comparison Sphinx/source/faq/https.rst @ 512:be8b638f3f46

added mutual auth
author Alain Mazy <alain@mazy.be>
date Wed, 16 Sep 2020 11:46:11 +0200
parents 18ef1c795d17
children 22e3868d2eb1
comparison
equal deleted inserted replaced
511:5b574520a34c 512:be8b638f3f46
173 "DicomAet" : "ORTHANC", 173 "DicomAet" : "ORTHANC",
174 "DicomPort" : 4242, 174 "DicomPort" : 4242,
175 "HttpPort" : 8042, 175 "HttpPort" : 8042,
176 [...] 176 [...]
177 } 177 }
178
179
180 Securing Orthanc with mutual TLS authentication
181 ...............................................
182
183 .. highlight:: bash
184
185 Once HTTPS is enabled, Orthanc can also be configured to accept incoming
186 connections based on a certificate provided by the client.
187
188 Server side, this is configured via::
189
190 {
191 "SslVerifyPeers": true,
192 "SslTrustedClientCertificates": "trustedClientCertificates.pem"
193 }
194
195 ``SslTrustedClientCertificates`` shall contain a list of certificates
196 that are trusted. This can be a list of individual self-signed certificates
197 or this can contain a list of trusted root CAs.
198
199 Client side, this is configured via::
200
201 {
202 "OrthancPeers" : {
203 "orthanc-b" : {
204 "Url" : "https://localhost:8043",
205 "CertificateFile" : "client-crt.pem",
206 "CertificateKeyFile" : "client-key.pem",
207 "CertificateKeyPassword": ""
208 }
209 }
210 }
211
212 Note that the same kind of configuration is also available for
213 :ref:`DICOMweb client <dicomweb-client>`.
214
215 An example of such a setup with instructions to generate the
216 certificates is available `here <https://bitbucket.org/osimis/orthanc-setup-samples/src/master/docker/tls-mutual-auth/>`__ .