view Sphinx/source/faq/https-ca-certificates.rst @ 1280:bcf9d28bf383 default tip

pg versions
author Alain Mazy <am@orthanc.team>
date Thu, 09 Jul 2026 10:25:59 +0200
parents 57976f197f2a
children
line wrap: on
line source

.. _https-ca-certificates:


How to configure the HttpsCACertificates parameter?
===================================================

In somes cases, Orthanc may have to query some third-party services
thanks to HTTPS requests (distant :ref:`DICOMweb server <dicomweb>`, 
:ref:`object storage <object-storage>`,...).

Orthanc relies on `cURL <https://curl.se/>`_ for such queries.

Starting with Orthanc 1.12.6 and provided that Orthanc has been built with
libcurl > 8.2.0, if ``HttpsCACertificates`` is left empty in the Orthanc
configuration file, Orthanc uses the operating system native CA store to
validate the certificates received from the distant servers (cURL
"--ca-native" option). In most of the setups, this is perfectly fine and 
the servers certificates are validated correctly.

However, one could face some troubles, especially on **Microsoft
Windows** setups.

To fix them, download the CA certificate store (in PEM format) from the
`cURL project <https://curl.haxx.se/docs/caextract.html>`__.

.. highlight:: json

And then, store it on the drive and modify your configuration file according to
(file path to adapt)::

  {
    "HttpsCACertificates" : "C:\\Program Files\\Orthanc Server\\resources\\cacert.pem"
  }


On **GNU/Linux distributions**, you will most probably find a file
named ``ca-certificates.crt`` somewhere within the ``/etc/`` folder.
For instance, on Ubuntu/Debian derivatives::

  {
    "HttpsCACertificates" : "/etc/ssl/certs/ca-certificates.crt"
  }