Issue: HTTPS Client Certificate

Good Day All,
I am attempting to use client certificates with Apache. I have configured Apache and using Web or a REST client like Insomnia, I can specify the certificate information and it works no problem, I can upload, download, etc.

The problem is attempting to send via a peer, it fails. Configuration and error below:

Peer Config:

“SENDTOPEER” : {
“Url” : “https://www.domainnamecom:443/”,
“Username” : “user”,
“Password” : “password”,
“CertificateFile” : “C:\Orthanc\Certificates\client.crt”,
“CertificateKeyFile” : “C:\Orthanc\Certificates\client.key”,
“CertificateKeyPassword” : “certpassword”,
“Pkcs11” : false
}

Apache Error:

[Thu Mar 08 10:53:22.216543 2018] [proxy_http:error] [pid 3544:tid 1692] (70008)Partial results are valid but processing is incomplete: [client SENDFROMPEER 54707] AH02609: read request body failed to 127.0.0.1:8042 (127.0.0.1) from 174.89.147.71 ()
[Thu Mar 08 10:53:22.216543 2018] [proxy_http:error] [pid 3544:tid 1692] [client 174.89.147.71:54707] AH01097: pass request body failed to 127.0.0.1:8042 (127.0.0.1) from SENDFROMPEER ()
[Thu Mar 08 10:53:22.216543 2018] [proxy_http:error] [pid 3544:tid 1692] (70008)Partial results are valid but processing is incomplete: [client SENDFROMPEER 54707] AH01095: prefetch request body failed to 127.0.0.1:8042 (127.0.0.1) from SENDFROMPEER ()

ORTHANC ERROR on SENDFROMPEER:

E0308 10:53:22.979550 HttpClient.cpp:223] libCURL error: Timeout was reached
E0308 10:53:22.979550 StorePeerCommand.cpp:80] Unable to forward to an Orthanc peer in a Lua script (instance 6bd520ae-d6a1cda7-492c87c9-766bc604-680c5f7f, peer https://www.domainnamecom:443/): Error in the network protocol
E0308 10:53:22.981549 ServerScheduler.cpp:123] Job has failed (HTTP request: POST to peer “SENDTOPEER”)

Has anyone run into this and overcome it? Thanks all.

Dear Bryan,

Please could you send a docker-compose script so that we can try and reproduce your issue?

Regards,
Sébastien-

I don’t have or know what a docker compose script is but I can send you my Orthanc client config file and certificates if that works? This isn’t live and is in building stage still.

Yes, please send all of your configuration files (by private mail: s.jodogne@gmail.com), and carefully describe how we can reproduce your setup.

Please also note that are currently very busy, so don’t expect an answer before several days.

Sébastien-

Found the problem. For anyone else:
Scenario: “Real” SSL Certificate with verify certificate configured at peer. Local CA certificate for certificate based authentication.
Answer: You have to add both CA certificates to HttpsCACertificates on the peer sending from. Just copy the contents of both certificates into a new single certificate.