2. SSL Configuration

From OpenEMR Project Wiki

Owner of this task

OpenEMR and EHR Support

ViCarePlus HealthCare IT Services & Support

6559, SpringPath Lane, San Jose, CA, USA

Website: http://www.vicareplus.com

Email: services@vicareplus.com

Meaningful Use Requirements

AR.FND 08.01 : Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network.

Proposed Solution

Configuring the OpenEMR server with SSL certificates enable the communication between the server and client in the encrypted form, this secures all the patient healthcare information transmitted over network.

How

1.In apache, enable mod_ssl module and create the self-signed server certificate using OpenEMR setup.

2.Perform the following additions in the Apache Configuration File

<VirtualHost *:443>
DocumentRoot ……………………
..
..
SSLEngine on
SSLCertificateFile   /path/to/server.crt
SSLCertificateKeyFile  /path/to/server.key.
..
..
</VirtualHost>

Optional : Enforce apache to use only https for OpenEMR.

<VirtualHost *:80>
# To enforce https
DocumentRoot "/var/www/html/example/"

 <Directory "/var/www/html/openemr/">
  #The following rewrite just forces everything to https!!!
  RewriteEngine On
  RewriteCond %{HTTPS} off
  RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
 </Directory>
 
 </VirtualHost>

Once all these configuration had done and apache is restarted, OpenEMR will use the https.Even application it self coded in such a way to run only on https.

//Enforce to use HTTPS
if ($_SERVER[HTTPS]!="on") {
$strURIName=getenv("REQUEST_URI");
header ("Location: https://".$_SERVER["SERVER_NAME"].$strURIName);
exit;
}

Documents

SSL Configuration and client side certificates

1. SRS - http://www.openmedsoftware.org/wiki/File:SSL_ClientCerficate_SRS.pdf

2. Installation document - http://www.openmedsoftware.org/wiki/File:SSL_ClientCerficate_Installation.pdf

3. Functionality Test Case Document - http://www.openmedsoftware.org/wiki/File:SSL_ClientCerficate_TestCaseDocu.pdf

4. Test Report - http://www.openmedsoftware.org/mw/images/1/15/Testreport_SSL.tar.gz

Status

Completed by ViCarePlus Team, Visolve.

Checkin status - Committed to the Sourceforge CVS