cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - You can Bookmark boards, posts or articles that you'd like to access again easily! X

ThingWorx and Windchill URL Changes Post-Installation

AK_10385731
5-Regular Member
5-Regular Member
‎Nov 28, 2024 10:25 AM
‎Nov 28, 2024 10:25 AM

ThingWorx and Windchill URL Changes Post-Installation

Hello,

 

We have configured Navigate using Windchill-based authentication. However, the customer is now changing the ThingWorx and Windchill server URLs.

 

Other than below pointers, anything else need to take care?

 

  • Add the new ThingWorx URL to the allowlist on the Windchill side.
  • Update the Windchill URL in all integration connectors and configurations.

 

Thank you in Advance.

 

-Abhiram

 

 

Labels:
0 Kudos
Notify Moderator
2 REPLIES 2
barko
16-Pearl
16-Pearl
(To:AK_10385731)
‎Dec 02, 2024 04:00 PM
‎Dec 02, 2024 04:00 PM

All of the SSL certificates that use the FQDN of the servers will need to be reissued. This will be at least the web server certificates used by HTTPServer and ThingWorx Tomcat, and possibly the ThingWorx Navigate 2-way mutual authentication certificate if you are required to use a commercial certificate for this one. You will have to rebuild the ThingWorx Navigate keystore and truststore, the ThingWorx Tomcat keystore, and the HTTPServer ca-bundle.crt file. You will need the new Windchill certificate and private key in HTTPServer, and both the Windchill and ThingWorx Tomcat certificates imported into the Java truststore (cacerts/jssecacerts) on the ThingWorx server.. For good measure import the Windchill certificate into the Java truststore on the Windchill server (I'm not 100% sure this is necessary, but it won't hurt).

 

I haven't reviewed these files lately, but I would check these to see if there are hostnames/FQDNs specified:  httpd.conf; 20-mod_SSL.conf; platform-settings.json; and IntegrationRuntime-settings.json.

 

Since Windchill Authentication will be broken by a Layer 7 load balancer, systems that include Windchill clusters usually have the ThingWorx requests bypass the load balancer by having the cluster alias point to a Windchill node in the Hosts file, rather than point to the actual load balancer. Check the Hosts file for names that need to be updated.

 

Good luck. This is not a trivial undertaking.

Notify Moderator
slangley
23-Emerald II
23-Emerald II
(To:AK_10385731)
‎Dec 16, 2024 04:18 PM
‎Dec 16, 2024 04:18 PM

Hi @AK_10385731.

 

If you feel the previous response answered your question, please mark it as the Accepted Solution for the benefit of others in the community.

 

Regards.

 

--Sharon

0 Kudos
Notify Moderator
Announcements


Contact Community Management
Top Tags