Skip to main content
Not seeing an article?
Phoenix Ortho

FHIR installation and SSL Setup

1- Run cmd as administrator 

Cd downloads 

msiexec -i MSI_FHIR_Installer.msi 

 

msiexec -I MSI_FHIR_Installer.msi /passive /norestart 

 

Download from http://phoenixorthodi.myqnapcloud.com:8080/share.cgi?ssid=0MPEeuR#0MPEeuR 

  

2-  Modify Application pool security 

Right-click on each of the two FHIR AppPools 

Select Advanced Settings… 

** Use ConnectEHRService windows user 

 

Execute the PowerShell script .\7-Set-AppPools-FHIR.ps1 to run it automatically

  

3-  Edit Web.config DB connection string for  

C:\inetpub\FHIRIdentity-STU3\web.config  (be aware this file has 2 lines should be modified) 

C:\inetpub\FHIRPresentation-STU3\web.config 

  

Use FQDN instead of localhost 

for example:  

data source=TCO-PHOENIX.tcortho.local 

other example: 

data source=WIN-LFMM1DM02DP\SQLEXPRESS 

  

Execute the PowerShell script .\8-Update-FHIR-webconfigfiles.ps1  to run it automatically

  

4-Database Record KeyValue Updates 

  • Restart the FHIRIdentityServer site. This will ensure the required database tables have been created. 
  • Update fhir.tblFhirConfiguration in ConnectEHR DB (Open and Execute 9-UpdateFHIRTblConfiguration.sql
  • that will remove the reference to localhost and update with host fully qualified domain name 
  • Also will update the port information 

Below there are the lines will be changed by the script 

  

KeyName        KeyValue 

PR_ServerBaseAddress        https://patientportal.texasspineconsultants.com:44360 

ID_IdentityServerCore        https://patientportal.texasspineconsultants.com:44319/core 

ID_IdentityServerInternalAddress        https://patientportal.texasspineconsultants.com:44319/core 

DOC_ExternalIdentityServerCore        https://patientportal.texasspineconsultants.com:44319/core 

DOC_ExternalserverBaseAddress        https://patientportal.texasspineconsultants.com:44360 

DOC_ExternalserverPort        44360 

DOC_ExternalIdentityServerPort        44319 

PR_ServerBaseAddress_DSTU2        https://patientportal.texasspineconsultants.com:44360 

PR_ServerBaseAddress_STU3        https://patientportal.texasspineconsultants.com:44360 

PR_ServerBaseAddress_R4        https://patientportal.texasspineconsultants.com:44360 

  

  

e) Restart again and now browse the FHIRIdentityServer site to get the following tables created 

 

fhir.ClientPostLogoutRedirectUris 

Fhir.ClientPostLogoutRedirectUris 

 

f) Open and execute  10-UpdateClientPortLogoutandClientRedirectTables.sql 

This will update the localhost value to the portal url and the right port information  

 

 

5- Identity Server Token Signing Certifcate Creation / Installation / Update 

 

Execute the PowerShell script: .\11-Manage-ServerCertificate.ps1 to run it automatically. In case it runs fine, jump in the step 6.

  

That will run the steps described below: 

 

a) Run powershell as administrator 

New-SelfSignedCertificate -DnsName "activedirectorynameofserver", "additionalnameofserverifneeded" -CertStoreLocation "cert:\LocalMachine\My" 

  

Use host FQND for "activedirectorynameofserver" 

Use patient portal domain  "patientportal.texasspineconsultants.com"      

***remove any "/phxportal" 

  

  Run mmc, add Certificates Snap-in 

Machine generated alternative text:

  

Machine generated alternative text:

  

Click on OK 

  

b) Add a Friendly Name to the recently created certificate  

As IdentityFHIRcert 

Use password Ph0enix0rth0 

  

  Machine generated alternative text:

  

Machine generated alternative text:

  

c) Export certificate to C:\inetpub\FHIRIdentity-STU3\IdentityServer\Certificate 

As IdentityFHIRcert.pfx 

Use password Ph0enix0rth0 

  

Machine generated alternative text:

  

Machine generated alternative text:

  

Machine generated alternative text:

  

Machine generated alternative text:

  

Machine generated alternative text:

 

  Machine generated alternative text:

  Machine generated alternative text:

  

d) Install the certificate 

e) Browse to the filesystem location where the certificate was exported and saved C:\inetpub\FHIRIdentity-STU3\IdentityServer\Certificate 

 f) Right click the certificate file and select Install PFX 

Certificate mport Wizard  Welcome to the Certificate Import Wizard  This wizard helps you cop,' certificates, certficate trust lists, and certficate revuabon  lists from your disk to a certificate store.  A certificate, which is issued by a certfcaton authority, is a confirmaton of pur identty  and contains informaton used to protect data or to establish secure net,Nork  connectons. A certificate store is the system area where certificates are kept.  Store Luabon  C) Current User  Ocal Machine  To continue, dick Next.  Cancel

 

Certificate Import Wizard  key  To maintain security, the private key nas protected with a password.  Type the password for the private key.  Password:  Display Password  Impor t options:  <nable strong private key protecton. You will be prompted every tme the  private key is used by an applicaton if you enable this opton.  Mark this key as exportable. This will allon you to backup or transport your  keys ata later tme.  Z] Include all extended proper bes.  Cancel

 

Certificate Import Wizard  C«tifiGte  Certficate stores are system areas where certficates are kept.  Windows can automabcally selecta certficate store, or you can specify a location for  the certficate.  C) Automabcally select the cer  @Place all certficates n the  Cert ficate store:  Select Certificate Store  Select the certficate store you want to use.  Personal  Trusted Root Certificaton Authorities  Enterprise Trust  Intermediate Certficabon Authoribes  Trusted Publishers  Show physical stores  Cancel

  

   6- Configure SSL binding 

FHIRIdentityServer 44319 

FHIRPresentationServer 44360 

Assign IdentityFHIRcert recently created in previous step to FHIR sites. 

ConnectEHR, SparkDashboard and CQM should use the internet certificate used currently by the PortalPHX 

All non-secure ports (89,82,86, 83,85) should be removed from FHIR, CQM, Spark, and the three ConnectEHR sites. 

Sites section should look just like this 

  

  

  

7- Update the table fhir.tblFhirConfiguration, opening and executing 12-UpdateFHIRTblConfiguration-Certificate.sql 

That will update the fields below: 

ID_TokenSigningCertificate        IdentityFHIRcert.pfx 

ID_TokenSigningCertificatePassword        Ph0enix0rth0 

  

  • Restart the FHIR IIS Sites 
  • Connect to FHIRPresentation site via https 

If the "A" records in the public dns and the local dns are in place, and the domain name is resolving to the private ip, the FHIRPresentation will be able to navigate and authenticate itself 

If not, It is totally expectable at least 1 or 2 type of errors messages navigating this site. 

     

8- Update the SSO keys in the ConnectEHR and CQM Solutions DB's 

  

ConnectEHR DB table name= (SSOKey)  

CQMSolution DB table name= (SSOKeyCQM) 

Long hashes should be used here 

MODIFY and execute script: 13-SSO Keys.sql 

That will populate automatically the tables below as follow: 

 

ConnectEHR DB 

SSO_Key 

SiteContext         

Enabled         

CreatedDate         

AutoCreateNewUser         

PracticeID 

bfZMeRpQDsfnHQvdM3P7ffoNj9mI4QdKj7CWX9VHHxzOvlePS3iXNeA0oi3QEWck         

ConnectEHR 

1         

2019-07-22 10:37:44.9370000 (will be populated automatically)         

1         

NULL 

zi9+8yydZ2TqYVjHu2R7HWGSYHZBmkEuUjXqaSYCZxn5RwiFzLGJuvyb6M/ld9N5         

ConnectEHR Patient Portal 

1         

2019-07-22 10:38:06.7370000 (will be populated automatically)         

0         

NULL 

  

  

CQM Solution DB  

SSO_Key         

SiteContext         

Enabled         

CreatedDate         

PracticeID 

YFbB15rkACWeAkJqPE8hLcukdurKceEQ/hWFc7C+rFJgTDi67KQdPsEoV/Kn1u+r         

CQMSolution         

True         

2019-07-22 10:39:55.7630000  (will be populated automatically)         

NULL 

  

 

9- Test the Phoenix Ortho integration and its first functionalities 

 

 

Click on CCDA direct and wait for a report gets loaded

Click on CQM Solution and wait for the typical CQM login screen

 

Common error messages

 

clipboard_edd3a3bdc61032446244f194336b99dbb.png

clipboard_edfce5c4e5da8f23ad991a8db18a0ff39.png

 

 

 

For Troubleshooting 

Query the table tblSystemLog at ConnectEHR for errors 

Collect the events found and send them to DHIT for further investigation 

 

 

Use ConnectEHR 

SELECT [EventID] 

      ,[LogTextId] 

      ,[EventDateTime] 

      ,[PracticeId] 

      ,[UserIdInternal] 

      ,[PatientIdInternal] 

      ,[Action] 

      ,[LogType] 

      ,[EventText] 

  FROM [ConnectEHR].[dbo].[tblSystemLog] order by [EventDateTime] desc 

 

 

   10- Ask the Backup person to add the items below at the Backup Plans for the customer 

Add DB's CQM and ConnectEHR to the hot db backup plan   

Add next folders to File Backup Plan in Acronis or Intronis, accordingly.

By default the Agent and the Site are located at C:\ProgramFiles\CQMsolution and C:\ProgramFiles\ConnectEHR; and 

i. C:\inetpub\ConnectEHR 

ii. C:\inetpub\ConnectEHR Patient Portal 

iii. C:\inetpub\ConnectEHR Patient Portal Web Service 

Backup file outputs (Program Data\CQM Solution): Installation will not affect the QRDA and PDF file outputs and uploads generated by past reports, but may want to take this opportunity to back up these files for production reports (at minimum) to ensure redundancy 

 Others: 

a. Access SQL Server Management and add CQMsolution and ConnectEHR in the Maintenance Plan, as space allows.