omero-certificates


Nameomero-certificates JSON
Version 0.3.0 PyPI version JSON
download
home_pagehttps://github.com/ome/omero-certificates
SummaryOMERO server certificate management plugin
upload_time2023-09-06 11:43:27
maintainer
docs_urlNone
authorThe Open Microscopy Team
requires_python
licenseGPLv2
keywords
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls.
            # OMERO server certificate management plugin
[![Actions Status](https://github.com/ome/omero-certificates/workflows/Tox/badge.svg)](https://github.com/ome/omero-certificates/actions)

Generate self-signed certificates and configure OMERO.server.

If you prefer to configure OMERO manually see the examples in these documents:
- https://github.com/ome/docker-example-omero-websockets
- https://docs.openmicroscopy.org/omero/latest/sysadmins/client-server-ssl.html


## Installation

Install `openssl` if it's not already on your system.
Then activate your OMERO.server virtualenv and run:
```
pip install omero-certificates
```


## Usage

Set the `OMERODIR` environment variable to the location of OMERO.server.

Run:
```
omero certificates
```
```
OpenSSL 1.1.1d  10 Sep 2019
Generating RSA private key, 2048 bit long modulus (2 primes)
.+++++
.............................+++++
e is 65537 (0x010001)
certificates created: /OMERO/certs/server.key /OMERO/certs/server.pem /OMERO/certs/server.p12
```
to update your OMERO.server configuration and to generate or update your self-signed certificates.
If you already have the necessary configuration settings this plugin will not modify them, so it is safe to always run `omero certificates` every time you start OMERO.server.
You can now start your omero server as normal.

This plugin automatically overrides the defaults for the following properties if they're not explicitly set:
- `omero.glacier2.IceSSL.Ciphers=HIGH`: the default weaker ciphers may not be supported on some systems
- `omero.glacier2.IceSSL.ProtocolVersionMax=TLS1_3`: Support TLS 1.2 and 1.3
- `omero.glacier2.IceSSL.Protocols=TLS1_2,TLS1_3`: Support TLS 1.2 and 1.3
- `omero.glacier2.IceSSL.DH.2048=ffdhe2048.pem`: use a pre-defined 2048-bit Diffie-Hellman group

The pre-defined Diffie-Hellman group is from [RFC 7919](https://www.rfc-editor.org/rfc/rfc7919.txt).  Newer versions of OpenSSL will prefer ECDHE and have their own 2048-bit or greater primes but it's safe to use this one.
When RHEL 7 (OpenSSL 1.0.2) support is dropped this will be removed.

__NOTE:__ If RHEL 7 is detected, only TLS 1.2 support will be enabled.

The original values can be found on https://docs.openmicroscopy.org/omero/5.6.0/sysadmins/config.html#glacier2

Certificates will be stored under `{omero.data.dir}/certs` by default.
Set `omero.glacier2.IceSSL.DefaultDir` to change this.

If you see a warning message such as
```
Can't load ./.rnd into RNG
```
it should be safe to ignore.

For full information see the output of:
```
omero certificates --help
```

## Developer notes

This project uses [setuptools-scm](https://pypi.org/project/setuptools-scm/).
To release a new version just create a tag.



            

Raw data

            {
    "_id": null,
    "home_page": "https://github.com/ome/omero-certificates",
    "name": "omero-certificates",
    "maintainer": "",
    "docs_url": null,
    "requires_python": "",
    "maintainer_email": "",
    "keywords": "",
    "author": "The Open Microscopy Team",
    "author_email": "ome-devel@lists.openmicroscopy.org.uk",
    "download_url": "https://files.pythonhosted.org/packages/93/80/d3543bdaa46161ff059b6c98bd0eaea0ff6e55696159e430017dd510ed16/omero-certificates-0.3.0.tar.gz",
    "platform": null,
    "description": "# OMERO server certificate management plugin\n[![Actions Status](https://github.com/ome/omero-certificates/workflows/Tox/badge.svg)](https://github.com/ome/omero-certificates/actions)\n\nGenerate self-signed certificates and configure OMERO.server.\n\nIf you prefer to configure OMERO manually see the examples in these documents:\n- https://github.com/ome/docker-example-omero-websockets\n- https://docs.openmicroscopy.org/omero/latest/sysadmins/client-server-ssl.html\n\n\n## Installation\n\nInstall `openssl` if it's not already on your system.\nThen activate your OMERO.server virtualenv and run:\n```\npip install omero-certificates\n```\n\n\n## Usage\n\nSet the `OMERODIR` environment variable to the location of OMERO.server.\n\nRun:\n```\nomero certificates\n```\n```\nOpenSSL 1.1.1d  10 Sep 2019\nGenerating RSA private key, 2048 bit long modulus (2 primes)\n.+++++\n.............................+++++\ne is 65537 (0x010001)\ncertificates created: /OMERO/certs/server.key /OMERO/certs/server.pem /OMERO/certs/server.p12\n```\nto update your OMERO.server configuration and to generate or update your self-signed certificates.\nIf you already have the necessary configuration settings this plugin will not modify them, so it is safe to always run `omero certificates` every time you start OMERO.server.\nYou can now start your omero server as normal.\n\nThis plugin automatically overrides the defaults for the following properties if they're not explicitly set:\n- `omero.glacier2.IceSSL.Ciphers=HIGH`: the default weaker ciphers may not be supported on some systems\n- `omero.glacier2.IceSSL.ProtocolVersionMax=TLS1_3`: Support TLS 1.2 and 1.3\n- `omero.glacier2.IceSSL.Protocols=TLS1_2,TLS1_3`: Support TLS 1.2 and 1.3\n- `omero.glacier2.IceSSL.DH.2048=ffdhe2048.pem`: use a pre-defined 2048-bit Diffie-Hellman group\n\nThe pre-defined Diffie-Hellman group is from [RFC 7919](https://www.rfc-editor.org/rfc/rfc7919.txt).  Newer versions of OpenSSL will prefer ECDHE and have their own 2048-bit or greater primes but it's safe to use this one.\nWhen RHEL 7 (OpenSSL 1.0.2) support is dropped this will be removed.\n\n__NOTE:__ If RHEL 7 is detected, only TLS 1.2 support will be enabled.\n\nThe original values can be found on https://docs.openmicroscopy.org/omero/5.6.0/sysadmins/config.html#glacier2\n\nCertificates will be stored under `{omero.data.dir}/certs` by default.\nSet `omero.glacier2.IceSSL.DefaultDir` to change this.\n\nIf you see a warning message such as\n```\nCan't load ./.rnd into RNG\n```\nit should be safe to ignore.\n\nFor full information see the output of:\n```\nomero certificates --help\n```\n\n## Developer notes\n\nThis project uses [setuptools-scm](https://pypi.org/project/setuptools-scm/).\nTo release a new version just create a tag.\n\n\n",
    "bugtrack_url": null,
    "license": "GPLv2",
    "summary": "OMERO server certificate management plugin",
    "version": "0.3.0",
    "project_urls": {
        "Homepage": "https://github.com/ome/omero-certificates"
    },
    "split_keywords": [],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "0df7d453deb0bb982597207599092a48840f4fe91dbda3f737504e9d2eac1763",
                "md5": "a2851c87de06f2dfd5e0abdab669161a",
                "sha256": "7e4d13b329fcb6aff642b35d9809d01ac4e4f56ba4ad47da90cdce5f397bcc14"
            },
            "downloads": -1,
            "filename": "omero_certificates-0.3.0-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "a2851c87de06f2dfd5e0abdab669161a",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": null,
            "size": 13166,
            "upload_time": "2023-09-06T11:43:25",
            "upload_time_iso_8601": "2023-09-06T11:43:25.856520Z",
            "url": "https://files.pythonhosted.org/packages/0d/f7/d453deb0bb982597207599092a48840f4fe91dbda3f737504e9d2eac1763/omero_certificates-0.3.0-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "9380d3543bdaa46161ff059b6c98bd0eaea0ff6e55696159e430017dd510ed16",
                "md5": "158c5ecf11efb3b198d1a0e79906cbaf",
                "sha256": "4cd278d57dbd27595c3b6f9326f98e58ce8c974d8edc09d9c82b3bb8ec6b9e1d"
            },
            "downloads": -1,
            "filename": "omero-certificates-0.3.0.tar.gz",
            "has_sig": false,
            "md5_digest": "158c5ecf11efb3b198d1a0e79906cbaf",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": null,
            "size": 15682,
            "upload_time": "2023-09-06T11:43:27",
            "upload_time_iso_8601": "2023-09-06T11:43:27.453864Z",
            "url": "https://files.pythonhosted.org/packages/93/80/d3543bdaa46161ff059b6c98bd0eaea0ff6e55696159e430017dd510ed16/omero-certificates-0.3.0.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2023-09-06 11:43:27",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "ome",
    "github_project": "omero-certificates",
    "travis_ci": false,
    "coveralls": false,
    "github_actions": true,
    "tox": true,
    "lcname": "omero-certificates"
}
        
Elapsed time: 0.12242s