https://github.com/ome/omero-certificates
OMERO server certificate management plugin
https://github.com/ome/omero-certificates
certificates cli deployment omero plugin server
Last synced: 5 months ago
JSON representation
OMERO server certificate management plugin
- Host: GitHub
- URL: https://github.com/ome/omero-certificates
- Owner: ome
- License: gpl-2.0
- Created: 2020-03-02T20:55:12.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2025-06-23T19:54:47.000Z (12 months ago)
- Last Synced: 2025-07-11T02:38:54.390Z (11 months ago)
- Topics: certificates, cli, deployment, omero, plugin, server
- Language: Python
- Homepage: https://www.openmicroscopy.org/omero
- Size: 124 KB
- Stars: 0
- Watchers: 7
- Forks: 7
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE.txt
Awesome Lists containing this project
README
# OMERO server certificate management plugin
[](https://github.com/ome/omero-certificates/actions)
Generate self-signed certificates and configure OMERO.server.
If you prefer to configure OMERO manually see the examples in these documents:
- https://github.com/ome/docker-example-omero-websockets
- https://docs.openmicroscopy.org/omero/latest/sysadmins/client-server-ssl.html
## Installation
Install `openssl` if it's not already on your system.
Then activate your OMERO.server virtualenv and run:
```
pip install omero-certificates
```
## Usage
Set the `OMERODIR` environment variable to the location of OMERO.server.
Run:
```
omero certificates
```
```
OpenSSL 1.1.1d 10 Sep 2019
Generating RSA private key, 2048 bit long modulus (2 primes)
.+++++
.............................+++++
e is 65537 (0x010001)
certificates created: /OMERO/certs/server.key /OMERO/certs/server.pem /OMERO/certs/server.p12
```
to update your OMERO.server configuration and to generate or update your self-signed certificates.
If you already have the necessary configuration settings this plugin will not modify them, so it is safe to always run `omero certificates` every time you start OMERO.server.
You can now start your omero server as normal.
This plugin automatically overrides the defaults for the following properties if they're not explicitly set:
- `omero.glacier2.IceSSL.Ciphers=HIGH!DHE`: the default weaker ciphers may not be supported on some systems
- `omero.glacier2.IceSSL.ProtocolVersionMax=TLS1_3`: Support TLS 1.2 and 1.3
- `omero.glacier2.IceSSL.Protocols=TLS1_2,TLS1_3`: Support TLS 1.2 and 1.3
The original values can be found on https://docs.openmicroscopy.org/omero/5.6.0/sysadmins/config.html#glacier2
Certificates will be stored under `{omero.data.dir}/certs` by default.
Set `omero.glacier2.IceSSL.DefaultDir` to change this.
If you see a warning message such as
```
Can't load ./.rnd into RNG
```
it should be safe to ignore.
For full information see the output of:
```
omero certificates --help
```
## Developer notes
This project uses [setuptools-scm](https://pypi.org/project/setuptools-scm/).
To release a new version just create a tag.