06-22-2020 11:36 PM
yesterday I spent quite time to get APOLLO Advantage 2020 working under SSL on a Windows Server 2019 at customer site. So, I thought it is a good idea to share this knowledge.
TLS1.0 and TLS1.1 has been deactivated on this server for security reasons (which I would recommend for every site facing to the Internet). This means the only available protocol versions for SSL are TLS 1.2 and 1.3. Unfortunately, this leads to some troubles on the APOLLO side.
Everything seems to work fine after the initial APOLLO configuration. No errors in the server.log and I have been able connect to APOLLO and to crawl datasets using the Datamanager. The test dataset has been added to the catalog as well as to APOLLO Core.
But as soon as I tried to access the data via WMS e.g. by requesting the GetCapablities document: I do get the following error message displayed in the browser: “The client and server cannot communicate, because they do not possess a common algorithm”.
The same request directly sent to APOLLO core (... /erdas-iws/ogc/wms/APOLLO-Catalog?service=WMS&request=getcapabilities) is working fine.
After some investigation I found the solution. The APOLLO WMS is based on .Net. On this machine version 4.6x has been installed. Unfortunately, this .Net version still uses TLS1.1 per default to connect to SSL endpoints. So, the above stated error message is correct. The server only offers TLS1.2 or greater and .Net tries to connect via TLS1.1.
I added two registry keys to force .Net to use TLS1.2:
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319] "SchUseStrongCrypto"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319] "SchUseStrongCrypto"=dword:00000001
and restarted IIS. From now on the access to APOLLO WMS worked without any further issues.
Solved! Go to Solution.