Community Tip - New to the community? Learn how to post a question and get help from PTC and industry experts! X
I'm running into an issue with Creo View when Windchill is configured to use HTTPS. Attempting to open anything from Windchill in Creo View throws this error:
Is there anything special that needs to be done on the client computers to fix this issue, or should simply installing the certificates on the Windchill server (Apache and Java) be sufficient? The error is reproducible on both the server and on the client computers, and changing versions of Creo View has no effect.
I did not see this listed above:
https://www.ptc.com/en/support/article/CS385890?source=search
Basic authentication? Can you post your debug logs from the Creo View session?
Not using single sign on.
What version of Windchill you are using? Note that starting 12.1, Windchill uses TLS1.3/SSL3 which needs to be enabled in the config files.
regards
~Syed
This is 12.1.2.4. According to the documentation, TLS 1.3 is enabled by default. Are you saying Creo View 10 does not support TLS 1.3 by default?
TLS 1.3 Support for Windchill (ptc.com)
https://www.ptc.com/en/support/article/CS355457
Enabling TLS 1.2 (only) did not make any difference.
-----------------------------------------------------------
I am using Windchill 12.1.2.1 (HTTPS and SSO) and Creo View 9.1. I was running into the same issue and was able to resolve it by enabling TLS1.2. Here's what I did. Hope this helps!
Just a note on this:
A more simpler implementation, only granting specific protocols could look like:
I installed Fiddler and enabled HTTPS decoding. Attempting to open a representation from Windchill threw this (Fiddler) error message:
This system is on an isolated network that does not have internet access.
The message about checking for certificate revocation seems to point back to CS312299. I repeated the steps in that article again, and this time I noticed the comment about the second one not taking affect until restarting the computer. (The PTC article does not mention needing to restart.)
After a restart Creo View will now launch successfully, but the pview.exe process(es) will not terminate after closing. End users (who make this same change) can see objects in Creo View, but from the servers Creo View just displays a blank white page. The mouse seems to act like there are lines present, but none of them are visible or selectable. Just for fun I downloaded a representation and opened it locally in Creo View on the server (without Windchill) and still get the same behavior, so apparently the 'not displaying geometry' issue in Creo View is unrelated to HTTPS. Any suggestions on that?
That's frustrating. I would suggest better to open a support ticket. they can advise better based on your environment.
regards
~Syed
I've had a ticket open all week without any real progress. That's why I created the post here.
"This system is on an isolated network that does not have internet access."
That likely was the cause. It was trying to contact the cert chain to validate. I think you might have another issue going on with the second part.
Yeah, I'd really like to know why Creo View checks this certificate chain but Creo Parametric (apparently) does not.
We are using 12.1.2.4, https, and commercial certs (Lets Encrypt) and it works for us. We are making the following modifications to 20-mod_ssl.conf:
SSLVerifyClient none
# Changed the cipher suite and protocols for enhanced security
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
That's quite a list for 'SSLCipherSuite'. How did you determine you needed all of those?
@TomU wrote:
That's quite a list for 'SSLCipherSuite'. How did you determine you needed all of those?
We used this website:
@TomU You are able to fix this issue, even we are facing same issue as below using 12.1.2.1.Nothing seems to be working.Please provide your inputs If you solved the same.Thank you - Srinivas
Hi guys, anyone identified a resolution to this issue if you can please share that would be great.
Thanks in advance.
Taher
PTC's final answer was that Creo View is not supported on Windows Servers. The workarounds above, specifically the one unchecking the Internet Options, resolved the issue for regular users on Windows 10/11 machines, but it did not fix the issue on any of the Windows servers. For those I still have no solution.
Thank you for your reply Tom.IT is not allowing us to go for workaround option, working with PTC and our IT team to identify the fix, will keep posted here If I have anupdate.
-Srinivas
We finally found the answer after fighting this issue for weeks now.
Enjoy and have a great day!
After 4 months of debugging, we are able to solve the issue:
Few things to consider:
In our scenario, we utilize self-signed certificates provided by our in-house IT for systems that are not internet-connected. I believe those using third-party certificates would not encounter this issue, which I will explain further.
1. Starting from the beginning, I received SSL certificates from IT and configured them in Windchill. Everything is functioning well except for an error with Creo View.
2. Upon contacting PTC, they activated logging, and the HTTP log displayed the following error:
Info 5:43:12.544 15 Mar 2024 2680 10496 internet DownloadTask HttpSendRequest failed, error: 12057 -
HTTP Error 12057 indicates an inability to validate the SSL certificate's revocation because the revocation server is unavailable. Disabling certificate revocation resolved the issue, suggesting a need for correction.
For further troubleshooting, we installed Fiddler to determine what exactly Creo View was attempting to access. We discovered that at the error step, it was trying to download a CRL file. CRL stands for Certificate Revocation List. While it could download the CRL, it failed to validate the revocation, resulting in an error.
At this juncture, I am consulting with both my internal IT and PTC to identify the issue with the CRL. PTC responded that the IT team needs to address the revocation issue, and our internal IT is uncertain about the necessary certificate changes. Further analysis by the internal IT team revealed that the Delta CRL was not properly configured, leading to the problems. Once they rectified this, Creo View began functioning correctly. As these are internally self-signed certificates, we experienced configuration issues, whereas third-party certificates should be properly configured.