TLS Protocol (Very Urgent)

All other questions regarding DCMTK

Moderator: Moderator Team

Post Reply
Message
Author
adit6702
Posts: 3
Joined: Fri, 2004-11-12, 02:05

TLS Protocol (Very Urgent)

#1 Post by adit6702 »

Hello Sir,

I am new on DICOM. I have some dcm file and i want to transfer them using TLS protocol ...
For testing on my local machine i applied following procedure ....

C:\DCMTK>storescp-tls.exe 104 -v

to run server
C:\DCMTK>storescu-tls.exe localhost 104 ct.dcm +tls cakey.pem cert.pem

the following error occur ...
private key 'cakey.pem' and certificate 'cert.pem' do not match...
I took cakey.pem and cert.pem from openssl...

I have tried my permutation/combination and different keys and certificate but all in vein ...


Kindly guide me how to apply TLS protocol to tranfer Dcm file (with Example) ...
Keenly waiting for reply ...

Regards,
Aditya

Marco Eichelberg
OFFIS DICOM Team
OFFIS DICOM Team
Posts: 1437
Joined: Tue, 2004-11-02, 17:22
Location: Oldenburg, Germany
Contact:

#2 Post by Marco Eichelberg »

The error message private key 'cakey.pem' and certificate 'cert.pem' do not match...
means that the private key in file "cakey.pem" does not belong to the public key in certificate "cert.pem" - they are not a valid key pair. Regarding how to create valid key pairs, read the OpenSSL documentation or use the "dcmtk_ca.pl" perl script provided in the source code package of DCMTK (in dcmtls/tests). This script makes it easy to create a CA infrastructure and, from that, valid key pairs that can be used with DCMTK.

adit6702
Posts: 3
Joined: Fri, 2004-11-12, 02:05

#3 Post by adit6702 »

Marco Eichelberg wrote:The error message private key 'cakey.pem' and certificate 'cert.pem' do not match...
means that the private key in file "cakey.pem" does not belong to the public key in certificate "cert.pem" - they are not a valid key pair. Regarding how to create valid key pairs, read the OpenSSL documentation or use the "dcmtk_ca.pl" perl script provided in the source code package of DCMTK (in dcmtls/tests). This script makes it easy to create a CA infrastructure and, from that, valid key pairs that can be used with DCMTK.
Hello Marco,
I generated key and certificate using openssl but now store-scutls is creating error ...
1. Storescp-tls.exe -v 104
then i generated rsa key and certificate ..
1. openssl genrsa -out ca.key 2048
2. openssl req -config openssl.cnf -new -x509 -days 365 -key ca.key -out ca.crt

Then i tried to transfer file usins TLS support
1. storescu-tls.exe localhost 104 ct.dcm +tls ca.key ca.crt
Following error generated ...
storescu: Association Request Failed:
0006:031b Failed to establish association
0006:0317 Peer aborted Association (or never connected)
0006:031e DUL secure transport layer: unspecified TLS error

Then i try with out tls support it work fine ..
what could be the error ..
Regards,
Aditya

Marco Eichelberg
OFFIS DICOM Team
OFFIS DICOM Team
Posts: 1437
Joined: Tue, 2004-11-02, 17:22
Location: Oldenburg, Germany
Contact:

#4 Post by Marco Eichelberg »

The problem is that you need to run both the Storage SCP and the Storage SCU with the TLS option enabled. Here StoreSCU tried to connect with TLS to a StoreSCP that expects unencrypted DICOM connections. You will also need to specify the CA certificate or use --ignore-peer-cert.

adit6702
Posts: 3
Joined: Fri, 2004-11-12, 02:05

#5 Post by adit6702 »

Marco Eichelberg wrote:The problem is that you need to run both the Storage SCP and the Storage SCU with the TLS option enabled. Here StoreSCU tried to connect with TLS to a StoreSCP that expects unencrypted DICOM connections. You will also need to specify the CA certificate or use --ignore-peer-cert.
Hello Marco,
Thanks a lot for your time and effort, program is working fine....
Regards,
Aditya

Post Reply

Who is online

Users browsing this forum: Ahrefs [Bot], Bing [Bot], Google [Bot] and 1 guest