Mercurial > hg > orthanc-book

changeset 1146:529cea35b08f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
added https-ca-certificates explanations
author Benoit Crickboom <bc@orthanc.team>
date Fri, 04 Apr 2025 15:12:32 +0200
parents f0a0f9ea346b
children 5875ab184744
files Sphinx/source/faq.rst Sphinx/source/faq/https-ca-certificates.rst Sphinx/source/plugins/object-storage.rst
diffstat 3 files changed, 38 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/Sphinx/source/faq.rst	Thu Jan 30 09:40:27 2025 +0100
+++ b/Sphinx/source/faq.rst	Fri Apr 04 15:12:32 2025 +0200
@@ -67,6 +67,7 @@
    faq/nginx.rst
    faq/iis.rst
    faq/https.rst
+   faq/https-ca-certificates
    faq/same-origin.rst
    faq/matlab.rst
    faq/series-completion.rst
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/Sphinx/source/faq/https-ca-certificates.rst	Fri Apr 04 15:12:32 2025 +0200
@@ -0,0 +1,35 @@
+.. _https-ca-certificates:
+
+
+How to configure the HttpsCACertificates parameter?
+===================================================
+
+In somes cases, Orthanc may have to query some third-party services
+thanks to HTTPS requests (distant :ref:`DICOMweb server <dicomweb>`, 
+:ref:`object storage <object-storage>`,...).
+
+Orthanc relies on `cURL <https://curl.se/>`_ for such queries.
+
+Starting with Orthanc 1.12.6 and provided that Orthanc has been built with
+libcurl > 8.2.0, if ``HttpsCACertificates`` is left empty in the Orthanc
+configuration file, Orthanc uses the operating system native CA store to
+validate the certificates received from the distant servers (cURL
+"--ca-native" option). In most of the setups, this is perfectly fine and 
+the servers certificates are validated correctly.
+
+However, one could face some troubles, especially on Microsoft Windows
+setups.
+
+To fix them, download the CA certificate store (in PEM format) from the
+`cURL project <https://curl.haxx.se/docs/caextract.html>`__.
+
+.. highlight:: json
+
+And then, store it on the drive and modify your configuration file according to
+(file path to adapt)::
+
+  {
+    "HttpsCACertificates" : "C:\\Program Files\\Orthanc Server\\resources\\cacert.pem"
+  }
+
+.. highlight:: text
--- a/Sphinx/source/plugins/object-storage.rst	Thu Jan 30 09:40:27 2025 +0100
+++ b/Sphinx/source/plugins/object-storage.rst	Fri Apr 04 15:12:32 2025 +0200
@@ -138,6 +138,8 @@
 in the `AWS official documentation
 <https://docs.aws.amazon.com/cli/v1/userguide/cli-configure-envvars.html>`__.
 
+**Warning:** On Microsoft Windows, one may face some certificates validation troubles, see :ref:`this page <https-ca-certificates>`.
+
 
 .. _minio: