/
Setting up DCM4CHEE with TLS encryption

Setting up DCM4CHEE with TLS encryption

Settings on DCM4CHEE Server: 

Using JMX-Console:

1. Set following attributes in dcm4chee.archive:service=DcmServer:
SecurityProtocol = dicom-tls

2. Set following attributes in dcm4chee.archive:service=TLSConfig:
EnabledProtocols= SSLv2Hello,SSLv3,TLSv1
KeyStoreURL=resource:node1.jks
KeyStorePassword=your password
TrustStoreURL=resource:trust.jks
TrustStorePassword=your password

3. Generate a keystore and truststore file (use the password you specified in the TLSConfig service):
# keytool -genkey -keyalg RSA -dname "CN=node1.dcm4che.org OU=development O=dcm4che L=Vienna C=AT" --keystore node1.jks -alias node1
Enter keystore password: 
Re-enter new password:
Enter key password for <node1>
    (RETURN if same as keystore password): 

# keytool -export -file node1.cert -keystore node1.jks -alias node1
Enter keystore password: 
Certificate stored in file <node1.cert>

# keytool -import -file node1.cert -keystore trust.jks -alias node1
Enter keystore password: 
Re-enter new password:
Owner: CN="node1.dcm4che.org OU=development O=dcm4che L=Vienna C=AT"
Issuer: CN="node1.dcm4che.org OU=development O=dcm4che L=Vienna C=AT"
Serial number: 480c457d
Valid from: Mon Apr 21 09:42:53 CEST 2008 until: Sun Jul 20 09:42:53 CEST 2008
Certificate fingerprints:
     MD5:  79:8B:FC:11:65:51:1C:01:C5\:D1:FC:38:58:39:46:8E
     SHA1: E9:6E:54:BD:A7:35:BB:34:4E:4C:41:BD:0B:3A:2D:A3\:D4:1A:5F:8E
     Signature algorithm name: SHA1withRSA
     Version: 3
Trust this certificate? [no]:  yes
Certificate was added to keystore

4. Copy Key/Truststore files to dcm4chee installation directory:
cp node1.jks trust.jks DCM4CHEE_HOME/server/default/conf

5. Restart the dcm4chee server process

Testing with dcm4che 2 library software:

1. Copy Key/Truststore files to dcm4che 2 samples directory:
cp node1.jks trust.jks DCM4CHE_2/etc/tls

2. Execute dcmqr to do a DICOM Echo:
# DCM4CHE_2/bin/dcmqr DCM4CHEE@localhost:11112  -acceptTO 60000 -tls 3DES -truststore resource:tls/trust.jks -keystore resource:tls/node1.jks

Related content

TLS Configuration
TLS Configuration
Read with this
System Overview
System Overview
Read with this
User Interface
User Interface
Read with this
Archive Content Administration
Archive Content Administration
Read with this
dcm4chee2-user-guide
dcm4chee2-user-guide
Read with this
Services (MBeans)
Services (MBeans)
Read with this