Secured Archive TLS - dcm4che/dcm4chee-arc-light GitHub Wiki

This is available only from archive version 5.13.1 onwards.

Refer Forwarding for secured archive non TLS for doing the basic configuration.

To enable TLS with Secured Archive, one would need to add dcmTLSAllowAnyHostname attribute in the RS Forward Rule. Also, https connection shall be configured on Archive 2, and the same shall be referenced in the Web Application configured on Archive 2.

• Ensure Keycloak Configuration and Wildfly Configuration are done.

One may either

• create a LDIF file (e.g.):

    version: 1
    dn: cn=RS Forward,dicomDeviceName=dcm4chee-arc,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
    objectClass: dcmRSForwardRule
    cn: RS Forward
    dcmWebAppName: archive2WebApp
    dcmRSOperation: CreatePatient
    dcmRSOperation: UpdatePatient
    dcmRSOperation: DeletePatient
    dcmTLSAllowAnyHostname: true
    -
    
    dn: cn=https,dicomDeviceName=dcm4chee-arc2,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
    objectClass: dcmNetworkConnection
    objectClass: dicomNetworkConnection
    dicomHostname: localhost
    cn: https
    dcmProtocol: HTTP
    dicomPort: 8743
    dicomTLSCipherSuite: TLS_RSA_WITH_AES_128_CBC_SHA
    dicomTLSCipherSuite: SSL_RSA_WITH_3DES_EDE_CBC_SHA
    - 
    
    dn: dcmWebAppName=archive2WebApp,dicomDeviceName=dcm4chee-arc2,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
    objectClass: dcmWebApp
    dcmWebAppName: archive2WebApp
    dcmWebServiceClass: DCM4CHEE_ARC_AET
    dcmWebServicePath: /dcm4chee-arc/aets/DCM4CHEE/rs
    dicomNetworkConnectionReference: cn=http,dicomDeviceName=dcm4chee-arc2,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
    dicomNetworkConnectionReference: cn=https,dicomDeviceName=dcm4chee-arc2,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
    dcmKeycloakClientID: test
    -
  
    dn: dcmKeycloakClientID=test,dicomDeviceName=dcm4chee-arc2,cn=Devices,cn=DICOM Configuration,dc=dcm4che,dc=org
    objectClass: dcmKeycloakClient
    dcmKeycloakClientID: test
    dcmKeycloakRealm: dcm4che
    dcmURI: http://localhost:8680/auth
    dcmKeycloakClientSecret: ee379e31-dd0f-4dd2-8c81-81fbfa84d5b5
    dcmTLSAllowAnyHostname: TRUE
    -
  

  and import it to the LDAP Server by using the ldapmodify command line utility.

One may refer to RESTful Forward Rule, Web Application and Keycloak Client to understand the description of attributes and also has the complete list of supported RESTful operations supported by this feature in archive.

Note :

• The dcmURI, dcmKeycloakClientID and dcmKeycloakClientSecret values shall be adapted to the values used in your Keycloak 2 configuration.
• The dicomHostname and dicomPort shall be adapted to the values used in your Wildfly configuration for Archive 2.

Go to the Control tab on Configuration page in archive UI and reload the configuration.