# OMERO server certificate management plugin
[![Actions Status](https://github.com/ome/omero-certificates/workflows/Tox/badge.svg)](https://github.com/ome/omero-certificates/actions)
Generate self-signed certificates and configure OMERO.server.
If you prefer to configure OMERO manually see the examples in these documents:
- https://github.com/ome/docker-example-omero-websockets
- https://docs.openmicroscopy.org/omero/latest/sysadmins/client-server-ssl.html
## Installation
Install `openssl` if it's not already on your system.
Then activate your OMERO.server virtualenv and run:
```
pip install omero-certificates
```
## Usage
Set the `OMERODIR` environment variable to the location of OMERO.server.
Run:
```
omero certificates
```
```
OpenSSL 1.1.1d 10 Sep 2019
Generating RSA private key, 2048 bit long modulus (2 primes)
.+++++
.............................+++++
e is 65537 (0x010001)
certificates created: /OMERO/certs/server.key /OMERO/certs/server.pem /OMERO/certs/server.p12
```
to update your OMERO.server configuration and to generate or update your self-signed certificates.
If you already have the necessary configuration settings this plugin will not modify them, so it is safe to always run `omero certificates` every time you start OMERO.server.
You can now start your omero server as normal.
This plugin automatically overrides the defaults for the following properties if they're not explicitly set:
- `omero.glacier2.IceSSL.Ciphers=HIGH`: the default weaker ciphers may not be supported on some systems
- `omero.glacier2.IceSSL.ProtocolVersionMax=TLS1_3`: Support TLS 1.2 and 1.3
- `omero.glacier2.IceSSL.Protocols=TLS1_2,TLS1_3`: Support TLS 1.2 and 1.3
- `omero.glacier2.IceSSL.DH.2048=ffdhe2048.pem`: use a pre-defined 2048-bit Diffie-Hellman group
The pre-defined Diffie-Hellman group is from [RFC 7919](https://www.rfc-editor.org/rfc/rfc7919.txt). Newer versions of OpenSSL will prefer ECDHE and have their own 2048-bit or greater primes but it's safe to use this one.
When RHEL 7 (OpenSSL 1.0.2) support is dropped this will be removed.
__NOTE:__ If RHEL 7 is detected, only TLS 1.2 support will be enabled.
The original values can be found on https://docs.openmicroscopy.org/omero/5.6.0/sysadmins/config.html#glacier2
Certificates will be stored under `{omero.data.dir}/certs` by default.
Set `omero.glacier2.IceSSL.DefaultDir` to change this.
If you see a warning message such as
```
Can't load ./.rnd into RNG
```
it should be safe to ignore.
For full information see the output of:
```
omero certificates --help
```
## Developer notes
This project uses [setuptools-scm](https://pypi.org/project/setuptools-scm/).
To release a new version just create a tag.
Raw data
{
"_id": null,
"home_page": "https://github.com/ome/omero-certificates",
"name": "omero-certificates",
"maintainer": "",
"docs_url": null,
"requires_python": "",
"maintainer_email": "",
"keywords": "",
"author": "The Open Microscopy Team",
"author_email": "ome-devel@lists.openmicroscopy.org.uk",
"download_url": "https://files.pythonhosted.org/packages/93/80/d3543bdaa46161ff059b6c98bd0eaea0ff6e55696159e430017dd510ed16/omero-certificates-0.3.0.tar.gz",
"platform": null,
"description": "# OMERO server certificate management plugin\n[![Actions Status](https://github.com/ome/omero-certificates/workflows/Tox/badge.svg)](https://github.com/ome/omero-certificates/actions)\n\nGenerate self-signed certificates and configure OMERO.server.\n\nIf you prefer to configure OMERO manually see the examples in these documents:\n- https://github.com/ome/docker-example-omero-websockets\n- https://docs.openmicroscopy.org/omero/latest/sysadmins/client-server-ssl.html\n\n\n## Installation\n\nInstall `openssl` if it's not already on your system.\nThen activate your OMERO.server virtualenv and run:\n```\npip install omero-certificates\n```\n\n\n## Usage\n\nSet the `OMERODIR` environment variable to the location of OMERO.server.\n\nRun:\n```\nomero certificates\n```\n```\nOpenSSL 1.1.1d 10 Sep 2019\nGenerating RSA private key, 2048 bit long modulus (2 primes)\n.+++++\n.............................+++++\ne is 65537 (0x010001)\ncertificates created: /OMERO/certs/server.key /OMERO/certs/server.pem /OMERO/certs/server.p12\n```\nto update your OMERO.server configuration and to generate or update your self-signed certificates.\nIf you already have the necessary configuration settings this plugin will not modify them, so it is safe to always run `omero certificates` every time you start OMERO.server.\nYou can now start your omero server as normal.\n\nThis plugin automatically overrides the defaults for the following properties if they're not explicitly set:\n- `omero.glacier2.IceSSL.Ciphers=HIGH`: the default weaker ciphers may not be supported on some systems\n- `omero.glacier2.IceSSL.ProtocolVersionMax=TLS1_3`: Support TLS 1.2 and 1.3\n- `omero.glacier2.IceSSL.Protocols=TLS1_2,TLS1_3`: Support TLS 1.2 and 1.3\n- `omero.glacier2.IceSSL.DH.2048=ffdhe2048.pem`: use a pre-defined 2048-bit Diffie-Hellman group\n\nThe pre-defined Diffie-Hellman group is from [RFC 7919](https://www.rfc-editor.org/rfc/rfc7919.txt). Newer versions of OpenSSL will prefer ECDHE and have their own 2048-bit or greater primes but it's safe to use this one.\nWhen RHEL 7 (OpenSSL 1.0.2) support is dropped this will be removed.\n\n__NOTE:__ If RHEL 7 is detected, only TLS 1.2 support will be enabled.\n\nThe original values can be found on https://docs.openmicroscopy.org/omero/5.6.0/sysadmins/config.html#glacier2\n\nCertificates will be stored under `{omero.data.dir}/certs` by default.\nSet `omero.glacier2.IceSSL.DefaultDir` to change this.\n\nIf you see a warning message such as\n```\nCan't load ./.rnd into RNG\n```\nit should be safe to ignore.\n\nFor full information see the output of:\n```\nomero certificates --help\n```\n\n## Developer notes\n\nThis project uses [setuptools-scm](https://pypi.org/project/setuptools-scm/).\nTo release a new version just create a tag.\n\n\n",
"bugtrack_url": null,
"license": "GPLv2",
"summary": "OMERO server certificate management plugin",
"version": "0.3.0",
"project_urls": {
"Homepage": "https://github.com/ome/omero-certificates"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "0df7d453deb0bb982597207599092a48840f4fe91dbda3f737504e9d2eac1763",
"md5": "a2851c87de06f2dfd5e0abdab669161a",
"sha256": "7e4d13b329fcb6aff642b35d9809d01ac4e4f56ba4ad47da90cdce5f397bcc14"
},
"downloads": -1,
"filename": "omero_certificates-0.3.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "a2851c87de06f2dfd5e0abdab669161a",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": null,
"size": 13166,
"upload_time": "2023-09-06T11:43:25",
"upload_time_iso_8601": "2023-09-06T11:43:25.856520Z",
"url": "https://files.pythonhosted.org/packages/0d/f7/d453deb0bb982597207599092a48840f4fe91dbda3f737504e9d2eac1763/omero_certificates-0.3.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "9380d3543bdaa46161ff059b6c98bd0eaea0ff6e55696159e430017dd510ed16",
"md5": "158c5ecf11efb3b198d1a0e79906cbaf",
"sha256": "4cd278d57dbd27595c3b6f9326f98e58ce8c974d8edc09d9c82b3bb8ec6b9e1d"
},
"downloads": -1,
"filename": "omero-certificates-0.3.0.tar.gz",
"has_sig": false,
"md5_digest": "158c5ecf11efb3b198d1a0e79906cbaf",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 15682,
"upload_time": "2023-09-06T11:43:27",
"upload_time_iso_8601": "2023-09-06T11:43:27.453864Z",
"url": "https://files.pythonhosted.org/packages/93/80/d3543bdaa46161ff059b6c98bd0eaea0ff6e55696159e430017dd510ed16/omero-certificates-0.3.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-09-06 11:43:27",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "ome",
"github_project": "omero-certificates",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"tox": true,
"lcname": "omero-certificates"
}