps 11 to 13 using the following command:

    keytool -import -alias <application server alias name> -keystore <JRE_HOME>\lib\security\cacerts -file <filename>

    where,

    filename is the full path of the file into which the certificate was exported in step 12. For example, C:\root.der.

    Important: For settings on the FCS server machine, replace <JRE_HOME> with <JAVA_HOME>\jre.

  18. Enter the keystore password.

    Note: Contact your administrator for the keystore password.

    The information about the certificate is displayed in a confirmation message.

  19. Type Yes and press Enter.

    A success message is displayed.

  20. In <JRE_HOME>/bin run the following command:

    keytool -list -keystore <JRE_HOME>\lib\security\cacerts

    Note: For settings on the FCS server machine, replace <JRE_HOME> with <JAVA_HOME>\jre.

  21. Enter the keystore password.

    Note: Contact your administrator for the keystore password.

    The following information is displayed along with a list of certificates.

    Keystore type: JKS

    Keystore provider: SUN

    Your keystore contains <x+1> entries

This message confirms that your private root certificate is added to the Extranet server coverts keystore, as a trusted certificate authority.