Hi everyone! I just joined this community, so I wanted to say hello and ask you for help with an issue.
I have a Digital Ocean droplet with Orthanc installed on it, and I’ve been using it to store and manage DICOM files succesfully for almost 6 months. The problem is I’ve not been able to enable SSL on my server. I’ve searched everywhere for a solution, but nothing seems to work.
I have tried using the SSL keys from my hosting and generating a new pair exclusively for Orthanc and using it, and whenever I enable SSL the port stops responding and I can’t access the server.
The droplet is an Ubuntu 22.04.2 server, with Orthanc 1.10.0+dfsg-1 running on the 8042/4242 ports with the right permissions in the firewall (ufw), all works just fine when using the http protocol.
Please, if anyone can give me a clue on what I’m doing wrong, I would greatly appreciate it.
Ok, after a lot of trying and following the instructions here, I still can’t get my SSL config enabled.
My orthanc.json:
/**
* Security-related options for the HTTP server
**/
// Whether remote hosts can connect to the HTTP server
"RemoteAccessAllowed" : true,
// Whether or not SSL is enabled
"SslEnabled" : true,
// Path to the SSL certificate used by the HTTP server. The file
// must be stored in the PEM format, and must contain both the
// certificate and the private key. This option is only meaningful
// if "SslEnabled" is true.
"SslCertificate" : "/etc/orthanc/ssl/certificate.pem",
// Sets the minimum accepted SSL protocol version
// (cf. "ssl_protocol_version" option of civetweb). By default,
// require SSL 1.2. This option is only meaningful if "SslEnabled"
// is true. (new in Orthanc 1.8.2)
//
// Value => Protocols
// 0 SSL2+SSL3+TLS1.0+TLS1.1+TLS1.2
// 1 SSL3+TLS1.0+TLS1.1+TLS1.2
// 2 TLS1.0+TLS1.1+TLS1.2
// 3 TLS1.1+TLS1.2
// 4 TLS1.2
"SslMinimumProtocolVersion" : 4,
Whenever I try to access https://mydomain.com:8082 with SslEnabled: true, it doesn’t connect and my Orthanc fails:
It is important that the .pem file is global “_*skybax.com” and that it is registered on your server in the root folder of certificates from trusted sources.
Furthermore, in certain cases, there is no need to point the “.crt” file, simply pointing the .pem and .key files correctly, respecting their respective operating system (For Linux left slashes . For Windows, two forward slashes right)
It is also important that the mysql and postgress plugins are compatible with the version of Orthanc installed.