Secured Archive TLS - dcm4che/dcm4chee-arc-light GitHub Wiki

This is available only from archive version 5.13.1 onwards.

Refer Forwarding for secured archive non TLS for doing the basic configuration.

To enable TLS with Secured Archive, one would need to add dcmTLSAllowAnyHostname attribute in the RS Forward Rule. Also, https connection shall be configured on Archive 2, and the same shall be referenced in the Web Application configured on Archive 2.

Configuration

LDAP Configuration

One may either

  • create a LDIF file (e.g.):

      version: 1
      dn: cn=RS Forward,dicomDeviceName=dcm4chee-arc,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
      objectClass: dcmRSForwardRule
      cn: RS Forward
      dcmWebAppName: archive2WebApp
      dcmRSOperation: CreatePatient
      dcmRSOperation: UpdatePatient
      dcmRSOperation: DeletePatient
      dcmTLSAllowAnyHostname: true
      -
      
      dn: cn=https,dicomDeviceName=dcm4chee-arc2,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
      objectClass: dcmNetworkConnection
      objectClass: dicomNetworkConnection
      dicomHostname: localhost
      cn: https
      dcmProtocol: HTTP
      dicomPort: 8743
      dicomTLSCipherSuite: TLS_RSA_WITH_AES_128_CBC_SHA
      dicomTLSCipherSuite: SSL_RSA_WITH_3DES_EDE_CBC_SHA
      - 
      
      dn: dcmWebAppName=archive2WebApp,dicomDeviceName=dcm4chee-arc2,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
      objectClass: dcmWebApp
      dcmWebAppName: archive2WebApp
      dcmWebServiceClass: DCM4CHEE_ARC_AET
      dcmWebServicePath: /dcm4chee-arc/aets/DCM4CHEE/rs
      dicomNetworkConnectionReference: cn=http,dicomDeviceName=dcm4chee-arc2,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
      dicomNetworkConnectionReference: cn=https,dicomDeviceName=dcm4chee-arc2,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
      dcmKeycloakClientID: test
      -
    
      dn: dcmKeycloakClientID=test,dicomDeviceName=dcm4chee-arc2,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
      objectClass: dcmKeycloakClient
      dcmKeycloakClientID: test
      dcmKeycloakRealm: dcm4che
      dcmURI: http://localhost:8680/auth
      dcmKeycloakClientSecret: ee379e31-dd0f-4dd2-8c81-81fbfa84d5b5
      dcmTLSAllowAnyHostname: TRUE
      -
    

    and import it to the LDAP Server by using the ldapmodify command line utility.

One may refer to RESTful Forward Rule, Web Application and Keycloak Client to understand the description of attributes and also has the complete list of supported RESTful operations supported by this feature in archive.

Note :

  • The dcmURI, dcmKeycloakClientID and dcmKeycloakClientSecret values shall be adapted to the values used in your Keycloak 2 configuration.
  • The dicomHostname and dicomPort shall be adapted to the values used in your Wildfly configuration for Archive 2.

Go to the Control tab on Configuration page in archive UI and reload the configuration.

⚠️ **GitHub.com Fallback** ⚠️