Use Custom Keystore with Archive - dcm4che/dcm4chee-arc-light GitHub Wiki

Overview

This page briefly describes how one may use their own key+certificate in dockerized archive (using docker-compose) instead of the default keystore provided by the archive.

Configuration

  • Configure archive as specified in Running on Docker
  • Before you start the containers:
    • Create a custom directory in /var/local/dcm4chee-arc/.
    • Place your keystore (in JKS or PKCS12 format) in this directory, i.e. /var/local/dcm4chee-arc/custom-dir
    • In your docker-compose.yml Map this directory to a path within the archive container as :
      - /var/local/dcm4chee-arc/custom-dir:/opt/wildfly/custom-dir
      
    • If you're using secured version of archive, in the same docker-compose.yml file, do the same volume mapping also for keycloak container
      - /var/local/dcm4chee-arc/custom-dir:/opt/wildfly/custom-dir
      
    • In docker-compose.env file, specify your keystore (Replace custom-keystore and custom-keystore-password with your keystore values)
      KEYSTORE=/opt/wildfly/custom-dir/custom-keystore.p12
      KEYSTORE_PASSWORD=custom-keystore-password
      
    • In the same docker-compose.env file, if your private key in keystore is protected by a password, then specify (Replace custom-keystore-private-key-password with value as required)
      KEY_PASSWORD=custom-keystore-private-key-password
      
    • By default, the KEYSTORE_TYPE is PKCS12. If you used a JKS type of keystore, you need to specify this env variable
      KEYSTORE_TYPE=JKS
      
    • Provide read permission to all users to this folder
      sudo chmod a+r /var/local/dcm4chee-arc/custom-dir/*
      
  • Start the containers as specified
  • If you used a secure version of archive, to enable Keycloak adapter in archive to accept requests from Keycloak server, add the CA certificate
    cd /var/local/dcm4chee-arc/wildfly/configuration/keystores
    
    keytool -import -alias customCA -file <custom-CA-certificate.pem> -storetype JKS -keystore cacerts.p12
    
⚠️ **GitHub.com Fallback** ⚠️