===============================================================================

8 steps to get https (from http) on wc9 (wc8 covered also)

(from windchill shell) 

With JAVA_HOME set (no -Djdk option settin/arg needed):

1) ant -f config.xml configureSelfSignedCert -DServerName=hostname.xxx.com "-Djre.dir=C:\Program Files\Java\jre1.5.0_09" "-DcertAlias=R9_Apache"

With JAVA_HOME NOT set:

1) ant -f config.xml configureSelfSignedCert -DServerName=hostname.xxx.com "-Djre.dir=C:\Program Files\Java\jre1.5.0_09" "-Djdk.dir=C:\jdk1.5.0_09" "-DcertAlias=R9_Apache"

(your server name & jre/jdk paths will be different).

Maybe even use $(java.rmi.server.hostname) for -DServerName option, because if they dont match, the ssl wont work.
xconfmanager -d java.rmi.server.hostname (to obtain ServerName argument)

*******************************************************************************

(from windchill shell) 

2) xconfmanager -s wt.webserver.protocol=https -t codebase/wt.properties -p

*******************************************************************************

(from windchill shell) 

3) xconfmanager -s wt.webserver.port=443 -t codebase/wt.properties -p

*******************************************************************************

(from windchill shell) 

4) xconfmanager -s wt.server.codebase=$(wt.webserver.protocol)://$(java.rmi.server.hostname):$(wt.webserver.port)/$(wt.webapp.name) -t codebase/wt.properties -p
or
4) xconfmanager -s wt.server.codebase=$(wt.webserver.protocol)://$(java.rmi.server.hostname)/$(wt.webapp.name) -t codebase/wt.properties -p

xconfmanager -d xx.xx.properties to display original settings &/or see what it was changed.

*******************************************************************************

5) Duplicate wc9 home page (D:\ptc\Windchill_9 .0\Windchill\bin\HomePage.html) & rename. 
   Then edit 3 instances of http to https, along with changing port 80 to ssl 443.
   http://xxx.xx.com:80/Windchill now becomes https://xxx.xx.com:443/Windchill

*******************************************************************************

6) Duplicate & rename shorcut "Windchill Home Page" page in Windchill Programs folder & 
   have it point to newly created page from step 3 above. Maybe "Windchill Home Page - HTTPS"

*******************************************************************************

7) Duplicate shortcut to apache & rename. Then change httpd.exe to httpd.exe -DSSL for execution exe path 
   (apache.exe -DSSL or apache.exe -D SSL for windchill 8).

*******************************************************************************

8) When 1st time starting "Windchill Home Page - HTTPS" (or whatever you name it), you will be prompted 
   To accept certificate. Dont say Yes or OK (from what I recall the buttons saying), select far right button 
   To place certificate in the "Trusted Root Certification Authorities store." Images included in zip.

===============================================================================
Reverse https & port 443 back to http & port 80
===============================================================================

8 steps to get http (from https) on wc9 (wc8 covered also) (Reverse previous)

*******************************************************************************

Step 1) from above just runs xml file to create ssl certificates. You can still run http with certs in place.
They just wont be used. They are only used when ssl is being used (https in url & port is set to 443).

So no changes are need to reverse step 1).

1) ant -f config.xml configureSelfSignedCert -DServerName=hostname.xxx.com "-Djre.dir=C:\Program Files\Java\jre1.5.0_09" "-DcertAlias=R9_Apache"
1) ant -f config.xml configureSelfSignedCert -DServerName=hostname.xxx.com "-Djre.dir=C:\Program Files\Java\jre1.5.0_09" "-Djdk.dir=C:\jdk1.5.0_09" "-DcertAlias=R9_Apache"

*******************************************************************************

Step 2) changes wt.webserver.protocol to https (from original http). To check what wt.webserver.protocol is set to.

(from windchill shell) 

xconfmanager -d wt.webserver.protocol

If it shows to be https, just reset it to http:

(from windchill shell) 

2) xconfmanager -s wt.webserver.protocol=http -t codebase/wt.properties -p

*******************************************************************************

Step 3) changes wt.webserver.port to 443 [https] (from original 80 [http] ). To check what wt.webserver.port is set to.

(from windchill shell) 

xconfmanager -d wt.webserver.port

If it shows to be 443 [https], just reset it to 80 [http]:

3) xconfmanager -s wt.webserver.port=80 -t codebase/wt.properties -p

*******************************************************************************

Step 4) changes wt.server.codebase to https (from original http). To check what wt.server.codebase is set to.

(from windchill shell) 

xconfmanager -d wt.server.codebase

The output could show 1 of 4 options:

$(wt.webserver.protocol)://$(java.rmi.server.hostname)/$(wt.webapp.name)
https://$(java.rmi.server.hostname)/$(wt.webapp.name)

Some add port 443 [$(wt.webserver.port)] in path, but might not be needed:

$(wt.webserver.protocol)://$(java.rmi.server.hostname):$(wt.webserver.port)/$(wt.webapp.name)
https://$(java.rmi.server.hostname):$(wt.webserver.port)/$(wt.webapp.name)

Thats because we set $(wt.webserver.protocol) to https earlier, so we used it. But some admins hard code in https.
Windchill OOB has it hard coded to http (by default).

If it shows to be https://$(java.rmi.server.hostname)/$(wt.webapp.name):

Then its hard coded in & we need to run the xconfmanager to change the https to http:

(from windchill shell) 

4) xconfmanager -s wt.server.codebase=$(wt.webserver.protocol)://$(java.rmi.server.hostname)/$(wt.webapp.name) -t codebase/wt.properties -p
or to include port in patgh:
4) xconfmanager -s wt.server.codebase=$(wt.webserver.protocol)://$(java.rmi.server.hostname):$(wt.webserver.port)/$(wt.webapp.name) -t codebase/wt.properties -p

We are then using a windchill property, instead of hard coding. If you prefer hard coding, you can hard code in xconfmanager:

If it shows to be $(wt.webserver.protocol)://$(java.rmi.server.hostname)/$(wt.webapp.name), or
$(wt.webserver.protocol)://$(java.rmi.server.hostname):$(wt.webserver.port)/$(wt.webapp.name) (with port included),

then you can leave it alone because its reading a parameter we already changed in step 2 &/or 3 from above (for http reverse).

xconfmanager -d xx.xx.properties to display original settings &/or see what it was changed to.

*******************************************************************************

Steps 5, 6 & 7 are all duplicates of OOB pages, command line args & shortcuts. Original OOB pages point to http & port 80.
New copied pages were edited to use https & port 443. Just use original OOB pages, command line args & shortcuts.

5) Duplicate wc9 home page (D:\ptc\Windchill_9 .0\Windchill\bin\HomePage.html) & rename. 
   Then edit 3 instances of http to https, along with changing port 80 to ssl 443.
   http://xxx.xx.com:80/Windchill now becomes https://xxx.xx.com:443/Windchill
   
Use original http://xxx.xx.com:80/Windchill for reverse of https to http.

6) Duplicate & rename shorcut "Windchill Home Page" page in Windchill Programs folder & 
   have it point to newly created page from step 3 above. Maybe "Windchill Home Page - HTTPS"
   
Use original "Windchill Home Page" page for reverse of https to http.

7) Duplicate shortcut to apache & rename. Then change httpd.exe to httpd.exe -DSSL for execution exe path 
   apache.exe -DSSL or apache.exe -D SSL for windchill 8.
   
Use original apache shortcut with no -DSSL arg for reverse of https to http.

If you did not make copies of originals for steps 5, 6 & 7, then edit in reverse (https to http, 443 back to 80 port
& apache.exe, instead of apache.exe -DSSL).

8) When 1st time starting "Windchill Home Page - HTTPS" (or whatever you name it), you will be prompted 
   To accept certificate. Dont say Yes or OK (from what I recall the buttons saying), select far right button 
   To place certificate in the "Trusted Root Certification Authorities store." Images included in zip.

Certificates wont come into play, because we are pointing to pages that use original http & port 80.

Then just tell all users of windchill to use all page with http & port 80, or remove the s where they changed to https
(within ProE server registry fields) or (remove s from pages that used https, to use http).
