1.

Download SimpleCA
Download SimpleCA (http://users.skynet.be/ballet/joris/SimpleCA/) for windows and extract the zip file to
any folder:

2. Run SimpleCA and set up the Root Certificate

Run SimpleCA.exe and set up the Root Certificate Authority (CA). Make sure you remember the CA
Key Password, you will need it at step 4:

3. Create New Server Certificate Request

Select New Server Certificate Request option from the Server Certificates menu:
Fill out the server certificate request form. Make sure you add the hostname of the Windchill server
properly in the Common Name (CN) field:
After you click OK you will be prompted to save this server certificate request, just click Save on the
save dialog box:

4. Sign Server Certificate Request

4. Now sign this certificate request by going to Server Certificates -> Sign Server Certificate Request:
Select the server certificate request that you just generated from the file open dialog box and click Open:
You will be asked if you want sign this request, click OK:
After you click OK you have to provide the CA Key Password that you used at step 2:

Confirm Server Certificate Request

Password of Root CA

Self-Signed Server Certificate

5. Location of Self-Signed Server Certificate

Your self-signed certificate is now generated. The certificate (.crt file) and its private key (.key file) both
would be located in the <SimpleCA_root_folder>\certificates folder:
Location of Self-Signed Server Certificate

Configure Apache with the Self-Signed Server Certificate

6. Configure Apache with the Self-Signed Server Certificate

Copy the .crt file to <Apache>\conf\extra\ssl.crt as server.crt file (delete or rename the existing
server.crt file) and copy the .key file to the <Apache>\conf\extra\ssl.key folder as server.key file
(delete or rename the existing server.key file). Now you will be able to start apache in HTTPS mode
(httpd -DSSL).

7. Copy cacerts file and paste it as jssecacerts

Go to "<Java>\jre\lib\security" and copy "cacerts" file and paste it as "jssecacerts":

8. Launch Portecle and open jssecacerts

Launch Portecle from http://portecle.sourceforge.net/ then open the "jssecacerts" file from step 7 (the
default password is "changeit"):

9. Import Self-Signed Certificate in Java KeyStore using Portecle

Click on the Import Trusted Certificate button then select the certificate that you generated using
SimpleCA:

10. Save KeyStore

Save the KeyStore then close Portecle:

11. Configure Windchill to run in HTTPS mode

Now configure Windchill to run in HTTPS mode. Add the following lines at the end of "site.xconf" then
propagate the changes by running "xconfmanager -p": <Property name="wt.webserver.protocol"
overridable="true" targetFile="codebase/wt.properties" value="https"/> <Property
name="wt.webserver.port" overridable="true" targetFile="codebase/wt.properties" value="443"/>

Copy cacerts file and paste it as jssecacerts

Open jssecacerts in Portecle

Figure 9a: Import Self-Signed Certificate in Java KeyStore using Portecle

D:/TIBCO-SSL-PROJECT/SimpleCA/certificates/mamidala.srinivas@gmail.com.csr
D:/TIBCO-SSL-PROJECT/SimpleCA/certificates/mamidala.srinivas@gmail.com.key

D:/TIBCO-SSL-PROJECT/SimpleCA/certificates/mamidala.srinivas@gmail.com.csr
D:/TIBCO-SSL-PROJECT/SimpleCA/certificates/mamidala.srinivas@gmail.com.crt