Mercurial > hg > orthanc-book
comparison Sphinx/source/faq/https.rst @ 512:be8b638f3f46
added mutual auth
author | Alain Mazy <alain@mazy.be> |
---|---|
date | Wed, 16 Sep 2020 11:46:11 +0200 |
parents | 18ef1c795d17 |
children | 22e3868d2eb1 |
comparison
equal
deleted
inserted
replaced
511:5b574520a34c | 512:be8b638f3f46 |
---|---|
173 "DicomAet" : "ORTHANC", | 173 "DicomAet" : "ORTHANC", |
174 "DicomPort" : 4242, | 174 "DicomPort" : 4242, |
175 "HttpPort" : 8042, | 175 "HttpPort" : 8042, |
176 [...] | 176 [...] |
177 } | 177 } |
178 | |
179 | |
180 Securing Orthanc with mutual TLS authentication | |
181 ............................................... | |
182 | |
183 .. highlight:: bash | |
184 | |
185 Once HTTPS is enabled, Orthanc can also be configured to accept incoming | |
186 connections based on a certificate provided by the client. | |
187 | |
188 Server side, this is configured via:: | |
189 | |
190 { | |
191 "SslVerifyPeers": true, | |
192 "SslTrustedClientCertificates": "trustedClientCertificates.pem" | |
193 } | |
194 | |
195 ``SslTrustedClientCertificates`` shall contain a list of certificates | |
196 that are trusted. This can be a list of individual self-signed certificates | |
197 or this can contain a list of trusted root CAs. | |
198 | |
199 Client side, this is configured via:: | |
200 | |
201 { | |
202 "OrthancPeers" : { | |
203 "orthanc-b" : { | |
204 "Url" : "https://localhost:8043", | |
205 "CertificateFile" : "client-crt.pem", | |
206 "CertificateKeyFile" : "client-key.pem", | |
207 "CertificateKeyPassword": "" | |
208 } | |
209 } | |
210 } | |
211 | |
212 Note that the same kind of configuration is also available for | |
213 :ref:`DICOMweb client <dicomweb-client>`. | |
214 | |
215 An example of such a setup with instructions to generate the | |
216 certificates is available `here <https://bitbucket.org/osimis/orthanc-setup-samples/src/master/docker/tls-mutual-auth/>`__ . |