Configure Transport Layer Security (TLS)

Three environment variables below enable you to use a self-signed certificate with OpenSSL* for the DL Workbench:

Variable Explanation
-SSL_CERT, -e SSL_CERT Sets the path to the DL Workbench web app TLS certificate in the container.
-SSL_KEY, -e SSL_KEYSets the path to the SSL_CERT certificate private key in the container.
-SSL_VERIFY, -e SSL_VERIFY Indicates whether the SSL_CERT TLS certificate is trusted (on, default), or either self-signed or untrusted (off).

Follow instructions for your system and certificate status in the sections below.

Use a Trusted Certificate for DL Workbench on Linux*

  1. In the directory with the script, create the assets folder with read, write, and execute permissions:
    mkdir -p -m 777 assets
  2. Put your trusted key and certificate in the assets folder.
  3. Run the Docker container with the command that mounts the directory with the assets folder to the /home/openvino directory in the Docker container and provides paths to the key and certificate:
    ./start_workbench.sh -IMAGE_NAME openvino/workbench \
    -ASSETS_DIR <full_path_to_assets>/assets \
    -SSL_CERT <full_path_to_assets>/assets/certificate.pem \
    -SSL_KEY <full_path_to_assets>/assets/key.pem

    NOTE: Replace the placeholders in angle brackets the full path to the assets folder.

  1. Open a terminal in the DL Workbench folder. The path to the folder is /<path_to_installed_package>/deployment_tools/tools/workbench.
  2. Run the Docker container with the command that provides key and certificate paths:
    ./start_workbench.sh -IMAGE_NAME workbench \
    -SSL_CERT /home/openvino/.workbench/certificate.pem \
    -SSL_KEY /home/openvino/.workbench/key.pem

Use a Self-Signed Certificate for DL Workbench on Linux

  1. In the directory with the start_workbench.sh script, create the assets folder with read, write, and execute permissions:
    mkdir -p -m 777 assets
  2. Generate a self-signed certificate for non-production purposes in the assets folder:
    openssl req -newkey rsa:4096 -nodes -keyout assets/key.pem -x509 -days 365 -out assets/certificate.pem
    Follow the command-line instructions to provide the required data.
  3. Run the Docker container with the command that mounts the directory with the assets folder to the /home/openvino directory in the Docker container and provides paths to the key and certificate:
    ./start_workbench.sh -IMAGE_NAME openvino/workbench \
    -ASSETS_DIR <full_path_to_assets>/assets \
    -SSL_CERT <full_path_to_assets>/assets/certificate.pem \
    -SSL_KEY <full_path_to_assets>/assets/key.pem \
    -SSL_VERIFY off

    NOTE: Replace the placeholders in angle brackets the full path to the assets folder.

  1. Open a terminal in the DL Workbench folder. The path to the folder is /<path_to_installed_package>/deployment_tools/tools/workbench.
  2. Run the Docker container with the command that provides key and certificate paths:
    ./start_workbench.sh -IMAGE_NAME workbench \
    -SSL_CERT /home/openvino/.workbench/certificate.pem \
    -SSL_KEY /home/openvino/.workbench/key.pem \
    -SSL_VERIFY off

Use a Trusted Certificate for DL Workbench on Windows*

  1. Open a terminal and create the workbench directory:
    mkdir workbench
  2. Put your trusted key and certificate in the workbench folder.
  3. Run the Docker container with the command that mounts the workbench folder to the /home/openvino directory in the Docker container and provide key and certificate paths:
    docker run -p 127.0.0.1:5665:5665 `
    --name workbench `
    --volume /C/workbench:/home/openvino/.workbench `
    -it openvino/workbench:latest `
    -e SSL_CERT certificate.pem `
    -e SSL_KEY key.pem

Use a Self-Signed Certificate for DL Workbench on Windows

  1. Open a terminal, create the workbench directory and go to this directory:
    mkdir workbench
    cd workbench
  2. Generate a self-signed certificate for non-production purposes in the workbench folder:
    openssl req -newkey rsa:4096 -nodes -keyout workbench/key.pem -x509 -days 365 -out workbench/certificate.pem
  3. Run the Docker container with the command that mounts the workbench folder to the /home/openvino directory in the Docker container and provide key and certificate paths :
    docker run -p 127.0.0.1:5665:5665 `
    --name workbench `
    --volume /C/workbench:/home/openvino/.workbench `
    -it openvino/workbench:latest `
    -e SSL_CERT certificate.pem `
    -e SSL_KEY key.pem `
    -e SSL_VERIFY off

Use a Trusted Certificate for DL Workbench on macOS*

  1. In the home directory, create the assets folder with read, write, and execute permissions:
    mkdir -p -m 777 assets
  2. Put your trusted key and certificate in the assets folder.
  3. Run the Docker container with the command that mounts the assets folder to the /home/openvino directory in the Docker container:
    docker run -p 127.0.0.1:5665:5665 \
    --name workbench \
    --volume /home/assets:/home/openvino/.workbench \
    -it openvino/workbench:latest \
    -e ASSETS_DIR home/assets \
    -e SSL_CERT certificate.pem \
    -e SSL_KEY key.pem

Use a Self-Signed Certificate for DL Workbench on macOS

  1. In the home directory, create the assets folder with read, write, and execute permissions:
    mkdir -p -m 777 assets
  2. Generate a self-signed certificate for non-production purposes in the workbench folder:
    openssl req -newkey rsa:4096 -nodes -keyout workbench/key.pem -x509 -days 365 -out workbench/certificate.pem
  3. Run the Docker container with the command that mounts the assets folder to the /home/openvino directory in the Docker container:
    docker run -p 127.0.0.1:5665:5665 \
    --name workbench \
    --volume /home/assets:/home/openvino/.workbench \
    -it openvino/workbench:latest \
    -e ASSETS_DIR home/assets \
    -e SSL_CERT certificate.pem \
    -e SSL_KEY key.pem \
    -e SSL_VERIFY off

    See Also