Hexagon Geospatial
MENU

WebGIS

Need a push in the right direction when configuring WebMap, Portal or SDI services? Looking for hints and tips, or just looking for Ideas and information? The WebGIS discussion board is where you start those discussions, connect and share information.
Showing results for 
Search instead for 
Do you mean 
Reply
Highlighted
Regular Contributor
Posts: 246
Registered: ‎10-26-2015

Using Geospatial Portal with TLS 1.2 protocol

[ Edited ]

Having just spent a couple of days getting this to work I thought I would share what I've learned on the community.

 

Customer's environment/requirements

  • Use of TLS 1.2 security protocol only (all previous TLS versions and SSL protocols are disabled)
  • Geospatial Portal web sites must run under HTTPS
  • Geospatial Portal web sites configured to use Microsoft IIS Windows Authentication
  • Windows Server 2008 R2 web server

 

Once the customer's IT department had changed the Operating System configuration to only allow TLS 1.2 (this included restricting hashing algorithms, ciphers and key exchange algorithms) the following functionality in Geospatial Portal was affected:

 

  • Unable to configure Geospatial Portal instance in Admin Console web site.
  • Unable to set starting workspace for Geospatial Portal instance using Admin Portal.
  • Printing stopped working (PhantomJS print engine is configured)

 

To resolve the issues:

 

  1. Update PhantomJS library to latest release (version 2.1.1).
  2. Install Microsoft .NET 4.6.2 (this version supports TLS 1.2 with no required Microsoft updates).
  3. Enable strong cryptography in .NET Framework (not sure this is required for .NET 4.6 but its best practice) - see https://docs.microsoft.com/en-us/officeonlineserver/enable-tls-1-1-and-tls-1-2-support-in-office-onl....
  4. Configure Geospatial Portal, Admin Portal and Administration Console to use .NET 4.6 run time in web.config files.
  5. Delete all Microsoft .NET temporary files for updated web applications and delete application cache located under Geospatial Portal instance App_Data\Cache folder.

Geospatial Portal / Admin Portal web.config change:

Add targetFramework="4.6" to <httpRuntime>

 

<httpRuntime executionTimeout="3600" requestValidationMode="2.0" maxUrlLength="65535" maxQueryStringLength="2097151" targetFramework="4.6"/>

 

For Admin Console web configI changed a few lines.

 

<!-- httpRuntime added to specifiy to use .NET 4.6--> 
<httpRuntime executionTimeout="3600" maxUrlLength="65535" maxQueryStringLength="2097151" targetFramework="4.6"/> 
<globalization uiCulture="auto" enableClientBasedCulture="true" culture="auto" /> 
<!-- Comment out to ensure .NET 4.6 is used as runtime <httpRuntime requestValidationMode="2.0" /> --> <!--Ensuring .NET 4.6 runtime is used--> <compilation debug="true" targetFramework="4.6">

 

I hope this information helps someone who has to configure Geospatial Portal in a TLS 1.2 only environment. This is becoming more common as its an industry recommendation to disable SSL and earlier versions of TLS protocols.

Do you need immediate support?
If you encounter a critical issue and need immediate assistance please submit a Service Request through our Support Portal.