Mercurial > hg > orthanc-book
diff Sphinx/source/faq/https.rst @ 512:be8b638f3f46
added mutual auth
author | Alain Mazy <alain@mazy.be> |
---|---|
date | Wed, 16 Sep 2020 11:46:11 +0200 |
parents | 18ef1c795d17 |
children | 22e3868d2eb1 |
line wrap: on
line diff
--- a/Sphinx/source/faq/https.rst Mon Sep 14 14:54:15 2020 +0200 +++ b/Sphinx/source/faq/https.rst Wed Sep 16 11:46:11 2020 +0200 @@ -175,3 +175,42 @@ "HttpPort" : 8042, [...] } + + +Securing Orthanc with mutual TLS authentication +............................................... + +.. highlight:: bash + +Once HTTPS is enabled, Orthanc can also be configured to accept incoming +connections based on a certificate provided by the client. + +Server side, this is configured via:: + + { + "SslVerifyPeers": true, + "SslTrustedClientCertificates": "trustedClientCertificates.pem" + } + +``SslTrustedClientCertificates`` shall contain a list of certificates +that are trusted. This can be a list of individual self-signed certificates +or this can contain a list of trusted root CAs. + +Client side, this is configured via:: + + { + "OrthancPeers" : { + "orthanc-b" : { + "Url" : "https://localhost:8043", + "CertificateFile" : "client-crt.pem", + "CertificateKeyFile" : "client-key.pem", + "CertificateKeyPassword": "" + } + } + } + +Note that the same kind of configuration is also available for +:ref:`DICOMweb client <dicomweb-client>`. + +An example of such a setup with instructions to generate the +certificates is available `here <https://bitbucket.org/osimis/orthanc-setup-samples/src/master/docker/tls-mutual-auth/>`__ . \ No newline at end of file