Mercurial > hg > orthanc-book
comparison Sphinx/source/faq/https.rst @ 0:901e8961f46e
initial commit
author | Sebastien Jodogne <s.jodogne@gmail.com> |
---|---|
date | Fri, 22 Apr 2016 12:57:38 +0200 |
parents | |
children | 114506f51e70 |
comparison
equal
deleted
inserted
replaced
-1:000000000000 | 0:901e8961f46e |
---|---|
1 .. highlight:: bash | |
2 .. _https: | |
3 | |
4 HTTPS encryption with Orthanc | |
5 ============================= | |
6 | |
7 It is highly desirable to enable HTTPS (SSL) encryption with Orthanc | |
8 to protect its REST API, as it provides access to medical | |
9 information. To this end, you have two possibilites: | |
10 | |
11 1. Put Orthanc behind an enterprise-ready HTTPS server such as | |
12 :ref:`Apache <apache>` or :ref:`nginx <nginx>`. | |
13 2. For simple deployments, use Orthanc :ref:`built-in HTTPS server <https-builtin>`. | |
14 | |
15 **You should always favor the first option**. The second option might make | |
16 sense in the context of an hospital Intranet, i.e. the Orthanc server | |
17 is not publicly accessible from the Internet. | |
18 | |
19 | |
20 .. _https-builtin: | |
21 | |
22 Built-in encryption | |
23 ------------------- | |
24 | |
25 To enable the built-in HTTP server of Orthanc, you need to: | |
26 | |
27 1. Obtain a `X.509 certificate <http://en.wikipedia.org/wiki/X.509>`_ | |
28 in the `PEM format | |
29 <http://en.wikipedia.org/wiki/X.509#Certificate_filename_extensions>`_. | |
30 2. Prepend this certificate with the content of your private key. | |
31 3. Modify the ``SslEnabled`` and ``SslCertificate`` variables in the | |
32 :ref:`Orthanc configuration file <configuration>`. | |
33 | |
34 Here are simple instructions to create a self-signed SSL certificate | |
35 that is suitable for test environments with the `OpenSSL | |
36 <http://en.wikipedia.org/wiki/Openssl>`_ command-line tools:: | |
37 | |
38 $ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout private.key -out certificate.crt | |
39 $ cat private.key certificate.crt > certificate.pem | |
40 | |
41 Some interesting references about this topic can be found `here | |
42 <http://devsec.org/info/ssl-cert.html>`__, `here | |
43 <http://www.akadia.com/services/ssh_test_certificate.html>`__, and | |
44 `here | |
45 <http://stackoverflow.com/questions/991758/how-to-get-an-openssl-pem-file-from-key-and-crt-files>`__. |