Validation of CA signed certificates

All other questions regarding DCMTK

Moderator: Moderator Team

Post Reply
Posts: 1
Joined: Tue, 2014-11-18, 11:45

Validation of CA signed certificates

#1 Post by hsb123 » Tue, 2014-11-18, 14:46

Hello all,

I am new to DICOM and I am working on implementing TLS using DCMTK.

I have been playing around with storescp and storescu, trying to achieve secure communication between the two. Using OpenSSL, I have generated root, SCU and SCP keys and certificates and signed SCU and SCP certificates using the root certificate. Given this arrangement, I haven't been able to figure out why both the tools still require the other's certificate to be provided at the command line for the communication to happen properly.

For example, the following commands work fine:

storescp 104 +tls nserver.key nserver.crt +cf root.crt +cf nclient.crt +xy -v

storescu +tls nclient.key nclient.crt +cf root.crt +cf nserver.crt -xy -v localhost 104 test.dcm

But the following commands result in an error, with the SCU complaining that the handshake failed.

storescp 104 +tls nserver.key nserver.crt +cf root.crt +xy -v

storescu +tls nclient.key nclient.crt +cf root.crt -xy -v localhost 104 test.dcm

I haven't gone through the storescu and storescp source in much detail, but just thinking about it, shouldn't just providing the root certificate to both the tools be enough for handshake to complete, with the SCU and SCP certificates received by the respective tools during handshake being authenticated using the root certificate?

Any thoughts on this would be appreciated.

Thank you,

Post Reply

Who is online

Users browsing this forum: Bing [Bot], Google [Bot] and 1 guest