dcmecho and dcmsnd not connecting to dcm4chee with TLS instance - "Connection closed by remote host" message

[José Antonio Gómez]

Hi there!

First of all, sorry about my english. Thanks for your patience.

Here is the scenario:

I’ve setup months ago a DCM4CHEE (dcm4chee-2.18.3-mysql) platform on a remote server (Ubuntu Linux 16.04) with plain connection (no TLS encryption) that works fine since then. After that I set up one instance following these steps (https://nitinbksc.wordpress.com/2009/07/24/setting-multiple-instances-for-jboss-4-2-3-ga/) and worked fine too adding TLS encryption. I successfully sent study files to that instance until days ago when started to not connect and thrown messages that I can’t find solution over the forums, guides and blogs.

When I run a dcmecho command in my computer throws these messages:

The server-side one at server.log is:

2016-11-24 10:06:48,708 INFO  -> (TCPServer-1) [org.dcm4cheri.server.ServerImpl] handle - 2150552e[SSL_NULL_WITH_NULL_NULL: Socket[addr=/81.37.254.22,port=50300,localport=11443]]
2016-11-24 10:06:48,848 ERROR -> (TCPServer-1) [org.dcm4cheri.server.ServerImpl] java.io.IOException: NotAfter: Mon Nov 21 10:05:02 CET 2016
java.io.IOException: NotAfter: Mon Nov 21 10:05:02 CET 2016
 at org.dcm4cheri.server.ServerImpl.init(ServerImpl.java:365)
 at org.dcm4cheri.server.ServerImpl.run(ServerImpl.java:278)
 at org.dcm4cheri.util.LF_ThreadPool.join(LF_ThreadPool.java:174)
 at org.dcm4cheri.server.ServerImpl$1.run(ServerImpl.java:242)
 at java.lang.Thread.run(Thread.java:745)
2016-11-24 10:06:48,848 INFO  -> (TCPServer-1) [org.dcm4cheri.server.ServerImpl] finished - 2150552e[SSL_RSA_WITH_3DES_EDE_CBC_SHA: Socket[addr=/81.37.254.22,port=50300,localport=11443]]

And the local-side console message is:

Note: I’ve changed server’s IP to 1.2.3.4 and AE Title to AETITLE for privacy reasons.

Initialize TLS context in 0.099s
10:16:55,877 INFO   - Association(1) initiated 6500df86[SSL_NULL_WITH_NULL_NULL: Socket[addr=/1.2.3.4,port=11443,localport=50453]]
10:16:55,888 INFO   - AETITLE(1) << A-ASSOCIATE-RQ[
  calledAET = AETITLE
  callingAET = DCMECHO
  applicationContext = 1.2.840.10008.3.1.1.1 - DICOM Application Context Name
  implClassUID = 1.2.40.0.13.1.1
  implVersionName = dcm4che-2.0
  maxPDULength = 16384
  maxOpsInvoked/maxOpsPerformed = 0/0
  PresentationContext[id = 1, as = 1.2.840.10008.1.1 - Verification SOP Class
    ts = 1.2.840.10008.1.2 - Implicit VR Little Endian
    ]
  Role Selection(0):
  Extended Negotiation(0):
  Common Extended Negotiation(0):
]
10:16:56,035 INFO   - AETITLE(1): close 6500df86[SSL_RSA_WITH_3DES_EDE_CBC_SHA: Socket[addr=/1.2.3.4,port=11443,localport=50453]]
ERROR: Failed to establish association:Connection closed by remote host

I’m really really lost with this and my client needs the service (the TLS one).

A lot of thanks at advance.

[José Antonio Gómez]

Hi again!

I finally solved this.

Since last time the TLS instance worked I've rebooted the server and update a lot of packages (not Java btw) several times. The thing is that It worked when I create the keystore and truststore keys again.

I guess that in some point of this months the old TLS keys stop being valid.

Anyway, if somebody knows what was actually caused this I appreciate so much and I would be useful to the community.

I hope this help somebody.

Regards

El jueves, 24 de noviembre de 2016, 11:06:22 (UTC+1), José Antonio Gómez escribió:

Hi there!

First of all, sorry about my english. Thanks for your patience.

Here is the scenario:

I’ve setup months ago a DCM4CHEE (dcm4chee-2.18.3-mysql) platform on a remote server (Ubuntu Linux 16.04) with plain connection (no TLS encryption) that works fine since then. After that I set up one instance following these steps (https://nitinbksc.wordpress.com/2009/07/24/setting-multiple-instances-for-jboss-4-2-3-ga/) and worked fine too adding TLS encryption. I successfully sent study files to that instance until days ago when started to not connect and thrown messages that I can’t find solution over the forums, guides and blogs.

When I run a dcmecho command in my computer throws these messages:

The server-side one at server.log is:

2016-11-24 10:06:48,708 INFO  -> (TCPServer-1) [org.dcm4cheri.server.ServerImpl] handle - 2150552e[SSL_NULL_WITH_NULL_NULL: Socket[addr=/81.37.254.22,port=50300,localport=11443]]
2016-11-24 10:06:48,848 ERROR -> (TCPServer-1) [org.dcm4cheri.server.ServerImpl] java.io.IOException: NotAfter: Mon Nov 21 10:05:02 CET 2016
java.io.IOException: NotAfter: Mon Nov 21 10:05:02 CET 2016
 at org.dcm4cheri.server.ServerImpl.init(ServerImpl.java:365)
 at org.dcm4cheri.server.ServerImpl.run(ServerImpl.java:278)
 at org.dcm4cheri.util.LF_ThreadPool.join(LF_ThreadPool.java:174)
 at org.dcm4cheri.server.ServerImpl$1.run(ServerImpl.java:242)
 at java.lang.Thread.run(Thread.java:745)
2016-11-24 10:06:48,848 INFO  -> (TCPServer-1) [org.dcm4cheri.server.ServerImpl] finished - 2150552e[SSL_RSA_WITH_3DES_EDE_CBC_SHA: Socket[addr=/81.37.254.22,port=50300,localport=11443]]

And the local-side console message is:

Note: I’ve changed server’s IP to 1.2.3.4 for privacy reasons.

[Gunter Zeilinger]

Each X.509 Certificate has a Valid Date Range, and the Certificate which you used before was valid until

Mon Nov 21 10:05:02 CET 2016

10:16:55,888 INFO   - TELRADS(1) << A-ASSOCIATE-RQ[
  calledAET = TELRADS
  callingAET = DCMECHO
  applicationContext = 1.2.840.10008.3.1.1.1 - DICOM Application Context Name

  implClassUID = 1.2.40.0.13.1.1
  implVersionName = dcm4che-2.0
  maxPDULength = 16384
  maxOpsInvoked/maxOpsPerformed = 0/0
  PresentationContext[id = 1, as = 1.2.840.10008.1.1 - Verification SOP Class
    ts = 1.2.840.10008.1.2 - Implicit VR Little Endian
    ]
  Role Selection(0):
  Extended Negotiation(0):
  Common Extended Negotiation(0):
]

10:16:56,035 INFO   - TELRADS(1): close 6500df86[SSL_RSA_WITH_3DES_EDE_CBC_SHA: Socket[addr=/1.2.3.4,port=11443,localport=50453]]

ERROR: Failed to establish association:Connection closed by remote host

I’m really really lost with this and my client needs the service (the TLS one).

A lot of thanks at advance.

--
You received this message because you are subscribed to the Google Groups "dcm4che" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dcm4che+unsubscribe@googlegroups.com.
To post to this group, send email to dcm...@googlegroups.com.
Visit this group at https://groups.google.com/group/dcm4che.
For more options, visit https://groups.google.com/d/optout.

[José Antonio Gómez]

Oh boy.

That's last monday :S It's good to know that.

But now I have a new question about that. How can I update that valid range the next time? By creating a new certificate?

Thank you very very much :)

[Gunter Zeilinger]

Yes, you have to create a new certificate - if you do not explicit specify the Valid Date Range, it will be valid from now for one year.