APOLLO & ECW/JP2 Discussions

Wondering how others have configured their ERDAS APOLLO server or what data they are crawling? The ERDAS APOLLO Discussion board is a place to find information, share ideas and more. Join the community, connect, contribute and share.
Showing results for 
Search instead for 
Do you mean 
Reply
Highlighted
Contributor
Posts: 82
Registered: ‎11-02-2015
Accepted Solution

SSL for APOLLO on Windows Server 2019 and TLS1.2

Dear community,

 

yesterday I spent quite time to get APOLLO Advantage 2020 working under SSL on a Windows Server 2019 at customer site. So, I thought it is a good idea to share this knowledge.

 

TLS1.0 and TLS1.1 has been deactivated on this server for security reasons (which I would recommend for every site facing to the Internet). This means the only available protocol versions for SSL are TLS 1.2 and 1.3. Unfortunately, this leads to some troubles on the APOLLO side.

 

Everything seems to work fine after the initial APOLLO configuration. No errors in the server.log and I have been able connect to APOLLO and to crawl datasets using the Datamanager. The test dataset has been added to the catalog as well as to APOLLO Core.

 

But as soon as I tried to access the data via WMS e.g. by requesting the GetCapablities document: I do get the following error message displayed in the browser: “The client and server cannot communicate, because they do not possess a common algorithm”.

error.jpg

 

The same request directly sent to APOLLO core (... /erdas-iws/ogc/wms/APOLLO-Catalog?service=WMS&request=getcapabilities) is working fine.

 

After some investigation I found the solution. The APOLLO WMS is based on .Net. On this machine version 4.6x has been installed. Unfortunately, this .Net version still uses TLS1.1 per default to connect to SSL endpoints. So, the above stated error message is correct. The server only offers TLS1.2 or greater and .Net tries to connect via TLS1.1.

 

I added two registry keys to force .Net to use TLS1.2:

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

 

and restarted IIS. From now on the access to APOLLO WMS worked without any further issues.

 

Cheers

Fritz

 

Geography is what geographers do...
Highlighted
Technical Evangelist
Posts: 953
Registered: ‎07-30-2015

Re: SSL for APOLLO on Windows Server 2019 and TLS1.2

Hi Fritz,

 

Thanks so much for sharing your findings, much appreciated!

 

Best
haiyan