Three environment variables below enable you to use a self-signed certificate with OpenSSL* for the DL Workbench:
Variable | Explanation |
-SSL_CERT , -e SSL_CERT | Sets the path to the DL Workbench web app TLS certificate in the container. |
-SSL_KEY , -e SSL_KEY | Sets the path to the SSL_CERT certificate private key in the container. |
-SSL_VERIFY , -e SSL_VERIFY | Indicates whether the SSL_CERT TLS certificate is trusted (on , default), or either self-signed or untrusted (off ). |
Follow instructions for your system and certificate status in the sections below.
Trusted Certificate on Linux*
When installing from Docker Hub* with the start_workbench.sh
script:
- In the directory with the script, create the
assets
folder with read, write, and execute permissions:
- Put your trusted key and certificate in the
assets
folder.
- Run the Docker container with the command that mounts the directory with the
assets
folder to the /home/workbench/.workbench
directory in the Docker container and provides paths to the key and certificate: ./start_workbench.sh -IMAGE_NAME openvino/workbench \
-ASSETS_DIR <full_path_to_assets>/assets \
-SSL_CERT <full_path_to_assets>/assets/certificate.pem \
-SSL_KEY <full_path_to_assets>/assets/key.pem
NOTE: Replace the placeholders in angle brackets the full path to the assets
folder.
When installing from the OpenVINO™ package:
- Open a terminal in the DL Workbench folder. The path to the folder is
/<path_to_installed_package>/deployment_tools/tools/workbench
.
- Run the Docker container with the command that provides key and certificate paths:
./start_workbench.sh -IMAGE_NAME workbench \
-SSL_CERT /home/workbench/.workbench/certificate.pem \
-SSL_KEY /home/workbench/.workbench/key.pem
Self-Signed Certificate on Linux
When installing from Docker Hub* with the start_workbench.sh
script:
- In the directory with the
start_workbench.sh
script, create the assets
folder with read, write, and execute permissions:
- Generate a self-signed certificate for non-production purposes in the
assets
folder: openssl req -newkey rsa:4096 -nodes -keyout assets/key.pem -x509 -days 365 -out assets/certificate.pem
Follow the command-line instructions to provide the required data.
- Run the Docker container with the command that mounts the directory with the
assets
folder to the /home/workbench/.workbench
directory in the Docker container and provides paths to the key and certificate: ./start_workbench.sh -IMAGE_NAME openvino/workbench \
-ASSETS_DIR <full_path_to_assets>/assets \
-SSL_CERT <full_path_to_assets>/assets/certificate.pem \
-SSL_KEY <full_path_to_assets>/assets/key.pem \
-SSL_VERIFY off
NOTE: Replace the placeholders in angle brackets the full path to the assets
folder.
When installing from the OpenVINO™ package:
- Open a terminal in the DL Workbench folder. The path to the folder is
/<path_to_installed_package>/deployment_tools/tools/workbench
.
- Run the Docker container with the command that provides key and certificate paths:
./start_workbench.sh -IMAGE_NAME workbench \
-SSL_CERT /home/workbench/.workbench/certificate.pem \
-SSL_KEY /home/workbench/.workbench/key.pem \
-SSL_VERIFY off
Trusted Certificate on Windows*
- Open a terminal and create the
workbench_volume
volume: docker volume create workbench_volume
- Put your trusted key and certificate in the
workbench_volume
volume: docker run --rm -v workbench_volume:/data -v <full_path_to_certificates_folder>:/cert_data busybox sh -c "cp /cert_data/key.pem /data && cp /cert_data/certificate.pem /data && chown -R 5665 /data"
- Run the Docker container with the command that mounts the
workbench_volume
volume to the /home/workbench/.workbench
directory in the Docker container and provide key and certificate paths: docker run -p 127.0.0.1:5665:5665 `
--name workbench `
--volume workbench_volume:/home/workbench/.workbench `
-e SSL_CERT=/home/workbench/.workbench/certificate.pem `
-e SSL_KEY=/home/workbench/.workbench/key.pem `
-it openvino/workbench:latest
Self-Signed Certificate on Windows
Step 1. Open a terminal, create the workbench
directory and go to this directory:
Step 2. Generate a self-signed certificate for non-production purposes in the workbench
folder:
openssl req -newkey rsa:4096 -nodes -keyout workbench/key.pem -x509 -days 365 -out workbench/certificate.pem
Step 3. Create the workbench_volume
volume:
docker volume create workbench_volume
Step 4. Put your self-signed key and certificate in the workbench_volume
volume:
docker run --rm -v workbench_volume:/data -v <full_path_to_certificates_folder>:/cert_data busybox sh -c "cp /cert_data/key.pem /data && cp /cert_data/certificate.pem /data && chown -R 5665 /data"
Step 5. Run the Docker container with the command that mounts the workbench_volume
volume to the /home/workbench/.workbench
directory in the Docker container and provide key and certificate paths:
docker run -p 127.0.0.1:5665:5665 `
--name workbench `
--volume workbench_volume:/home/workbench/.workbench `
-e SSL_CERT=/home/workbench/.workbench/certificate.pem `
-e SSL_KEY=/home/workbench/.workbench/key.pem `
-e SSL_VERIFY off
-it openvino/workbench:latest
Trusted Certificate on macOS*
- In the
home
directory, create the assets
folder with read, write, and execute permissions:
- Put your trusted key and certificate in the
assets
folder.
- Run the Docker container with the command that mounts the
assets
folder to the /home/workbench/.workbench
directory in the Docker container: docker run -p 127.0.0.1:5665:5665 \
--name workbench \
--volume /home/assets:/home/workbench/.workbench \
-it openvino/workbench:latest \
-e ASSETS_DIR home/assets \
-e SSL_CERT certificate.pem \
-e SSL_KEY key.pem
Self-Signed Certificate on macOS
- In the
home
directory, create the assets
folder with read, write, and execute permissions:
- Generate a self-signed certificate for non-production purposes in the
workbench
folder: openssl req -newkey rsa:4096 -nodes -keyout workbench/key.pem -x509 -days 365 -out workbench/certificate.pem
- Run the Docker container with the command that mounts the
assets
folder to the /home/workbench/.workbench
directory in the Docker container: docker run -p 127.0.0.1:5665:5665 \
--name workbench \
--volume /home/assets:/home/workbench/.workbench \
-it openvino/workbench:latest \
-e ASSETS_DIR home/assets \
-e SSL_CERT certificate.pem \
-e SSL_KEY key.pem \
-e SSL_VERIFY off
See Also