Enabling HTTPS
You can configure Windchill Risk and Reliability Web services to use HTTPS to provide additional security to your web server. To enable HTTPS, you must ensure that the following conditions exist:
• A valid SSL certificate is in place
• IIS has the proper bindings and protocols enabled
• Windchill Risk and Reliability configuration files are updated appropriately
The following instructions include steps for enabling HTTPS and updating Windchill Risk and Reliability configuration files. They assume that you already have a valid SSL certificate in place and that IIS 7 is in use.
To enable HTTPS and update configuration files:
1. Do the following to open IIS 7 and enable HTTP:
a. 
Press + R. The Run window opens.
Press + R. The Run window opens.b. For Open, enter inetmgr; then, click OK. The Internet Information Services window for IIS opens.
c. Expand Sites.
d. Right-click Default Web Site.
e. Select Edit Bindings.
f. Click Add.
g. Select https from the drop-down list with a valid port.
h. Select the valid SSL certificate you have put into place from the drop-down list.
i. Click OK to close the Add Site Binding window.
j. Click Close to close the Site Bindings window.
k. Right-click Default Web Site.
l. Select >
m. Ensure Enabled Protocols is set to http.
n. Click OK to close the Advanced Settings window.
o. Close IIS.
2. Configure Windchill Risk and Reliability Web Services to use HTTPS:
a. In the installation directory on the web server, navigate to the Web folder. The path is probably:
C:\Program Files\Windchill Risk and Reliability 12.0\Web
b. Open the web.config XML configuration file.
c. Under the <serviceBehaviors> node, locate the following serviceMetadata data element:
<!--Comment out this serviceMetadata tag to allow HTTPS support-->
<serviceMetadata httpGetEnabled="true"/>
<!-- Uncomment this serviceMetadata tag to allow HTTPS support -->
<!--<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />-->
<serviceMetadata httpGetEnabled="true"/>
<!-- Uncomment this serviceMetadata tag to allow HTTPS support -->
<!--<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />-->
d. Comment out the first serviceMetadata tag and uncomment out the second serviceMetadata tag so that the data element looks like this:
<!-- Comment out this serviceMetadata tag to allow HTTPS support-->
<!--<serviceMetadata httpGetEnabled="true"/> -->
<-- Uncomment this serviceMetadata tag to allow HTTPS support -->
<serviceMetadata httpGetEnabled="true" httpsGEtEnabled="true"/>
<!--<serviceMetadata httpGetEnabled="true"/> -->
<-- Uncomment this serviceMetadata tag to allow HTTPS support -->
<serviceMetadata httpGetEnabled="true" httpsGEtEnabled="true"/>
e. Under the <services> node, locate the following endpoint address data element and binding:
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
<!--Uncomment the section below to allow HTTPS support-->
<!--
<endpoint address="" binding="customBinding" bindingConfiguration="WebServerHTTPSBinding" contract="Relex.Web.Standard.SilverlightService">
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpsBiding" contract="IMetadataExchange"/>
-->
<!--Uncomment the section below to allow HTTPS support-->
<!--
<endpoint address="" binding="customBinding" bindingConfiguration="WebServerHTTPSBinding" contract="Relex.Web.Standard.SilverlightService">
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpsBiding" contract="IMetadataExchange"/>
-->
f. Uncomment the entire endpoint address tag so the data element looks like this:
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
<!--Uncomment the section below to allow HTTPS support-->
<!--
<endpoint address="" binding="customBinding" bindingConfiguration="WebServerHTTPSBinding" contract="Relex.Web.Standard.SilverlightService">
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpsBiding" contract="IMetadataExchange"/>
-->
<!--Uncomment the section below to allow HTTPS support-->
<!--
<endpoint address="" binding="customBinding" bindingConfiguration="WebServerHTTPSBinding" contract="Relex.Web.Standard.SilverlightService">
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpsBiding" contract="IMetadataExchange"/>
-->
g. Save your changes and close the web.config XML configuration file.
h. In the installation directory on the web server, navigate to the Include folder. The path is probably:
C:\Program Files (x86)\Windchill Risk and Reliability 12.0\Web\Include
i. Open the bindings.config XML configuration file.
j. Under the <customBinding> node, locate the following binding name data element:
<!-- Uncomment the section below to allow HTTPS support -->
<!-- Be sure to choose the FIRST or SECOND httpsTransport below -->
<!-- Choose the FIRST to DISABLE Single Sign-on support-->
<!-- Choose the SECOND to ENABLE Single Sign-on support-->
<!--
<binding name="WebServerHTTPSBinding">
<binaryMessageEncoding>
<readerQuotas maxStringContentLength="2147483647" maxDepth="2147483647" maxBytesPerRead="16384" maxArrayLength="2147483647"
/>
</binaryMessageEncoding>
<httpsTransport maxBufferSize="2147483647" maxReceivedMessageSize="2147483647"/>
<httpsTransport maxBufferSize="2147483647" maxReceivedMessageSize="2147483647" authenticationScheme="Negotiate" />
</binding>
-->
<!-- Be sure to choose the FIRST or SECOND httpsTransport below -->
<!-- Choose the FIRST to DISABLE Single Sign-on support-->
<!-- Choose the SECOND to ENABLE Single Sign-on support-->
<!--
<binding name="WebServerHTTPSBinding">
<binaryMessageEncoding>
<readerQuotas maxStringContentLength="2147483647" maxDepth="2147483647" maxBytesPerRead="16384" maxArrayLength="2147483647"
/>
</binaryMessageEncoding>
<httpsTransport maxBufferSize="2147483647" maxReceivedMessageSize="2147483647"/>
<httpsTransport maxBufferSize="2147483647" maxReceivedMessageSize="2147483647" authenticationScheme="Negotiate" />
</binding>
-->
k. If you are NOT using single sign-on, uncomment the entire binding name tag and then comment out the SECOND httpsTransport tag so that the data element looks like this:
<!-- Uncomment the section below to allow HTTPS support -->
<!-- Be sure to choose the FIRST or SECOND httpsTransport below -->
<!-- Choose the FIRST to DISABLE Single Sign-on support-->
<!-- Choose the SECOND to ENABLE Single Sign-on support-->
<binding name="WebServerHTTPSBinding">
<binaryMessageEncoding>
<readerQuotas maxStringContentLength="2147483647" maxDepth="2147483647" maxBytesPerRead="16384" maxArrayLength="2147483647" />
</binaryMessageEncoding>
<httpsTransport maxBufferSize="2147483647" maxReceivedMessageSize="2147483647"/>
!-- <httpsTransportmaxBufferSize="2147483647" maxReceivedMessageSize="2147483647" authenticationScheme="Negotiate" /> -->
</binding>
<!-- Be sure to choose the FIRST or SECOND httpsTransport below -->
<!-- Choose the FIRST to DISABLE Single Sign-on support-->
<!-- Choose the SECOND to ENABLE Single Sign-on support-->
<binding name="WebServerHTTPSBinding">
<binaryMessageEncoding>
<readerQuotas maxStringContentLength="2147483647" maxDepth="2147483647" maxBytesPerRead="16384" maxArrayLength="2147483647" />
</binaryMessageEncoding>
<httpsTransport maxBufferSize="2147483647" maxReceivedMessageSize="2147483647"/>
!-- <httpsTransportmaxBufferSize="2147483647" maxReceivedMessageSize="2147483647" authenticationScheme="Negotiate" /> -->
</binding>
l. If you ARE using single sign-on, uncomment the entire binding name tag, but comment out the FIRST httpsTransport tag so that the data element looks like this:
<!-- Uncomment the section below to allow HTTPS support -->
<!-- Be sure to choose the FIRST or SECOND httpsTransport below -->
<!-- Choose the FIRST to DISABLE Single Sign-on support-->
<!-- Choose the SECOND to ENABLE Single Sign-on support-->
<binding name="WebServerHTTPSBinding">
<binaryMessageEncoding>
<readerQuotas maxStringContentLength="2147483647" maxDepth="2147483647" maxBytesPerRead="16384" maxArrayLength="2147483647"/>
</binaryMessageEncoding>
<!-- <httpsTransportmaxBufferSize="2147483647" maxReceivedMessageSize="2147483647"/> -->
<httpsTransport maxBufferSize="2147483647" maxReceivedMessageSize="2147483647" authenticationScheme="Negotiate" />
</binding>
<!-- Be sure to choose the FIRST or SECOND httpsTransport below -->
<!-- Choose the FIRST to DISABLE Single Sign-on support-->
<!-- Choose the SECOND to ENABLE Single Sign-on support-->
<binding name="WebServerHTTPSBinding">
<binaryMessageEncoding>
<readerQuotas maxStringContentLength="2147483647" maxDepth="2147483647" maxBytesPerRead="16384" maxArrayLength="2147483647"/>
</binaryMessageEncoding>
<!-- <httpsTransportmaxBufferSize="2147483647" maxReceivedMessageSize="2147483647"/> -->
<httpsTransport maxBufferSize="2147483647" maxReceivedMessageSize="2147483647" authenticationScheme="Negotiate" />
</binding>
m. Save your changes and close the bindings.config XML configuration file.
Once this procedure is completed, you might need to restart IIS and the Windchill Risk and Reliability Object Broker and Security services to have HTTPS take effect