Moderator: Moderator Team
In general this works, if I use the same certificate or different certificate signed from the same CA.
Now I want to use two certificates signed from different CAs, but make both CAs known to each of the communication partners.
For this I use the cmdline option "--add-cert-dir". Unfortunately this does not work, but from my understanding this should work?
The storescp process is started as follows:
storescp-tls.exe -v 2762 +tls ../cert/scpkey_ownca ../cert/scpcert_ownca --add-cert-dir ../cert/allcert/
The directory "allcert" contains both CA certificates, one CA for storescu and one CA for storescp as pem files.
The file scpkey_ownca is the private key for the scp certificate in scpcert_ownca.
The storescu process is started as follows:
storescu-tls.exe -v localhost 2762 +tls cert/scukey_ownca cert/scucert_ownca --add-cert-dir cert/allcert/ images/1_2_PP
The directory "allcert" is the same as for the storescp process; it contains the pem files of both CAs.
The file scukey_ownca is the private key for the scu certificate in scucert_ownca.
used version: $dcmtk: storescu v3.6.0 2011-01-06 $
Any ideas? What am I doing wrong? All the CAs and certificates were created with dcmtk_ca.pl perl script (no errors) with following cmdlines:
perl /cygdrive/d/sw/dicom/dcmtk/dcmtk-3.6.1_20150629/dcmtls/tests/dcmtk_ca.pl newca scuca
perl /cygdrive/d/sw/dicom/dcmtk/dcmtk-3.6.1_20150629/dcmtls/tests/dcmtk_ca.pl mkcert -des no scuca scucert_ownca scukey_ownca
perl /cygdrive/d/sw/dicom/dcmtk/dcmtk-3.6.1_20150629/dcmtls/tests/dcmtk_ca.pl newca scpca
perl /cygdrive/d/sw/dicom/dcmtk/dcmtk-3.6.1_20150629/dcmtls/tests/dcmtk_ca.pl mkcert -des no scpca scpcert_ownca scpkey_ownca
- OFFIS DICOM Team
- Posts: 1230
- Joined: Tue, 2004-11-02, 17:22
- Location: Oldenburg, Germany
You can do this with the openssl command line tool. If your CA cert file is called "test.pem", run
Code: Select all
openssl x509 -hash -noout -in test.pem
On the Linux/Unix command line:
Code: Select all
mv test.pem `openssl x509 -hash -noout -in test.pem`.0
I'm really getting crazy about these certificates.
However with your hints I could finally make it run...
Encrypted storescp and storescu communication with different CAs and certificates...
Now trying to communicate encrypted to 3rd party devices...
Thanks a lot and Best regards,
Users browsing this forum: Bing [Bot], Google [Bot] and 1 guest