Hello Sir,
I am new on DICOM. I have some dcm file and i want to transfer them using TLS protocol ...
For testing on my local machine i applied following procedure ....
C:\DCMTK>storescp-tls.exe 104 -v
to run server
C:\DCMTK>storescu-tls.exe localhost 104 ct.dcm +tls cakey.pem cert.pem
the following error occur ...
private key 'cakey.pem' and certificate 'cert.pem' do not match...
I took cakey.pem and cert.pem from openssl...
I have tried my permutation/combination and different keys and certificate but all in vein ...
Kindly guide me how to apply TLS protocol to tranfer Dcm file (with Example) ...
Keenly waiting for reply ...
Regards,
Aditya
TLS Protocol (Very Urgent)
Moderator: Moderator Team
-
- OFFIS DICOM Team
- Posts: 1459
- Joined: Tue, 2004-11-02, 17:22
- Location: Oldenburg, Germany
- Contact:
The error message private key 'cakey.pem' and certificate 'cert.pem' do not match...
means that the private key in file "cakey.pem" does not belong to the public key in certificate "cert.pem" - they are not a valid key pair. Regarding how to create valid key pairs, read the OpenSSL documentation or use the "dcmtk_ca.pl" perl script provided in the source code package of DCMTK (in dcmtls/tests). This script makes it easy to create a CA infrastructure and, from that, valid key pairs that can be used with DCMTK.
means that the private key in file "cakey.pem" does not belong to the public key in certificate "cert.pem" - they are not a valid key pair. Regarding how to create valid key pairs, read the OpenSSL documentation or use the "dcmtk_ca.pl" perl script provided in the source code package of DCMTK (in dcmtls/tests). This script makes it easy to create a CA infrastructure and, from that, valid key pairs that can be used with DCMTK.
Hello Marco,Marco Eichelberg wrote:The error message private key 'cakey.pem' and certificate 'cert.pem' do not match...
means that the private key in file "cakey.pem" does not belong to the public key in certificate "cert.pem" - they are not a valid key pair. Regarding how to create valid key pairs, read the OpenSSL documentation or use the "dcmtk_ca.pl" perl script provided in the source code package of DCMTK (in dcmtls/tests). This script makes it easy to create a CA infrastructure and, from that, valid key pairs that can be used with DCMTK.
I generated key and certificate using openssl but now store-scutls is creating error ...
1. Storescp-tls.exe -v 104
then i generated rsa key and certificate ..
1. openssl genrsa -out ca.key 2048
2. openssl req -config openssl.cnf -new -x509 -days 365 -key ca.key -out ca.crt
Then i tried to transfer file usins TLS support
1. storescu-tls.exe localhost 104 ct.dcm +tls ca.key ca.crt
Following error generated ...
storescu: Association Request Failed:
0006:031b Failed to establish association
0006:0317 Peer aborted Association (or never connected)
0006:031e DUL secure transport layer: unspecified TLS error
Then i try with out tls support it work fine ..
what could be the error ..
Regards,
Aditya
-
- OFFIS DICOM Team
- Posts: 1459
- Joined: Tue, 2004-11-02, 17:22
- Location: Oldenburg, Germany
- Contact:
Hello Marco,Marco Eichelberg wrote:The problem is that you need to run both the Storage SCP and the Storage SCU with the TLS option enabled. Here StoreSCU tried to connect with TLS to a StoreSCP that expects unencrypted DICOM connections. You will also need to specify the CA certificate or use --ignore-peer-cert.
Thanks a lot for your time and effort, program is working fine....
Regards,
Aditya
Who is online
Users browsing this forum: Bing [Bot] and 1 guest