Configure Transport Layer Security (TLS)¶
Three environment variables below enable you to use a self-signed certificate with OpenSSL* for the DL Workbench:
Docker docker run command:
Variable |
Explanation |
|---|---|
|
Sets the path to the DL Workbench web app TLS certificate in the container. |
|
Sets the path to the |
|
Indicates whether the |
Python Starter openvino-workbench command:
Variable |
Explanation |
|---|---|
|
Specifies the path to the DL Workbench web app TLS certificate in the DL Workbench configuration directory. The file should be placed in “assets_dir” folder. Example: <certificate.pem>. |
|
Specifies the path to the ssl-certificate certificate private key in the DL Workbench configuration directory. |
|
Indicates whether the ssl-certificate TLS certificate is trusted ( |
Follow instructions for your system and certificate status in the sections below.
Trusted Certificate on Linux*¶
When installing from Docker Hub* with the openvino-workbench script :
In the directory with the script, create the
assetsfolder with read, write, and execute permissions:mkdir -p -m 777 assets
Put your trusted key and certificate in the
assetsfolder.Run the Docker container with the command that mounts the directory with the
assetsfolder to the/home/workbench/.workbenchdirectory in the Docker container and provides paths to the key and certificate:openvino-workbench --image openvino/workbench \ --assets-directory <full_path_to_assets>/assets \ --ssl-certificate-name <full_path_to_assets>/assets/certificate.pem \ --ssl-key-name <full_path_to_assets>/assets/key.pem
Note
Replace the placeholders in angle brackets the full path to the
assetsfolder.
Self-Signed Certificate on Linux¶
When installing from Docker Hub* with the openvino-workbench script :
In the directory with the
openvino-workbenchscript, create theassetsfolder with read, write, and execute permissions:mkdir -p -m 777 assets
Generate a self-signed certificate for non-production purposes in the
assetsfolder:openssl req -newkey rsa:4096 -nodes -keyout assets/key.pem -x509 -days 365 -out assets/certificate.pem
Follow the command-line instructions to provide the required data.
Run the Docker container with the command that mounts the directory with the
assetsfolder to the/home/workbench/.workbenchdirectory in the Docker container and provides paths to the key and certificate:openvino-workbench --image openvino/workbench \ --assets-directory <full_path_to_assets>/assets \ --ssl-certificate-name <full_path_to_assets>/assets/certificate.pem \ --ssl-key-name <full_path_to_assets>/assets/key.pem \ --verify-ssl off
Note
Replace the placeholders in angle brackets the full path to the
assetsfolder.Open a terminal and create the
workbench_volumevolume:docker volume create workbench_volume
Put your trusted key and certificate in the
workbench_volumevolume:docker run --rm -v workbench_volume:/data -v <full_path_to_certificates_folder>:/cert_data busybox sh -c "cp /cert_data/key.pem /data && cp /cert_data/certificate.pem /data && chown -R 5665 /data"
Run the Docker container with the command that mounts the
workbench_volumevolume to the/home/workbench/.workbenchdirectory in the Docker container and provide key and certificate paths:docker run -p 127.0.0.1:5665:5665 ` --name workbench ` --volume workbench_volume:/home/workbench/.workbench ` -e SSL_CERT=/home/workbench/.workbench/certificate.pem ` -e SSL_KEY=/home/workbench/.workbench/key.pem ` -it openvino/workbench:latest
Self-Signed Certificate on Windows¶
Step 1. Open a terminal, create the workbench directory and go to this directory:
mkdir workbenchcd workbenchStep 2. Generate a self-signed certificate for non-production purposes in the workbench folder:
openssl req -newkey rsa:4096 -nodes -keyout workbench/key.pem -x509 -days 365 -out workbench/certificate.pemStep 3. Create the workbench_volume volume:
docker volume create workbench_volumeStep 4. Put your self-signed key and certificate in the workbench_volume volume:
docker run --rm -v workbench_volume:/data -v <full_path_to_certificates_folder>:/cert_data busybox sh -c "cp /cert_data/key.pem /data && cp /cert_data/certificate.pem /data && chown -R 5665 /data"Step 5. Run the Docker container with the command that mounts the workbench_volume volume to the /home/workbench/.workbench directory in the Docker container and provide key and certificate paths:
docker run -p 127.0.0.1:5665:5665 `
--name workbench `
--volume workbench_volume:/home/workbench/.workbench `
-e SSL_CERT=/home/workbench/.workbench/certificate.pem `
-e SSL_KEY=/home/workbench/.workbench/key.pem `
-e SSL_VERIFY off
-it openvino/workbench:latestTrusted Certificate on macOS*¶
In the
homedirectory, create theassetsfolder with read, write, and execute permissions:mkdir -p -m 777 assets
Put your trusted key and certificate in the
assetsfolder.Run the Docker container with the command that mounts the
assetsfolder to the/home/workbench/.workbenchdirectory in the Docker container:docker run -p 127.0.0.1:5665:5665 \ --name workbench \ --volume /home/assets:/home/workbench/.workbench \ -it openvino/workbench:latest \ -e ASSETS_DIR home/assets \ -e SSL_CERT certificate.pem \ -e SSL_KEY key.pem
Self-Signed Certificate on macOS¶
In the
homedirectory, create theassetsfolder with read, write, and execute permissions:mkdir -p -m 777 assets
Generate a self-signed certificate for non-production purposes in the
workbenchfolder:openssl req -newkey rsa:4096 -nodes -keyout workbench/key.pem -x509 -days 365 -out workbench/certificate.pem
Run the Docker container with the command that mounts the
assetsfolder to the/home/workbench/.workbenchdirectory in the Docker container:docker run -p 127.0.0.1:5665:5665 \ --name workbench \ --volume /home/assets:/home/workbench/.workbench \ -it openvino/workbench:latest \ -e ASSETS_DIR home/assets \ -e SSL_CERT certificate.pem \ -e SSL_KEY key.pem \ -e SSL_VERIFY off