HTTPS encryption with Orthanc

It is highly desirable to enable HTTPS (SSL) encryption with Orthanc to protect its REST API, as it provides access to medical information. To this end, you have two possibilites:

  1. Put Orthanc behind an enterprise-ready HTTPS server such as Apache, nginx or Microsoft IIS.
  2. For simple deployments, use Orthanc built-in HTTPS server.

You should always favor the first option. The second option might make sense in the context of an hospital Intranet, i.e. the Orthanc server is not publicly accessible from the Internet.

Built-in encryption

To enable the built-in HTTP server of Orthanc, you need to:

  1. Obtain a X.509 certificate in the PEM format.
  2. Prepend this certificate with the content of your private key.
  3. Modify the SslEnabled and SslCertificate variables in the Orthanc configuration file.

Here are simple instructions to create a self-signed SSL certificate that is suitable for test environments with the OpenSSL command-line tools:

$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout private.key -out certificate.crt
$ cat private.key certificate.crt > certificate.pem

Some interesting references about this topic can be found here, here, and here.