Solved: How to configure Windchill and Apache using Third ...

SB_10566278 · ‎Jul 18, 2024

Hi,

I'm new to certificates and SSL configuration.

Is it possible to secure the Windchill URL from HTTP to HTTPS using a self-signed certificate generated with OpenSSL? Or, do we need to use intermediate and third-party certificates for this purpose?

I have tried with self signed certificate somehow windchill url showing HTTPS (but it is again not secure with strike-through).

I would appreciate any guidance you can provide.

Best regards,

Shrikant Bhosle

SB_10566278 · ‎Jul 24, 2024

I have tried using the OpenSSL self-signed certificate and it worked fine for me.

View solution in original post

HelesicPetr · ‎Jul 18, 2024

Hi @SB_10566278

I always say, if you do not want to see the not trusted certificate information then you should use public authority to generate the certificate.

Each company that use https web pages use public certificate authority so your IT should generate the certificate for you with your name and domain.

A browser have to trust the cert authority. .

I haven't found a way how to force the browser to trust self-sign certificate and do not show that the web is not secured.

PetrH

.

mmeadows-3 · ‎Jul 18, 2024

Adding to @HelesicPetr's response...

It is possible to use self-signed certificates. There isn't a force trust button. Browsers read the certificate and compare it to a set of trust requirements. If it meets all the requirements, then it is trusted.

Building a browser-trusted certificate chain today is trial and error. If you get it working, the self-signed certificate chain must then be deployed for all clients. Going forward, it is not guaranteed to remain trusted as browser trust requirements evolve.

I would spend the ~$200 for a public signed cert. It saves hours of trial and error and ongoing deployment headaches.

RandyJones · ‎Jul 18, 2024

You can also use Let's Encrypt which does not charge for certs:
https://letsencrypt.org/

SB_10566278 · ‎Jul 18, 2024

Hi mmeadows-3,

After getting the certificate from a third party are they supporting for configuration e.g. Apache configuration or do we need to get support from PTC?

Also while purchasing the certificate what kind of details do we need to provide e.g. domain name, city etc.. ?

Regards,

Shrikant

Catalina · ‎Jul 23, 2024

Hi @SB_10566278,

I wanted to see if you got the help you needed.

If so, please mark the appropriate reply as the Accepted Solution. It will help other members who may have the same question.
Please note that industry experts also review the replies and may eventually accept one of them as solution on your behalf.
Of course, if you have more to share on your issue, please pursue the conversation.

Thanks,

Catalina
PTC Community Moderator

rleir · ‎Jul 18, 2024

HTTPS is the new norm. You need to know how to configure your web server for it. I don't mean to say that it's easy, but there it is. Pay $200 as recommended above, and they will give you support.

Use the EFF's letsencrypt: it is a great solution, they even have a script to do the configuration for you but I have not tried the script with Windchill. If the script does not work for any reason, you can look in it and learn how to configure Apache manually.

SB_10566278 · ‎Jul 24, 2024

I have tried using the OpenSSL self-signed certificate and it worked fine for me.

HelesicPetr · ‎Jul 24, 2024

Hi @SB_10566278 \

Have you added the cert to a trust store ?

Does an another client machine show the https without the red alert?

Thanks