Welcome!

This document explains the process of working with XrayVision DCV software, Stunnel proxy server and Orthanc DICOM server.

Stunnel

Initially to start with the below applications need to install,

  1. Orthanc
  2. OpenSSL
  3. Stunnel
  4. XrayVision DCV

Orthanc

STEP 1: Open the orthanc ‘Configuration.json’ file.

step1

STEP 2           : You need to change the following options in ‘Configuration.json’ file. The values should be unique When you run multiple instance in same system.

s2

STEP 3: After the completion of the configuration, you are required to ‘Start’ or ‘Restart’ the orthanc services.

STEP 4: Open the browser and enter the HTTP port number with domain name. Now, you would get the login window in the pop up. You are required to enter the login credential which are  username and password that can be obtained in the ‘RegisteredUsers’ options(Configuration.json).

s3

Once you login successfully, you would get the orthanc home page with patient list.

i4

OpenSSL

STEP 5: After orthanc process completion, you need to create top level certificates like CA’s certificate, CA’s private key, CA’s TLS common file (combine both CA’s files), stunnel server certificate and private key using OpenSSL. At First Open the OpenSSL command prompt.

STEP 6: Enter the below code for CA’s private key.

genrsa -out ca_root.key 4096

i5

STEP 7: For CA’s certificate, you need to add X.509 certificate with the CA private key.

req -x509 -new -nodes -key root.key -days 1024 -out ca_root.pem

i6

STEP 8: Use the below code to create private key for Stunnel server.

genrsa -out server.key 4096

i7

STEP 9: Generate a certificate signing request (CSR) for server.key file

 req -new -key server.key -out server.csr

i8

STEP 10: Now you will need to create stunnel server certificate using server CSR certificate, CA’s certificate and CA’s private.

x509 -req -in server.csr -CA ca_root.pem -CAkey ca_root.key -CAcreateserial -out server.crt -days 1023

i9

STEP 11: Finally, you need to combine CA’s certificate and CA’s private for TLS connection from XDCV.

For Windows           :                type ca_root.pem  ca_root.key >                                                                                      ca_root_TLS.pem

For Linux                    :                cat ca_root.pem ca_root.key >                                                                                         ca_root_TLS.pem

i10

We have now successfully created some important files using OpenSSL.

Please use that files based on below instructions,

  1. ca_root.pem                                  – In Stunnel configuration
  2. server.key                                      – In Stunnel configuration
  3. server.crt                                       – In Stunnel configuration
  4. ca_root_TLS.pem                       – In XrayVision DCV configuration

STUNNEL

STEP 12: Here at first you need to create one new folder called ‘certificates’ inside the stunnel directory and add the ca_root.crt, server.key, server.crt into that folder.

i11

STEP 13: Now you need to open the stunnel.conf file. Remove all the default configuration from ‘stunnel.conf’ and update the below code.

You will now have to configure certificates path from ‘certificates’ sub directory , log path and level, TLS, stunnel listens and connect port information.

accept        –         Expecting DICOM request with given port from                                               XrayVision DCV

connect    –         Send the DICOM request to orthanc DICOM server.

cert             –         Server certificate file path

key              –         Server private key file path

CAfile        –         CA certificate file path

; File with certificate, private key and CAfile(certificate) 
;server certificate path 
cert = certificates/server.crt 

;server private key path 
key = certificates/server.key 

;CA certificate path will match with XDCV certificate 
CAfile = certificates/ca_root.pem 

; Log (1= minimal, 5=recommended, 7=all) and log file) 
debug = 7 
output = stunnel.log

; Some performance tuning 
socket = l:TCP_NODELAY=1 
socket = r:TCP_NODELAY=1 
; SSL bug options / NO SSL:v2 (SSLv3 and TLSv1 is enabled) 
options = ALL 
options = NO_SSLv2 
options = NO_SSLv3 
; Data compression algorithm: zlib or rle 
compression = zlib

; Service-level configuration 
; Stunnel listens to port 8888 (HTTPS) to any IP 
; and connects to port 4242 (HFS) on localhost 

[dicom] 
verify = 3 
client = no 
accept = 192.168.1.103:8888 
connect = 192.168.1.103:4242 
TIMEOUTclose = 0

STEP 14: Click the stunnel application icon (see the below image) to run the stunnel services based on new configuration.

i12

XrayVision DCV

STEP 15: At first, you need to open the XrayVision DCV software. Then go to the Adavanced User Tools->Preferences menu option. Now you will get a login window. Please enter the user ID and password to login.

i13

STEP 16: Click on ‘DICOM’ option from left menu, then choose the ‘Configure DICOM Servers’ options.

i14

STEP 17: Now you will get ‘DICOM Servers’ window and click on ‘Add’ button to add new DICOM server informations. You have to configure the XrayVision DCV software using stunnel and orthanc server details. See below given image for configuration.

i15

STEP 18: For TLS configuration, you need to choose the encryption type as TLS and upload the ‘ca_root_TLS.pem’ certificate file.

i16

STEP 19: Click on ‘Verify’ button to check the communication status. You will get a success message If everything was successfully configured.

i17

STEP 20: Now you need to enable the image forwarding options. When you capture the images in XrayVision DCV, it will automatically forward to orthanc DICOM server via stunnel connection.

i18

STEP 21: Finally we successfully completed all the settings. If you add any new images in XrayVision DCV software for patients, it will reflect in orthanc DICOM server.

i19

Hope this document helped providing a walk through with this concept. Thank You!