Community Tip - You can Bookmark boards, posts or articles that you'd like to access again easily! X
Hello,
We have configured Navigate using Windchill-based authentication. However, the customer is now changing the ThingWorx and Windchill server URLs.
Other than below pointers, anything else need to take care?
Thank you in Advance.
-Abhiram
All of the SSL certificates that use the FQDN of the servers will need to be reissued. This will be at least the web server certificates used by HTTPServer and ThingWorx Tomcat, and possibly the ThingWorx Navigate 2-way mutual authentication certificate if you are required to use a commercial certificate for this one. You will have to rebuild the ThingWorx Navigate keystore and truststore, the ThingWorx Tomcat keystore, and the HTTPServer ca-bundle.crt file. You will need the new Windchill certificate and private key in HTTPServer, and both the Windchill and ThingWorx Tomcat certificates imported into the Java truststore (cacerts/jssecacerts) on the ThingWorx server.. For good measure import the Windchill certificate into the Java truststore on the Windchill server (I'm not 100% sure this is necessary, but it won't hurt).
I haven't reviewed these files lately, but I would check these to see if there are hostnames/FQDNs specified: httpd.conf; 20-mod_SSL.conf; platform-settings.json; and IntegrationRuntime-settings.json.
Since Windchill Authentication will be broken by a Layer 7 load balancer, systems that include Windchill clusters usually have the ThingWorx requests bypass the load balancer by having the cluster alias point to a Windchill node in the Hosts file, rather than point to the actual load balancer. Check the Hosts file for names that need to be updated.
Good luck. This is not a trivial undertaking.
Hi @AK_10385731.
If you feel the previous response answered your question, please mark it as the Accepted Solution for the benefit of others in the community.
Regards.
--Sharon