Configure Transport Layer Security (TLS)

Three environment variables below enable you to use a self-signed certificate with OpenSSL* for the DL Workbench:

Variable Explanation
-SSL_CERT, -e SSL_CERT Sets the path to the DL Workbench web app TLS certificate in the container.
-SSL_KEY, -e SSL_KEY Sets the path to the SSL_CERT certificate private key in the container.
-SSL_VERIFY, -e SSL_VERIFY Indicates whether the SSL_CERT TLS certificate is trusted (on, default), or either self-signed or untrusted (off).

Follow instructions for your system and certificate status in the sections below.

Trusted Certificate on Linux*

When installing from Docker Hub* with the start_workbench.sh script:

  1. In the directory with the script, create the assets folder with read, write, and execute permissions:
    mkdir -p -m 777 assets
  2. Put your trusted key and certificate in the assets folder.
  3. Run the Docker container with the command that mounts the directory with the assets folder to the /home/workbench/.workbench directory in the Docker container and provides paths to the key and certificate:
    ./start_workbench.sh -IMAGE_NAME openvino/workbench \
    -ASSETS_DIR <full_path_to_assets>/assets \
    -SSL_CERT <full_path_to_assets>/assets/certificate.pem \
    -SSL_KEY <full_path_to_assets>/assets/key.pem

    NOTE: Replace the placeholders in angle brackets the full path to the assets folder.

    When installing from the OpenVINO™ package:
  1. Open a terminal in the DL Workbench folder. The path to the folder is
    /<path_to_installed_package>/deployment_tools/tools/workbench.
  2. Run the Docker container with the command that provides key and certificate paths:
    ./scripts/start_workbench.sh -IMAGE_NAME workbench \
    -SSL_CERT /home/workbench/.workbench/certificate.pem \
    -SSL_KEY /home/workbench/.workbench/key.pem

Self-Signed Certificate on Linux

When installing from Docker Hub* with the start_workbench.sh script:

  1. In the directory with the start_workbench.sh script, create the assets folder with read, write, and execute permissions:
    mkdir -p -m 777 assets
  2. Generate a self-signed certificate for non-production purposes in the assets folder:
    openssl req -newkey rsa:4096 -nodes -keyout assets/key.pem -x509 -days 365 -out assets/certificate.pem
    Follow the command-line instructions to provide the required data.
  3. Run the Docker container with the command that mounts the directory with the assets folder to the /home/workbench/.workbench directory in the Docker container and provides paths to the key and certificate:
    ./start_workbench.sh -IMAGE_NAME openvino/workbench \
    -ASSETS_DIR <full_path_to_assets>/assets \
    -SSL_CERT <full_path_to_assets>/assets/certificate.pem \
    -SSL_KEY <full_path_to_assets>/assets/key.pem \
    -SSL_VERIFY off

    NOTE: Replace the placeholders in angle brackets the full path to the assets folder.

    When installing from the OpenVINO™ package:
  1. Open a terminal in the DL Workbench folder. The path to the folder is
    /<path_to_installed_package>/deployment_tools/tools/workbench.
  2. Run the Docker container with the command that provides key and certificate paths:
    ./scripts/start_workbench.sh -IMAGE_NAME workbench \
    -SSL_CERT /home/workbench/.workbench/certificate.pem \
    -SSL_KEY /home/workbench/.workbench/key.pem \
    -SSL_VERIFY off

Trusted Certificate on Windows*

  1. Open a terminal and create the workbench_volume volume:
    docker volume create workbench_volume
  2. Put your trusted key and certificate in the workbench_volume volume:
    docker run --rm -v workbench_volume:/data -v <full_path_to_certificates_folder>:/cert_data busybox sh -c "cp /cert_data/key.pem /data && cp /cert_data/certificate.pem /data && chown -R 5665 /data"
  3. Run the Docker container with the command that mounts the workbench_volume volume to the /home/workbench/.workbench directory in the Docker container and provide key and certificate paths:
    docker run -p 127.0.0.1:5665:5665 `
    --name workbench `
    --volume workbench_volume:/home/workbench/.workbench `
    -e SSL_CERT=/home/workbench/.workbench/certificate.pem `
    -e SSL_KEY=/home/workbench/.workbench/key.pem `
    -it openvino/workbench:latest

Self-Signed Certificate on Windows

Step 1. Open a terminal, create the workbench directory and go to this directory:

mkdir workbench
cd workbench

Step 2. Generate a self-signed certificate for non-production purposes in the workbench folder:

openssl req -newkey rsa:4096 -nodes -keyout workbench/key.pem -x509 -days 365 -out workbench/certificate.pem

Step 3. Create the workbench_volume volume:

docker volume create workbench_volume

Step 4. Put your self-signed key and certificate in the workbench_volume volume:

docker run --rm -v workbench_volume:/data -v <full_path_to_certificates_folder>:/cert_data busybox sh -c "cp /cert_data/key.pem /data && cp /cert_data/certificate.pem /data && chown -R 5665 /data"

Step 5. Run the Docker container with the command that mounts the workbench_volume volume to the /home/workbench/.workbench directory in the Docker container and provide key and certificate paths:

docker run -p 127.0.0.1:5665:5665 `
--name workbench `
--volume workbench_volume:/home/workbench/.workbench `
-e SSL_CERT=/home/workbench/.workbench/certificate.pem `
-e SSL_KEY=/home/workbench/.workbench/key.pem `
-e SSL_VERIFY off
-it openvino/workbench:latest

Trusted Certificate on macOS*

  1. In the home directory, create the assets folder with read, write, and execute permissions:
    mkdir -p -m 777 assets
  2. Put your trusted key and certificate in the assets folder.
  3. Run the Docker container with the command that mounts the assets folder to the /home/workbench/.workbench directory in the Docker container:
    docker run -p 127.0.0.1:5665:5665 \
    --name workbench \
    --volume /home/assets:/home/workbench/.workbench \
    -it openvino/workbench:latest \
    -e ASSETS_DIR home/assets \
    -e SSL_CERT certificate.pem \
    -e SSL_KEY key.pem

Self-Signed Certificate on macOS

  1. In the home directory, create the assets folder with read, write, and execute permissions:
    mkdir -p -m 777 assets
  2. Generate a self-signed certificate for non-production purposes in the workbench folder:
    openssl req -newkey rsa:4096 -nodes -keyout workbench/key.pem -x509 -days 365 -out workbench/certificate.pem
  3. Run the Docker container with the command that mounts the assets folder to the /home/workbench/.workbench directory in the Docker container:
    docker run -p 127.0.0.1:5665:5665 \
    --name workbench \
    --volume /home/assets:/home/workbench/.workbench \
    -it openvino/workbench:latest \
    -e ASSETS_DIR home/assets \
    -e SSL_CERT certificate.pem \
    -e SSL_KEY key.pem \
    -e SSL_VERIFY off

See Also