Skip to main content

OMERO server certificate management plugin

Project description

OMERO server certificate management plugin

Actions Status

Generate self-signed certificates and configure OMERO.server.

If you prefer to configure OMERO manually see the examples in these documents:

Installation

Install openssl if it's not already on your system. Then activate your OMERO.server virtualenv and run:

pip install omero-certificates

Usage

Set the OMERODIR environment variable to the location of OMERO.server.

Run:

omero certificates
OpenSSL 1.1.1d  10 Sep 2019
Generating RSA private key, 2048 bit long modulus (2 primes)
.+++++
.............................+++++
e is 65537 (0x010001)
certificates created: /OMERO/certs/server.key /OMERO/certs/server.pem /OMERO/certs/server.p12

to update your OMERO.server configuration and to generate or update your self-signed certificates. If you already have the necessary configuration settings this plugin will not modify them, so it is safe to always run omero certificates every time you start OMERO.server. You can now start your omero server as normal.

This plugin automatically overrides the defaults for the following properties if they're not explicitly set:

  • omero.glacier2.IceSSL.Ciphers=HIGH: the default weaker ciphers may not be supported on some systems
  • omero.glacier2.IceSSL.ProtocolVersionMax=TLS1_3: Support TLS 1.2 and 1.3
  • omero.glacier2.IceSSL.Protocols=TLS1_2,TLS1_3: Support TLS 1.2 and 1.3
  • omero.glacier2.IceSSL.DH.2048=ffdhe2048.pem: use a pre-defined 2048-bit Diffie-Hellman group

The pre-defined Diffie-Hellman group is from RFC 7919. Newer versions of OpenSSL will prefer ECDHE and have their own 2048-bit or greater primes but it's safe to use this one. When RHEL 7 (OpenSSL 1.0.2) support is dropped this will be removed.

NOTE: If RHEL 7 is detected, only TLS 1.2 support will be enabled.

The original values can be found on https://docs.openmicroscopy.org/omero/5.6.0/sysadmins/config.html#glacier2

Certificates will be stored under {omero.data.dir}/certs by default. Set omero.glacier2.IceSSL.DefaultDir to change this.

If you see a warning message such as

Can't load ./.rnd into RNG

it should be safe to ignore.

For full information see the output of:

omero certificates --help

Developer notes

This project uses setuptools-scm. To release a new version just create a tag.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

omero-certificates-0.3.2.tar.gz (16.4 kB view details)

Uploaded Source

Built Distribution

omero_certificates-0.3.2-py3-none-any.whl (13.4 kB view details)

Uploaded Python 3

File details

Details for the file omero-certificates-0.3.2.tar.gz.

File metadata

  • Download URL: omero-certificates-0.3.2.tar.gz
  • Upload date:
  • Size: 16.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.8.18

File hashes

Hashes for omero-certificates-0.3.2.tar.gz
Algorithm Hash digest
SHA256 1064b10154623ba031c511f7a494dd17bc47bd2349fd47e1d9ac4b3afea7033d
MD5 7e8dcf8eab3e83c1a84d704bef7afbdb
BLAKE2b-256 8e0b4c276bcc8426afcac915cbe43c4834d93876d5e8f937dc1ec5d600ab5a59

See more details on using hashes here.

File details

Details for the file omero_certificates-0.3.2-py3-none-any.whl.

File metadata

File hashes

Hashes for omero_certificates-0.3.2-py3-none-any.whl
Algorithm Hash digest
SHA256 e2f80f329913b1d448a1549f2dd18bac524a1a0f6b6a0d28b82ed58eef57bceb
MD5 f5c87378bf6c2d2009b9ab45baa528fe
BLAKE2b-256 527e3745e43619aa5ab5c31e5399ea086cd767f971b045c65cee00306177982b

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page