Issue: HTTPS Client Certificate

[Bryan Dearlove]

Good Day All, 

I am attempting to use client certificates with Apache. I have configured Apache and using Web or a REST client like Insomnia, I can specify the certificate information and it works no problem, I can upload, download, etc. 

The problem is attempting to send via a peer, it fails. Configuration and error below:

Peer Config:

     "SENDTOPEER" : {

       "Url" : "https://www.domainnamecom:443/",

       "Username" : "user",

       "Password" : "password",

       "CertificateFile" : "C:\\Orthanc\\Certificates\\client.crt",

       "CertificateKeyFile" : "C:\\Orthanc\\Certificates\\client.key",

       "CertificateKeyPassword" : "certpassword",

       "Pkcs11" : false

     }

Apache Error:

[Thu Mar 08 10:53:22.216543 2018] [proxy_http:error] [pid 3544:tid 1692] (70008)Partial results are valid but processing is incomplete: [client SENDFROMPEER 54707] AH02609: read request body failed to 127.0.0.1:8042 (127.0.0.1) from 174.89.147.71 ()

[Thu Mar 08 10:53:22.216543 2018] [proxy_http:error] [pid 3544:tid 1692] [client 174.89.147.71:54707] AH01097: pass request body failed to 127.0.0.1:8042 (127.0.0.1) from SENDFROMPEER ()

[Thu Mar 08 10:53:22.216543 2018] [proxy_http:error] [pid 3544:tid 1692] (70008)Partial results are valid but processing is incomplete: [client SENDFROMPEER 54707] AH01095: prefetch request body failed to 127.0.0.1:8042 (127.0.0.1) from SENDFROMPEER ()

ORTHANC ERROR on SENDFROMPEER:

E0308 10:53:22.979550 HttpClient.cpp:223] libCURL error: Timeout was reached

E0308 10:53:22.979550 StorePeerCommand.cpp:80] Unable to forward to an Orthanc peer in a Lua script (instance 6bd520ae-d6a1cda7-492c87c9-766bc604-680c5f7f, peer https://www.domainnamecom:443/): Error in the network protocol

E0308 10:53:22.981549 ServerScheduler.cpp:123] Job has failed (HTTP request: POST to peer "SENDTOPEER")

Has anyone run into this and overcome it? Thanks all. 

[Sébastien Jodogne]

Dear Bryan,

Please could you send a docker-compose script so that we can try and reproduce your issue?

Regards,

Sébastien-

[Bryan Dearlove]

I don’t have or know what a docker compose script is but I can send you my Orthanc client config file and certificates if that works? This isn’t live and is in building stage still.

[Sébastien Jodogne]

Yes, please send all of your configuration files (by private mail: s.jo...@gmail.com), and carefully describe how we can reproduce your setup.

Please also note that are currently very busy, so don't expect an answer before several days.

Sébastien-

[Bryan Dearlove]

Found the problem. For anyone else:

Scenario: "Real" SSL Certificate with verify certificate configured at peer. Local CA certificate for certificate based authentication. 

Answer: You have to add both CA certificates to HttpsCACertificates on the peer sending from. Just copy the contents of both certificates into a new single certificate.