If you are using Windows Server 2016, you may need to make adjustments in the registry to use the SSL server certificate. We recommend using at least Transport Layer Security (TLS) 1.2. For information on how to configure the TLS version for Windows systems, refer to the Microsoft documentation.

The Tomcat server.xml file should look like this:

<Connector

SSLEnabled="true"

ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,

TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,

TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,

TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,

TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,

TLS_AES_256_GCM_SHA384,

TLS_CHACHA20_POLY1305_SHA256,

TLS_AES_128_GCM_SHA256"

clientAuth="false"

keystoreFile="C:\ keystore.jks"

keystorePass="aaa"

maxHttpHeaderSize="65536"

maxThreads="1000"

port="9093"

protocol="org.apache.coyote.http11.Http11NioProtocol"

scheme="https"

secure="true"

sslEnabledProtocols="+TLSv1.2,+TLSv1.3"/>

The keystoreFile, keystorePass, and port properties must be adapted to the respective server installation. Make sure that you enter the cipher suites TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 and TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256. If you make changes in the server.xml, you have to restart the ELO server.

If you have activated the correct TLS version in the system, configured the server.xml as described, and ELOxc still cannot establish an SSL connection to the Indexserver, you can try removing the ciphers property from server.xml.

If this also fails, you can still try to enter TLS version 1.1 as well:

sslEnabledProtocols="+TLSv1.1,+TLSv1.2,+TLSv1.3"