HeartLab
Connectivity

GE TLS (Authenticated)

Configure a GE ultrasound system to send DICOM to HeartLab using mutual TLS with client certificate authentication.

Use this workflow when your GE system is configured for anonymous TLS client behavior.

Applies to

  • Users with Integrations: DICOM permission (typically Administrators)
  • Site staff with GE system admin access

Before you begin

  1. Navigate to Settings > Integrations > DICOM.

  1. Click View DICOM Endpoints and note the following under 'DICOM via TLS':
  • Server AE title.
  • Server IP address.
  • TLS port (typically 11112).
  1. Download Server CA Certificate in PEM Format.
  2. Click Create DICOM Identity.
  3. Enter a name, and device AE title. Note: GE machines often have default AE titles found in Config > Connectivity > TCPIP.
  4. Click Save.
  5. Click on the newly created DICOM Identity.

IMAGE PLACEHOLDER

  1. Toggle 'DICOM TLS' off.
  2. Download TLS certificate in PEM Format.

The server AE title, server IP address, server CA certificate, and TLS certificate will be used in a later step.

Importing Certificates

  1. On GE, navigate to Utilities > Configuration > Admin > LDAP > Certificates.

  1. From the dialog, click Personal > Certificates.

  1. From the toolbars, select Action > Tools > Import.
  2. From the Import Wizard, find and import the TLS certificate (the name of the certificate will be that of the machine you are setting up)
  3. If prompt for a password, enter "pulse".
  4. Check 'Mark this key as exportable…' and 'Include all exported properties'.
  5. Click Finish
  6. Repeat the above process but for Server CA certificate.

Installing Certificates

  1. On GE, navigate to Utilities > Config > Connectivity > TCP/IP > Client Certificates > My

  1. Select the imported certificate and click Ok.

Configure GE dataflow

  1. On GE, navigate to Utilities > Config > Connectivity > Dataflow.

  1. Create a new data flow or edit an existing dataflow.
  2. Add 'LocalArchiveService' to both Input and Output.
  3. Add 'DicomStorage' to Output.
  4. Select 'DicomStorage' and click Configure, and configure the following:
    • IP address: HeartLab server IP
    • AE title: HeartLab server AE title
    • Port: 11112
    • Enable Transport Layer Security, Verify Server Certificate, Provide Client Certificate, SR, SR Private Data and Multiframe
  • Click Ok to finish set up.

Verify

  1. Run connectivity check from the GE dataflow target.
  2. Send a test study and confirm it appears in HeartLab.

Notes

  • If check fails on newer software versions, disable ICMP echo dependency in advanced DICOM settings.
  • Use the authenticated TLS guide if your site requires client certificates.

GE TLS (Anonymous)

Configure a GE ultrasound system to send DICOM to HeartLab using anonymous TLS.

Handheld VPN

Set up a secure VPN connection so handheld devices can send DICOM studies to HeartLab.

MFR
Manufacturer
HeartLab Limited 305 / 150 Karangahape Road Auckland 1010 New Zealand
UK REP
UK Responsible Person
Casus UKRP Ltd 107-111 Fleet Street London EC4A 2AB United Kingdom
AUS
Australian Sponsor
Emergo Australia Level 20 Tower II Darling Park 201 Sussex Street Sydney NSW 2000 Australia
MD Applies to HeartLab v7.2 and above Effective 0000-00-00 eIFU version 0.0.0 UDI-DI 09421907090023