Let's Encrypt SSL for DCM4CHEE
781 views
Skip to first unread message
Neeraj Paliwal
Dec 21, 2021, 2:52:57 AM12/21/21
to dcm4che
Hi,
How should we configure Let's Encrypt SSL for dcm4chee.
Thanks & Regards,
Neeraj Paliwal
Todd Jensen
Dec 21, 2021, 6:03:46 PM12/21/21
to dcm4che
This is highly dependent upon how you have setup dcm4chee. And that you have a fully qualified domain name that maps to your server's public IP address.
I've had good luck setting up the Docker--ized install based on the instructions at https://github.com/dcm4che/dcm4chee-arc-light/wiki/Run-secured-archive-services-on-a-single-host, but added an nginx service in the docker-compose.yml to proxy the https connections using a certificate from Let's Encrypt. I use a bit of a convoluted method to get the certificate using certbot in standalone mode and then mapping the certificate to the nginx container.
You could also use certbot to get a certificate and then create a PKCS12 version of it from the PEM files using openssl and use that to replace the default cert installed by dcm4chee.
Todd Jensen, PhD
Jensen Informatics LLC
LOG
Dec 22, 2021, 9:31:18 AM12/22/21
to dcm4che
With help of the article in the next link:
I created scripts to automate the creation of the Keystore and the truststore
Neeraj Paliwal
Dec 30, 2021, 7:50:37 AM12/30/21
to dcm...@googlegroups.com
I have solved the problem.
using create a p12 certificate with openssl pkcs12 -export -inkey privkey.pem -in chain.pem -CAfile cert.pem -out cacert.p12
and add the path in dcm4chee-arc.xml // standalone.xml and add domain name in auth URL its working for me.
Rename cacert.p12 with key.p12 and use as key file.
<system-properties>
<property name="dcm4chee-arc.DeviceName" value="dcm4chee-arc"/>
<property name="super-user-role" value="admin"/>
<property name="realm-name" value="dcm4che"/>
<property name="auth-server-url" value="https://example.com:8843/auth"/>
</system-properties>
<property name="dcm4chee-arc.DeviceName" value="dcm4chee-arc"/>
<property name="super-user-role" value="admin"/>
<property name="realm-name" value="dcm4che"/>
<property name="auth-server-url" value="https://example.com:8843/auth"/>
</system-properties>
--
You received this message because you are subscribed to a topic in the Google Groups "dcm4che" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/dcm4che/uSp_UKEQfT0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to dcm4che+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dcm4che/159efba1-e371-40ca-aa49-f6ea339b4a72n%40googlegroups.com.
Jonathan Brooks
Mar 7, 2022, 5:10:11 PM3/7/22
to dcm4che
Hi Neeraj,
Thanks for this information. Can I check something with you?
Is the reason why renaming cacert.p12 to key.p12 works because the .p12 file you created contained all the necessary information i.e. (1) the private key (privkey.pem), (2) the signed certificate (chain.pem) and (3) the certificate from the signing authority (cert.pem)?
So the "same" file can be used both as a key and a certificate to authenticate the key?
This https stuff is making my head hurt.
Best wishes,
Jon
Reply all
Reply to author
Forward
0 new messages