Setting up DCM4CHEE with TLS encryption

Settings on DCM4CHEE Server: 

Using JMX-Console:

1. Set following attributes in dcm4chee.archive:service=DcmServer:
SecurityProtocol = dicom-tls

2. Set following attributes in dcm4chee.archive:service=TLSConfig:
EnabledProtocols= SSLv2Hello,SSLv3,TLSv1
KeyStorePassword=your password
TrustStorePassword=your password

3. Generate a keystore and truststore file (use the password you specified in the TLSConfig service):
# keytool -genkey -keyalg RSA -dname " OU=development O=dcm4che L=Vienna C=AT" --keystore node1.jks -alias node1
Enter keystore password: 
Re-enter new password:
Enter key password for <node1>
    (RETURN if same as keystore password): 

# keytool -export -file node1.cert -keystore node1.jks -alias node1
Enter keystore password: 
Certificate stored in file <node1.cert>

# keytool -import -file node1.cert -keystore trust.jks -alias node1
Enter keystore password: 
Re-enter new password:
Owner: CN=" OU=development O=dcm4che L=Vienna C=AT"
Issuer: CN=" OU=development O=dcm4che L=Vienna C=AT"
Serial number: 480c457d
Valid from: Mon Apr 21 09:42:53 CEST 2008 until: Sun Jul 20 09:42:53 CEST 2008
Certificate fingerprints:
     MD5:  79:8B:FC:11:65:51:1C:01:C5\:D1:FC:38:58:39:46:8E
     SHA1: E9:6E:54:BD:A7:35:BB:34:4E:4C:41:BD:0B:3A:2D:A3\:D4:1A:5F:8E
     Signature algorithm name: SHA1withRSA
     Version: 3
Trust this certificate? [no]:  yes
Certificate was added to keystore

4. Copy Key/Truststore files to dcm4chee installation directory:
cp node1.jks trust.jks DCM4CHEE_HOME/server/default/conf

5. Restart the dcm4chee server process

Testing with dcm4che 2 library software:

1. Copy Key/Truststore files to dcm4che 2 samples directory:
cp node1.jks trust.jks DCM4CHE_2/etc/tls

2. Execute dcmqr to do a DICOM Echo:
# DCM4CHE_2/bin/dcmqr DCM4CHEE@localhost:11112  -acceptTO 60000 -tls 3DES -truststore resource:tls/trust.jks -keystore resource:tls/node1.jks