It is highly desirable to enable HTTPS (SSL) encryption with Orthanc to protect its REST API, as it provides access to medical information. To this end, you have two possibilites:
You should always favor the first option. The second option might make sense in the context of an hospital Intranet, i.e. the Orthanc server is not publicly accessible from the Internet.
To enable the built-in HTTP server of Orthanc, you need to:
SslCertificatevariables in the Orthanc configuration file.
Here are simple instructions to create a self-signed SSL certificate that is suitable for test environments with the OpenSSL command-line tools:
$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout private.key -out certificate.crt $ cat private.key certificate.crt > certificate.pem