PTC Arbortext Content Delivery Deployment > Configuring PTC Arbortext Content Delivery for HTTP
Configuring PTC Arbortext Content Delivery for HTTP
HTTPS is now the default protocol setting for PTC Arbortext Content Delivery and the Security Certificates are mandatory to perform SSL handshake from the PTC Arbortext Content Delivery 7.1.x.x release. If an HTTP URL is entered in a browser, you will be redirected to HTTPS. For more information about setting up your web server for HTTPS, see the Configuring SSL for the Web Application Server section in the PTC Arbortext Content Delivery Deployment Guide.
* 
By default PTC Arbortext Content Delivery is configured with self-signed certificate due to which you need to accept the following browser warnings. PTC recommends the use of CA certificates to avoid such warnings.
Perform the following actions for the browser warnings:
For Internet Explorer, click Continue to this website (not recommended)
For Google Chrome, click the Advanced button
Click the Proceed to <website> link
PTC recommends using only HTTPS and not HTTP, as configuring the server over HTTP puts the data at risk over network. However, if you want to use the HTTP protocol configuration, you need to perform the following steps. These steps are also applicable if you are upgrading from PTC Arbortext Content Delivery 6.4 and 6.5 releases to PTC Arbortext Content Delivery 7.1.x.x release and updating from PTC Arbortext Content Delivery 7.1 F000 to the 7.1.x.x release.
1. To stop redirection for Task Manager, open the web_orig.xml file located in the <HOME>\SW\SW\Applications\e3C.ear\TaskManager.war\WEB_INF\ folder, and remove the following security constraint in the web_orig.xml file:
<security-constraint>
<web-resource-collection>
<web-resource-name>TaskManager</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
2. To stop redirection for Configurator, open the web_orig.xml file located in the <HOME>\SW\SW\Applications\ConfiguratorApp-1.0-SNAPSHOT.ear\ConfiguratorWebApp-1.0.war\WEB_INF\ folder, and remove the following tag from security constraint at line 67 (whose display name is “Authenticated access constraint”) in the web_orig.xml file:
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
The new security constraint (after performing above change) will look as follows:
<security-constraint>
<display-name>Authenticated access constraint</display-name>
<web-resource-collection>
<web-resource-name>Authenticated resources</web-resource-name>
<description>All resources are guarded by authentication except for explicit exclusions</description>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>Allow any valid, authenticated user</description>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
3. To stop redirection for ACD/delivery (codebase.war), open the web_orig.xml file located in the <HOME>\SW\SW\Applications\Windchill.ear\codebase.war\WEB_INF\ folder, and remove the following security constraint in the web_orig.xml file:
<security-constraint>
<web-resource-collection>
<web-resource-name>InService</web-resource-name>
<!-- Following URL pattern is added for offline activation page, this is only URL that needs a separate pattern like below, all other cases would be covered with /* -->
<url-pattern>/delivery/activation/activation.jsp</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Remove the following tag from security constraint at line 244 (whose display name is “Authenticated access constraint”) in the web_orig.xml file:
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
The new security constraint (after performing above change) will look as follows:
<security-constraint>
<display-name>Authenticated access constraint</display-name>
<web-resource-collection>
<web-resource-name>Authenticated resources</web-resource-name>
<description>All resources are guarded by authentication except for explicit exclusions</description>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>Allow any valid, authenticated user</description>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
4. Browse to the standalone-full-<database>.xml file and perform the following:
a. Modify <session-cookie http-only="true" secure="true"/> to <session-cookie http-only="true" secure="false"/>
b. Remove following from the Undertow subsystem: <filter-ref name="STS"/>
c. Remove following from the <filters> tag: <response-header name="STS" header-name="Strict-Transport-Security" header-value="max-age=31536000"/>
5. Perform the following steps:
For the web server: On the Configurator UI, for Publisher and all Viewer entities, change the value of Secure Port to 0.
For the offline server:
1. In offline install, navigate to the ACD\Data\Data\System\Config folder.
2. Open the InService_configurator_XXX.xml file.
3. Search for <SPort>8443 </SPort>
4. Change the value of Secure Port to 0 from 8443.
6. Restart CoreCMI, Core, and jboss servers.
* 
Instead of removing the security constraint completely, you can provide a specific URL pattern in the <url-pattern> tag in the place of /*, and redirect to some specific URL pattern.