Skip to first unread message
Carles
Nov 28, 2019, 5:52:32 AM11/28/19
to dcm4che
Hi!
I'm trying to deploy a production environment for a dcm4chee with the following architecture:
I'm using a standalone Keycloak server (which is properly working and used by other apps) which has been deployed using the official jboss Keycloak Docker image (not the one from dcm4chee).
I'm using a standalone postgres server from AWS RDS.
Then I'm using the slapd dcm4che image and the dcm4chee arc psql image to deploy the dcm4chee.
I've tried to deploy all this architecture in my localhost machine (except the postgres which already was in RDS) and I've been able to make it properly run. But when I try to deploy it into the cloud, if I go to /dcm4chee-arc/ui2 I'm properly redirected to the Keycloak login, after login I'm properly redirected to /dcm4chee-arc/ui2 again, but there I get a Forbidden error.
I've tried to deploy the slapd and the dcm4chee-arc images into my local machine (using the Keycloak from the cloud) and I'm getting the same error.
If I check the server logs then I see the following error:
ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I've seen other threads with this kind of error, but I think that they were more related to a Keycloak issue, and I suppose that in my case is a dcm4chee-arc issue.
I suppose that what happens is that my dcm4chee does not have the AWS certificate included in its keystore, but I don't know how to add it. I know there is a variable in the Docker image to set the keystore file, but I don't know how to use it.
I'm not really used to work with java wildfly servers and with the keystore and truststore, so i'm a little bit lost with this.
Does anyone could help me with this?
Thanks in advance!
Gunter Zeilinger
Nov 28, 2019, 8:20:43 AM11/28/19
to dcm...@googlegroups.com
You may add the CA certificate of the certificate used by your Keycloak instance to configuration/keystores/cacerts.jks in the host mounted /opt/wildfly/standalone directory using java's keytool utility.
Why not using dcm4che/keycloak ? It's pre-configured certificate matches the pre-configured truststore of the the archive.
Sent with ProtonMail Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
--You received this message because you are subscribed to the Google Groups "dcm4che" group.To unsubscribe from this group and stop receiving emails from it, send an email to dcm4che+u...@googlegroups.com.To view this discussion on the web visit https://groups.google.com/d/msgid/dcm4che/0b1d1229-9034-451e-9480-7cf35735528b%40googlegroups.com.
Carles
Nov 28, 2019, 9:21:12 AM11/28/19
to dcm4che
I'm not using dcm4che/keycloak because i use my Keycloak with other apps too...So my intention was choosing a more non dcm4chee dependent solution. But I could think about using it if it makes my life easier
To unsubscribe from this group and stop receiving emails from it, send an email to dcm...@googlegroups.com.
Gunter Zeilinger
Nov 28, 2019, 9:30:06 AM11/28/19
to dcm...@googlegroups.com
dcm4che/keycloak also supports to emit ATNA audit records about User Login/Logout via dcm4che/logstash-dcm4chee to ElasticSearch - or directly to any other ATNA Audit Record Repository.
To unsubscribe from this group and stop receiving emails from it, send an email to dcm4che+u...@googlegroups.com.To view this discussion on the web visit https://groups.google.com/d/msgid/dcm4che/b7a0650f-9c0f-4b7b-bdc5-54313c21fd34%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages