Get rid of SSL errors with Jupyter Notebooks
Problem
I find it very annoying to see the error/warning “Your connection is not private” when I connect to my jupyter notebook everytime I start a new session. I always need a couple of extra clicks to go to my notebook. If you want to solve this problem then this howto is for you.
Disclaimer
Do not use this method for production systems. This method is more suited for datascientist who need quick and dirty jupyter notebooks for testing their ideas and models. For production systems use valid CA’s or use letsencrypt.
The Situation
Let me sketch my situation first. I have a custom build deep learning pc with ubuntu (19.10) installed on it. My jupyter notebook runs on this ubuntu machine which is hosted in my own home network. I also keep track of my home public IP address with dynamic dns so I can remotely connect to my jupyter notebooks from internet. I connect to this jupyter notebook via my macbook pro most of the time. Sometimes within my own home network (with a local ip) and sometimes from a remote location with my dynamic dns (DDNS) hostname.
1) Install openssl if it is not done already.
On my ubuntu system it was already installed. If not you can install it with command:
sudo apt install openssl
2) Adapt host file on your macbook
Certificates work with fully qualified domain names (FQDN)like for example www.amazon.com and not with IP addresses. As we want to establish this on our local network we need to edit our host file on our macbook. If your already have a hostname provided for your your Deep Learning Machine you can use this name. My hostname = deeplearn and its ip = 192.168.1.20
Adapt your host file on your macbook from your terminal with vi or nano like this:
sudo vi /etc/hosts
And add this line to this file:
192.168.1.20 deeplearn.local
Now you can test this hostname by pinging:
ping deeplearn.local
3) Generate private key and self signed certificate
Now we will generate our private key and our certificate on our deep learning machine. Create a directory .ssl in your home directory so we can keep the files in this new created directory:
mkdir ~/.ssl
cd ~/.ssl
As we want to match our host from internet (ddns hostname+domain = deeplearn.chickenkiller.com) and from our local network (deeplearn.local) we need to add both names to the distinguished_name fields with:
subjectAltName=DNS:deeplearn.local,DNS:deeplearn.chickenkiller.com
Our command to create this will be:
openssl req -x509 -out deeplearn.crt -days 365 \
-keyout deeplearn.key -newkey rsa:2048 -nodes -sha256 \
-subj ‘/CN=deeplearn.local’ -extensions EXT -config <( \
printf “[dn]\nCN=deeplearn.local\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:deeplearn.local,DNS:deeplearn.chickenkiller.com\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth”)
For jupyter notebook we also need a different formatted certificate (PEM insted of CRT). The way to do this is by this command:
openssl x509 -in deeplearn.crt -out deeplearn.pem -outform PEM
Now you will have 3 files in your .ssl directory:
deeplearn.crt
deeplearn.key
deeplearn.pem
4) Install the certificate on your macbook
Download the certificate deeplearn.crt to your macbook. Open the file with Finder and doubleclick it. You will see this window:
Make sure that “System” has been selected in the Keychain dropdown menu and click Add. Now you need to give your mac credentials and your certificate will be added to your root certificates.
Now open “Keychain Access” app via Launchpad and click on the “System” keychain on the left side and find your certificate:
Double click on this certificate and unfold the “Trust” triangle. It will look like this:
From the drop down menu of “When using this certificate” menu select “Always Trust” and close the window. It will ask again for your mac credentials. Now your certificate is trusted by your macos.
5) Let Jupyter Notebook use this certificate
You can now easily test your setup by running a jupyter notebook with this newly created certificate:
jupyter notebook --certfile=~/.ssl/deeplearn.pem --keyfile=~/.ssl/deeplearn.key
Now test from your macbook if you get any errors on the certificate by directing your browser to the notebooks url (like https://deeplearn.local:8888). It should work. If it works then you can adapt you jupyter config file so you don’t need to give these paramaters after each new jupyter command:
vi ~/.jupyter/jupyter_notebook_config.py
and make sure that these 2 lines point to the correct certificate files:
c.NotebookApp.certfile = ‘/home/your_username/.ssl/deeplearn.pem’
c.NotebookApp.keyfile = ‘/home/your_username/.ssl/deeplearn.key’
Make sure that your_username above is your username on the deep learning machine. Now you can open jupyter notebook by executing the command:
jupyter notebook
If you can’t find the config file above it means it was never created. You can create one with the following command:
jupyter notebook --generate-config
After this command you can adapt the config as described.