# OMERO server certificate management plugin
[](https://github.com/ome/omero-certificates/actions)
Generate self-signed certificates and configure OMERO.server.
If you prefer to configure OMERO manually see the examples in these documents:
- https://github.com/ome/docker-example-omero-websockets
- https://docs.openmicroscopy.org/omero/latest/sysadmins/client-server-ssl.html
## Installation
Install `openssl` if it's not already on your system.
Then activate your OMERO.server virtualenv and run:
```
pip install omero-certificates
```
## Usage
Set the `OMERODIR` environment variable to the location of OMERO.server.
Run:
```
omero certificates
```
```
OpenSSL 1.1.1d 10 Sep 2019
Generating RSA private key, 2048 bit long modulus (2 primes)
.+++++
.............................+++++
e is 65537 (0x010001)
certificates created: /OMERO/certs/server.key /OMERO/certs/server.pem /OMERO/certs/server.p12
```
to update your OMERO.server configuration and to generate or update your self-signed certificates.
If you already have the necessary configuration settings this plugin will not modify them, so it is safe to always run `omero certificates` every time you start OMERO.server.
You can now start your omero server as normal.
This plugin automatically overrides the defaults for the following properties if they're not explicitly set:
- `omero.glacier2.IceSSL.Ciphers=HIGH!DHE`: the default weaker ciphers may not be supported on some systems
- `omero.glacier2.IceSSL.ProtocolVersionMax=TLS1_3`: Support TLS 1.2 and 1.3
- `omero.glacier2.IceSSL.Protocols=TLS1_2,TLS1_3`: Support TLS 1.2 and 1.3
The original values can be found on https://docs.openmicroscopy.org/omero/5.6.0/sysadmins/config.html#glacier2
Certificates will be stored under `{omero.data.dir}/certs` by default.
Set `omero.glacier2.IceSSL.DefaultDir` to change this.
If you see a warning message such as
```
Can't load ./.rnd into RNG
```
it should be safe to ignore.
For full information see the output of:
```
omero certificates --help
```
## Developer notes
This project uses [setuptools-scm](https://pypi.org/project/setuptools-scm/).
To release a new version just create a tag.
Raw data
{
"_id": null,
"home_page": "https://github.com/ome/omero-certificates",
"name": "omero-certificates",
"maintainer": null,
"docs_url": null,
"requires_python": null,
"maintainer_email": null,
"keywords": null,
"author": "The Open Microscopy Team",
"author_email": "ome-devel@lists.openmicroscopy.org.uk",
"download_url": "https://files.pythonhosted.org/packages/07/db/b72a450db0e14787bd070efb3e7d4f13ad0056590e4641eedde214ef6eea/omero_certificates-0.4.0.tar.gz",
"platform": null,
"description": "# OMERO server certificate management plugin\n[](https://github.com/ome/omero-certificates/actions)\n\nGenerate self-signed certificates and configure OMERO.server.\n\nIf you prefer to configure OMERO manually see the examples in these documents:\n- https://github.com/ome/docker-example-omero-websockets\n- https://docs.openmicroscopy.org/omero/latest/sysadmins/client-server-ssl.html\n\n\n## Installation\n\nInstall `openssl` if it's not already on your system.\nThen activate your OMERO.server virtualenv and run:\n```\npip install omero-certificates\n```\n\n\n## Usage\n\nSet the `OMERODIR` environment variable to the location of OMERO.server.\n\nRun:\n```\nomero certificates\n```\n```\nOpenSSL 1.1.1d 10 Sep 2019\nGenerating RSA private key, 2048 bit long modulus (2 primes)\n.+++++\n.............................+++++\ne is 65537 (0x010001)\ncertificates created: /OMERO/certs/server.key /OMERO/certs/server.pem /OMERO/certs/server.p12\n```\nto update your OMERO.server configuration and to generate or update your self-signed certificates.\nIf you already have the necessary configuration settings this plugin will not modify them, so it is safe to always run `omero certificates` every time you start OMERO.server.\nYou can now start your omero server as normal.\n\nThis plugin automatically overrides the defaults for the following properties if they're not explicitly set:\n- `omero.glacier2.IceSSL.Ciphers=HIGH!DHE`: the default weaker ciphers may not be supported on some systems\n- `omero.glacier2.IceSSL.ProtocolVersionMax=TLS1_3`: Support TLS 1.2 and 1.3\n- `omero.glacier2.IceSSL.Protocols=TLS1_2,TLS1_3`: Support TLS 1.2 and 1.3\n\n\nThe original values can be found on https://docs.openmicroscopy.org/omero/5.6.0/sysadmins/config.html#glacier2\n\nCertificates will be stored under `{omero.data.dir}/certs` by default.\nSet `omero.glacier2.IceSSL.DefaultDir` to change this.\n\nIf you see a warning message such as\n```\nCan't load ./.rnd into RNG\n```\nit should be safe to ignore.\n\nFor full information see the output of:\n```\nomero certificates --help\n```\n\n## Developer notes\n\nThis project uses [setuptools-scm](https://pypi.org/project/setuptools-scm/).\nTo release a new version just create a tag.\n",
"bugtrack_url": null,
"license": "GPLv2",
"summary": "OMERO server certificate management plugin",
"version": "0.4.0",
"project_urls": {
"Homepage": "https://github.com/ome/omero-certificates"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "1ac69457c43ed54090feae661c7ee191e042c24219cedce0c463b94de456b061",
"md5": "cacfeec565354f1c5aeee5269db0ee2c",
"sha256": "9dcc589ed5b0879feeb38afc6c7a78e80ed487815cd820d57a81eefae49c690f"
},
"downloads": -1,
"filename": "omero_certificates-0.4.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "cacfeec565354f1c5aeee5269db0ee2c",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": null,
"size": 11944,
"upload_time": "2025-02-17T10:14:08",
"upload_time_iso_8601": "2025-02-17T10:14:08.691737Z",
"url": "https://files.pythonhosted.org/packages/1a/c6/9457c43ed54090feae661c7ee191e042c24219cedce0c463b94de456b061/omero_certificates-0.4.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "07dbb72a450db0e14787bd070efb3e7d4f13ad0056590e4641eedde214ef6eea",
"md5": "028d27240fd0f7fc785f57864a52f6c2",
"sha256": "e772e898394aa8cfa0d798efded04838291c0a952d7dd01a1dc6bbd91692c076"
},
"downloads": -1,
"filename": "omero_certificates-0.4.0.tar.gz",
"has_sig": false,
"md5_digest": "028d27240fd0f7fc785f57864a52f6c2",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 14509,
"upload_time": "2025-02-17T10:14:10",
"upload_time_iso_8601": "2025-02-17T10:14:10.473264Z",
"url": "https://files.pythonhosted.org/packages/07/db/b72a450db0e14787bd070efb3e7d4f13ad0056590e4641eedde214ef6eea/omero_certificates-0.4.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-02-17 10:14:10",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "ome",
"github_project": "omero-certificates",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"tox": true,
"lcname": "omero-certificates"
}