Mercurial > hg > orthanc-book
diff Sphinx/source/faq/https.rst @ 0:901e8961f46e
initial commit
author | Sebastien Jodogne <s.jodogne@gmail.com> |
---|---|
date | Fri, 22 Apr 2016 12:57:38 +0200 |
parents | |
children | 114506f51e70 |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/Sphinx/source/faq/https.rst Fri Apr 22 12:57:38 2016 +0200 @@ -0,0 +1,45 @@ +.. highlight:: bash +.. _https: + +HTTPS encryption with Orthanc +============================= + +It is highly desirable to enable HTTPS (SSL) encryption with Orthanc +to protect its REST API, as it provides access to medical +information. To this end, you have two possibilites: + +1. Put Orthanc behind an enterprise-ready HTTPS server such as + :ref:`Apache <apache>` or :ref:`nginx <nginx>`. +2. For simple deployments, use Orthanc :ref:`built-in HTTPS server <https-builtin>`. + +**You should always favor the first option**. The second option might make +sense in the context of an hospital Intranet, i.e. the Orthanc server +is not publicly accessible from the Internet. + + +.. _https-builtin: + +Built-in encryption +------------------- + +To enable the built-in HTTP server of Orthanc, you need to: + +1. Obtain a `X.509 certificate <http://en.wikipedia.org/wiki/X.509>`_ + in the `PEM format + <http://en.wikipedia.org/wiki/X.509#Certificate_filename_extensions>`_. +2. Prepend this certificate with the content of your private key. +3. Modify the ``SslEnabled`` and ``SslCertificate`` variables in the + :ref:`Orthanc configuration file <configuration>`. + +Here are simple instructions to create a self-signed SSL certificate +that is suitable for test environments with the `OpenSSL +<http://en.wikipedia.org/wiki/Openssl>`_ command-line tools:: + + $ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout private.key -out certificate.crt + $ cat private.key certificate.crt > certificate.pem + +Some interesting references about this topic can be found `here +<http://devsec.org/info/ssl-cert.html>`__, `here +<http://www.akadia.com/services/ssh_test_certificate.html>`__, and +`here +<http://stackoverflow.com/questions/991758/how-to-get-an-openssl-pem-file-from-key-and-crt-files>`__.