Just installed orthanc on a Windows 11 machine.
Ran the commands for openssl from this page
https://book.orthanc-server.com/faq/https.html
I start the server and in a minute is stops and the logs show this message.
Can alyone help with this.
I am a first time user and installer and would appreciate any help.
Hello,
Could you provide your configuration file?
Thanks,
how do I do that?
the character length is too long to paste and I can not upload a json file here.
Thanks
This is the security section, is that enough?
/**
- Security-related options for the HTTP server
**/
// Whether remote hosts can connect to the HTTP server
“RemoteAccessAllowed” : true,
// Whether or not SSL is enabled
“SslEnabled” : true,
// Path to the SSL certificate used by the HTTP server. The file
// must be stored in the PEM format, and must contain both the
// certificate and the private key. This option is only meaningful
// if “SslEnabled” is true.
“SslCertificate” : “\tmp\certificate.pem”,
// Sets the minimum accepted SSL protocol version
// (cf. “ssl_protocol_version” option of civetweb). By default,
// require SSL 1.2. This option is only meaningful if “SslEnabled”
// is true. (new in Orthanc 1.8.2)
//
// Value => Protocols
// 0 SSL2+SSL3+TLS1.0+TLS1.1+TLS1.2
// 1 SSL3+TLS1.0+TLS1.1+TLS1.2
// 2 TLS1.0+TLS1.1+TLS1.2
// 3 TLS1.1+TLS1.2
// 4 TLS1.2
“SslMinimumProtocolVersion” : 4,
// Set the accepted ciphers for SSL connections. The ciphers must be
// provided as a list of strings. If not set, this will default to
// FIPS 140-2 ciphers. This option is only meaningful if
// “SslEnabled” is true. (new in Orthanc 1.8.2)
/**
“SslCiphersAccepted” : [ “AES128-GCM-SHA256” ],
**/
// Whether or not peer client certificates shall be checked. This
// option is only meaningful if “SslEnabled” is true.
“SslVerifyPeers” : false,
// Path to a file containing the concatenation of the client SSL
// certificate(s) that are trusted to verify the identify of remote
// HTTP clients. The individual certificate(s) must be stored in the
// PEM format. This option is only meaningful if “SslVerifyPeers”
// is true.
“SslTrustedClientCertificates” : “trustedClientCertificates.pem”,
// Whether or not the password protection is enabled (using HTTP
// basic access authentication). Starting with Orthanc 1.5.8, if
// “AuthenticationEnabled” is not explicitly set, authentication is
// enabled iff. remote access is allowed (i.e. the default value of
// “AuthenticationEnabled” equals that of “RemoteAccessAllowed”).
/**
“AuthenticationEnabled” : false,
**/
// The list of the registered users. Because Orthanc uses HTTP
// Basic Authentication, the passwords are stored as plain text.
“RegisteredUsers” : {
// “alice” : “alicePassword”
“hidden” : “hidden”
},
Hello everyone, I have a similar problem with my Orthanc installation, I’m not used to work with https acces, just HTTP for intranet use of DICOM Viewer, but lately, one Dr. that works with my clients request me to access trough internet using her cellphone, for emergencys, so I configure a DNS client with an NO-IP account, open ports from the router, and all works fine. Last week, we notice that access from mobile devices does not work in weird cirtumstances. Generally I send an email or whatsapp with the link of the Viewer generated in OE2. And the web navigator is not able to open the viewer but, if access to OE2 directly from the web navigator in the smarthphone, and then I open the viewer directly from OE2, works fine. The issue is presented just when we try to open Link sended for whatsapp or email. I have an error message in the navigator that says: ERR_SSL_PROTOCOL_ERROR.
So, I generate the certificate.pem file using the process from orthanc-book, enable the SSL connection in the orthanc.json file, and the server runs correctly, but then, both, OE and OE2, ins’t working, the web navigator can’t load content. I attached the orthanc.json and log files, and a screenshot of the problem when SSL is disabled and enabled. I would apreciate if someone see an error in the files or anyone can help me, or redirect me to the right place to solve this problem.
Regards Ricardo MartĂnez
Orthanc Configuration and Log Files
I hope this clears things up, can anyone explain how to complete this part of the instructions? I believe that this command is for Linux and I am using Windows.
cat /tmp/private.key /tmp/certificate.crt > /tmp/certificate.pem
Thanks
Hi, tcshavasu, the example of Orthanc Book shows how to generate a certificate and key files with OpenSSL, is a free tool that you can download and install to use it in Windows and Linux systems. The part of the example that generate the *.pem file, it’s a command from Linux terminal, that concatenate the previous files generated with OpenSSL (certificate.crt and private.key). However, you can also generate the *.pem file with OpenSSL, just look the documentation of OpenSSL.
Regrets Ricardo MartĂnez
Hi guys,
Here are some instructions to run on Windows. Note that openssl can be downloaded for Windows (sorry, I don’t remember how it ended up on my PC).
In a batch prompt:
C:\Users\Alain\tmp>openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout private.key -out certificate.crt
C:\Users\Alain\tmp>type private.key + certificate.crt > certificate.pem
In your Orthanc configuration file, change these 2 lines (note the double slashes !):
"SslEnabled": true,
"SslCertificate": "C:\\Users\\Alain\\tmp\\certificate.pem",
Restart the Orthanc service.
Open https://localhost:8042/ui/app/#/. Your browser will complain that the certificate is not valid which is normal since it is a self signed certificates that it does not recognize.
Best regards,
Alain.
Hi Alainmazy, tks for replay, I finish the instructions you write, and now, my Orthanc instance doesn’t run. I have to return the old configuration (http only) and I have the same error with mobile devices. Anyway, the weird thing is that, in the log file after use the *.pem certificate file and enable SSL, anything seams look fine, except 2 errors that says:
E1109 10:49:24.246082 ServerContext.cpp:475] INTERNAL ERROR: ServerContext::Stop() should be invoked manually to avoid mess in the destruction order!
E1109 10:49:24.777318 main.cpp:2108] Uncaught exception, stopping now: [LargestInt out of Int range]
W1109 10:49:24.777318 main.cpp:2122] Orthanc has stopped
In fact, when I do any change in the orthanc.json configuration file, and try to restart the Orthanc service, I always have this error, and I need to do a physical restart of the server, and then Orthanc runs, but, this time, doesn’t work.
Seams like there’s no info about what cause the problem.
Regards Ricardo Martinez
This is an error coming from the JSON Parser and is very likely not related to the SSL configuration since it’s about an integer being too large.
Feel free to share your configuration file and I’ll try to improve the error message.
BR,
Alain.
Hi Alainmazy, I got the configuration and log files from my Orthanc server after enable HTTPS with the *.pem certificate generated with OpenSSL.
I also have a question, and I am sorry if i look like and moron, but, following the instructions to generate de certificate files from the orthanc-book, when the tool ask for the “Common Name (e.g. server FQDN or YOUR name)” it means that I have to write the dns I use from my no-ip client to acces from internet? e.g. If I acces with the url medical-access.ddns.net:8042, then I have to submit “medical-access.ddns.net” at OpenSSL prompt, right?
Again, thank you for the time you spend helping all the comunity and users of Orthanc.
Yes, that will make the certificate FQDN valid. However, note that the browser accessing it will still consider it as invalid since it is self-signed. If you want your certificate to be accepted by any browser, you should acquire a certificate that is signed by a well known root CA.
HTH,
Alain.
Hi Alainmazy, the problem is that, no matter what change I do in the orthanc.json configuration file, always show the error “largestInt out of Int range” and I have to restart the operating system to work again, even if the changes I made on the file are correct.
Hi,
When looking at your logs, it seems that the error occurs when reading the job registry. You may try to start Orthanc manually with the --no-jobs option:
"C:\Program Files\Orthanc Server\Orthanc.exe" --no-jobs --verbose "C:\Program Files\Orthanc Server\Configuration"
However, I have no idea why the job registry would be invalid …
HTH,
Alain.
1 Like
Your certificate needs to be generated based on the external domain that it will work on, for example:
example “.domain.com”
It is important that the .pem file is global “_*domain.com” and that it is registered on your server in the root folder of certificates from trusted sources.
Furthermore, in certain cases, there is no need to point the “.crt” file, simply pointing the .pem and .key files correctly, respecting their respective operating system (For Linux left slashes . For Windows, two forward slashes right)
It is also important that the mysql and postgress plugins are compatible with the version of Orthanc installed.