OMERO server certificate management plugin
Project description
OMERO server certificate management plugin
Generate self-signed certificates and configure OMERO.server.
If you prefer to configure OMERO manually see the examples in these documents:
- https://github.com/ome/docker-example-omero-websockets
- https://docs.openmicroscopy.org/omero/latest/sysadmins/client-server-ssl.html
Installation
Install openssl if it's not already on your system.
Then activate your OMERO.server virtualenv and run:
pip install omero-certificates
Usage
Set the OMERODIR environment variable to the location of OMERO.server.
Run:
omero certificates
OpenSSL 1.1.1d 10 Sep 2019
Generating RSA private key, 2048 bit long modulus (2 primes)
.+++++
.............................+++++
e is 65537 (0x010001)
certificates created: /OMERO/certs/server.key /OMERO/certs/server.pem /OMERO/certs/server.p12
to update your OMERO.server configuration and to generate or update your self-signed certificates.
If you already have the necessary configuration settings this plugin will not modify them, so it is safe to always run omero certificates every time you start OMERO.server.
You can now start your omero server as normal.
This plugin automatically overrides the defaults for the following properties if they're not explicitly set:
omero.glacier2.IceSSL.Ciphers=HIGH: the default weaker ciphers may not be supported on some systemsomero.glacier2.IceSSL.ProtocolVersionMax=TLS1_3: Support TLS 1.2 and 1.3omero.glacier2.IceSSL.Protocols=TLS1_2,TLS1_3: Support TLS 1.2 and 1.3omero.glacier2.IceSSL.DH.2048=ffdhe2048.pem: use a pre-defined 2048-bit Diffie-Hellman group
The pre-defined Diffie-Hellman group is from RFC 7919. Newer versions of OpenSSL will prefer ECDHE and have their own 2048-bit or greater primes but it's safe to use this one. When RHEL 7 (OpenSSL 1.0.2) support is dropped this will be removed.
NOTE: If RHEL 7 is detected, only TLS 1.2 support will be enabled.
The original values can be found on https://docs.openmicroscopy.org/omero/5.6.0/sysadmins/config.html#glacier2
Certificates will be stored under {omero.data.dir}/certs by default.
Set omero.glacier2.IceSSL.DefaultDir to change this.
If you see a warning message such as
Can't load ./.rnd into RNG
it should be safe to ignore.
For full information see the output of:
omero certificates --help
Developer notes
This project uses setuptools-scm. To release a new version just create a tag.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for omero_certificates-0.3.2-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | e2f80f329913b1d448a1549f2dd18bac524a1a0f6b6a0d28b82ed58eef57bceb |
|
| MD5 | f5c87378bf6c2d2009b9ab45baa528fe |
|
| BLAKE2b-256 | 527e3745e43619aa5ab5c31e5399ea086cd767f971b045c65cee00306177982b |
