diff Sphinx/source/faq/https.rst @ 512:be8b638f3f46

added mutual auth
author Alain Mazy <alain@mazy.be>
date Wed, 16 Sep 2020 11:46:11 +0200
parents 18ef1c795d17
children 22e3868d2eb1
line wrap: on
line diff
--- a/Sphinx/source/faq/https.rst	Mon Sep 14 14:54:15 2020 +0200
+++ b/Sphinx/source/faq/https.rst	Wed Sep 16 11:46:11 2020 +0200
@@ -175,3 +175,42 @@
     "HttpPort" : 8042,
     [...]
   }
+
+
+Securing Orthanc with mutual TLS authentication
+...............................................
+        
+.. highlight:: bash
+               
+Once HTTPS is enabled, Orthanc can also be configured to accept incoming
+connections based on a certificate provided by the client.
+
+Server side, this is configured via::
+
+  {
+    "SslVerifyPeers": true,
+    "SslTrustedClientCertificates": "trustedClientCertificates.pem"
+  }
+
+``SslTrustedClientCertificates`` shall contain a list of certificates
+that are trusted.  This can be a list of individual self-signed certificates
+or this can contain a list of trusted root CAs.
+
+Client side, this is configured via::
+
+  {
+    "OrthancPeers" : {
+      "orthanc-b" : {
+        "Url" : "https://localhost:8043",
+        "CertificateFile" : "client-crt.pem",
+        "CertificateKeyFile" : "client-key.pem",
+        "CertificateKeyPassword": ""
+      }
+    }
+  }
+	  
+Note that the same kind of configuration is also available for 
+:ref:`DICOMweb client <dicomweb-client>`.
+
+An example of such a setup with instructions to generate the
+certificates is available `here <https://bitbucket.org/osimis/orthanc-setup-samples/src/master/docker/tls-mutual-auth/>`__ .
\ No newline at end of file