Switching from http to https, any gotchas?

sdrzewiczewski · ‎Mar 18, 2015

We are in the process of switching to https, if you have done it and run into any issues during testing or even production, and you can share, what were these so we don't reproduce the same mistakes.

Also how did you handle urls that came in as http that somebody may have bookmarked or embedded into a document?

RandyJones · ‎Mar 18, 2015

On 03/18/15 13:35, Stephen Drzewiczewski wrote:
>
> We are in the process of switching to https, if you have done it and run into any issues during testing or even production, and you can share, what were these so we don't reproduce the same mistakes.
>

If you are using self-signed certs then make sure you setup the clients browsers and java run time (if actually used for Windchill) to recognize your certs. Same goes for for the java runtime on your Windchill master and file servers.

The clients will have to delete the old http Windchill server registration and re-register the new https url. There might be a way to edit/change
%APPDATA%/ptc/ProENGINEER/Wildfire/.wf/* and %APPDATA%/ptc/Creo/Platform/ServerMgr/.srv_mgr_db*.fldx in order for this step to be bypassed.

> Also how did you handle urls that came in as http that somebody may have bookmarked or embedded into a document?
>

This can be handled by a rewrite or redirect with Apache:

borourke · ‎Mar 18, 2015

Don't forget to change the URLs in WGM and Creo.

Send lawyers, guns, and money...the sh!t has hit the fan!

davehaigh · ‎Mar 18, 2015

If you have publishing set up. The GSWorker service on the worker machine has to run as a real user. It can’t be Local System.

David Haigh

mmuth · ‎Mar 19, 2015

You will need to rebuild the jars. Go to <wc_home>\codebase and run "ant -f MakeJar.xml"

For whatever reason, this setting is built into the jars!

Mary-Ann

RandyJones · ‎Mar 19, 2015

On 03/18/15 03:21 PM, Haigh, David A. wrote:
>
> If you have publishing set up. The GSWorker service on the worker machine has to run as a real
> user. It can’t be Local System.
>

Mine is successfully running as the "SYSTEM" user. Is the "Local System" user a different user?

* Windchill 10.2 M030 CPS01 on Solaris 11.1
o It has also ran on 10.2 M020
* Cadworker
o Windows Server 2008
o CreoView Adapters 3.0 M030
o Creo Parametric 3.0 M030

> David Haigh
> Phone: 925-424-3931
> Fax: 925-423-7496
> Lawrence Livermore National Lab
> 7000 East Ave, L-362
> Livermore, CA 94550
>
> *From:*Stephen Drzewiczewski [

RandyJones · ‎Mar 19, 2015

On 03/19/15 08:15 AM, Mary-Ann Muth wrote:
>
> You will need to rebuild the jars. Go to \codebase and run "ant -f MakeJar.xml"
>

I have never had to do that here.
This would be with Windchill 10.2 (running on Solaris 11.1) rehosting my production http server to a
test server and then changing the test server to https.

> For whatever reason, this setting is built into the jars!
>
> Mary-Ann
>
>
> ----------

--
------------------------------------------------------------------------
Randy Jones
Systems Administrator
Great Plains Mfg., Inc.
1525 E North St
PO Box 5060
Salina, KS USA 67401
email: -
Phone: 785-823-3276
Fax: 785-667-2695
------------------------------------------------------------------------

sdrzewiczewski · ‎Mar 19, 2015

Thanks for all the great feedback. We’ve got our first environment configured, now to test!

PaulCollins · ‎Mar 25, 2015

One annoyance with https, that seems to have no reasonable answer today, is that applets will prompt a user to reauthenticate when they load. Not especially user friendly for the applet based upload/download.

I’m glad PTC are slowly removing applet dependencies, the new calendar in 10.2 M030 looks pretty nice. Unfortunate that the new HTML5 based “basic browser” drag and drop doesn’t work in IE

mdebower · ‎Mar 25, 2015

We have used https with Windchill from day one, but a consultant set it up and it was years ago, so I don't know all the settings that need to change.

I do know that what browser you use affects how Java behaves. Firefox and Chrome only ask for Java authentication once for each applet. IE seems to ask all the time. As mentioned the new HTML 5 drag and drop functionality is the best of both worlds for the majority of tasks.

-marc

sdrzewiczewski · ‎Apr 06, 2015

After making the switch in one of our non-prod environments we ran the single user test and compared the results before and after. The after performance was pretty poor.

Were there any items that you performance tuned that made a noticable difference?