diff options
author | Teravus Ovares | 2008-09-14 18:39:17 +0000 |
---|---|---|
committer | Teravus Ovares | 2008-09-14 18:39:17 +0000 |
commit | dbbbec48dfbc51f30953d8a46f4fc8f192bd277c (patch) | |
tree | 218f93b95724e8bdc9a9c6e986268f2101c1eb6e /share/junkCA | |
parent | Added some further clipping to color- and alpha-values. (diff) | |
download | opensim-SC-dbbbec48dfbc51f30953d8a46f4fc8f192bd277c.zip opensim-SC-dbbbec48dfbc51f30953d8a46f4fc8f192bd277c.tar.gz opensim-SC-dbbbec48dfbc51f30953d8a46f4fc8f192bd277c.tar.bz2 opensim-SC-dbbbec48dfbc51f30953d8a46f4fc8f192bd277c.tar.xz |
* This update makes configuring SSL a little easier on Windows XP. It also makes it possible to run a HTTPS server on the region. It also has a junk Certification authority for test purposes.
* There are still a lot of things that are hard coded to use http. They need to be fixed.
* Also includes directions
* A standard junk PEM file to append to app_settings/CA.pem in the client so SSL will work
Diffstat (limited to '')
-rw-r--r-- | share/junkCA/CA.crt | 30 | ||||
-rw-r--r-- | share/junkCA/CA.key | 27 | ||||
-rw-r--r-- | share/junkCA/CA.srl | 1 | ||||
-rw-r--r-- | share/junkCA/CA2.pem | 30 | ||||
-rw-r--r-- | share/junkCA/Certificate commands OpenSSL.txt | 82 | ||||
-rw-r--r-- | share/junkCA/This Folder contains Junk CA files and directions for signing with it. Comply with Export laws! | 1 |
6 files changed, 171 insertions, 0 deletions
diff --git a/share/junkCA/CA.crt b/share/junkCA/CA.crt new file mode 100644 index 0000000..8e2f099 --- /dev/null +++ b/share/junkCA/CA.crt | |||
@@ -0,0 +1,30 @@ | |||
1 | -----BEGIN CERTIFICATE----- | ||
2 | MIIFJzCCBA+gAwIBAgIJAK3s6O4dAEQSMA0GCSqGSIb3DQEBBQUAMIG9MQswCQYD | ||
3 | VQQGEwJVUzEUMBIGA1UECBMLTXVsdGktc3RhdGUxEzARBgNVBAcTCm11bHRpLWNp | ||
4 | dHkxJTAjBgNVBAoTHE9wZW5TaW11bGF0b3IgRGV2IERPTlQgVFJVU1QxEzARBgNV | ||
5 | BAsTCkRPTlQgVFJVU1QxJTAjBgNVBAMTHE9wZW5TaW11bGF0b3IgRGV2IERPTlQg | ||
6 | VFJVU1QxIDAeBgkqhkiG9w0BCQEWEXRlcmF2dXNAZ21haWwuY29tMB4XDTA4MDkx | ||
7 | MjE2MTEwNVoXDTE4MDgxMTE2MTEwNVowgb0xCzAJBgNVBAYTAlVTMRQwEgYDVQQI | ||
8 | EwtNdWx0aS1zdGF0ZTETMBEGA1UEBxMKbXVsdGktY2l0eTElMCMGA1UEChMcT3Bl | ||
9 | blNpbXVsYXRvciBEZXYgRE9OVCBUUlVTVDETMBEGA1UECxMKRE9OVCBUUlVTVDEl | ||
10 | MCMGA1UEAxMcT3BlblNpbXVsYXRvciBEZXYgRE9OVCBUUlVTVDEgMB4GCSqGSIb3 | ||
11 | DQEJARYRdGVyYXZ1c0BnbWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw | ||
12 | ggEKAoIBAQCwpTIw01Y6Lg7INnmDp9KHLC1p0Udg4Y9Ux232zd2tOTpjF7QnlHIO | ||
13 | GKg8jE6SiaV4NPC9nRqgVCOMa6H7crbr/IrXcTUq0ZYyIG07ZkbUb+4aNNJLh/vq | ||
14 | xHj0kXfRKGxq1QzjmNO7kfCzR4vQudI4F/Hw6HL2vIqRI3sNepn+j3VKCILyTLQP | ||
15 | b0mJi6EfRizqLtIgQwaaMN3AgZWF8rAANNLerzkYLM7+uT5sQYX/sGPi16x/NgFr | ||
16 | UfCI6Ag2Sbufj8VOOp08kDwVZNq7Vr44y+l1gJySPnLMbBrTb/erc+UJv4xgVsRI | ||
17 | opMKP/DG+z3eRbxKcPZ0hpPWJS4JhG0bAgMBAAGjggEmMIIBIjAdBgNVHQ4EFgQU | ||
18 | u0ZSqD+MrxiuSy0IsX5Iye8lHZswgfIGA1UdIwSB6jCB54AUu0ZSqD+MrxiuSy0I | ||
19 | sX5Iye8lHZuhgcOkgcAwgb0xCzAJBgNVBAYTAlVTMRQwEgYDVQQIEwtNdWx0aS1z | ||
20 | dGF0ZTETMBEGA1UEBxMKbXVsdGktY2l0eTElMCMGA1UEChMcT3BlblNpbXVsYXRv | ||
21 | ciBEZXYgRE9OVCBUUlVTVDETMBEGA1UECxMKRE9OVCBUUlVTVDElMCMGA1UEAxMc | ||
22 | T3BlblNpbXVsYXRvciBEZXYgRE9OVCBUUlVTVDEgMB4GCSqGSIb3DQEJARYRdGVy | ||
23 | YXZ1c0BnbWFpbC5jb22CCQCt7OjuHQBEEjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3 | ||
24 | DQEBBQUAA4IBAQAaI69OZmjTVcZxtWLASB9nv3WNEOxJW+aBjseUhyM4H9pJ5bkh | ||
25 | MmgiG9JgnBUpNzL3/1EV2Ud8ZCBy7JxhvwWnJMjxJL67US16sKpCLVvNAD2pCZ6f | ||
26 | iaT/qorLYP/yJ7OieYmAh5lZsvG8xJM44ZZyvtYEVBB+qZw1gHkb4hhf3roUCV67 | ||
27 | aHMDRRolWyWm6weid7wTWz38QfRohVWidH9CPwubG7K4zPrDpBJAZV1cKra1YTrM | ||
28 | eje1GuIyHzpIAAYP5z1hgI9p/0oTrWnG7w7Ydkpm9lu50WMt1DScsYnh0MhW/uas | ||
29 | e24cQsvz0m9PZlfAsJQeX6pbqlJppoX+XeVC | ||
30 | -----END CERTIFICATE----- | ||
diff --git a/share/junkCA/CA.key b/share/junkCA/CA.key new file mode 100644 index 0000000..59a7a5e --- /dev/null +++ b/share/junkCA/CA.key | |||
@@ -0,0 +1,27 @@ | |||
1 | -----BEGIN RSA PRIVATE KEY----- | ||
2 | MIIEowIBAAKCAQEAsKUyMNNWOi4OyDZ5g6fShywtadFHYOGPVMdt9s3drTk6Yxe0 | ||
3 | J5RyDhioPIxOkomleDTwvZ0aoFQjjGuh+3K26/yK13E1KtGWMiBtO2ZG1G/uGjTS | ||
4 | S4f76sR49JF30ShsatUM45jTu5Hws0eL0LnSOBfx8Ohy9ryKkSN7DXqZ/o91SgiC | ||
5 | 8ky0D29JiYuhH0Ys6i7SIEMGmjDdwIGVhfKwADTS3q85GCzO/rk+bEGF/7Bj4tes | ||
6 | fzYBa1HwiOgINkm7n4/FTjqdPJA8FWTau1a+OMvpdYCckj5yzGwa02/3q3PlCb+M | ||
7 | YFbESKKTCj/wxvs93kW8SnD2dIaT1iUuCYRtGwIDAQABAoIBAFNoXU+iqodkMgSl | ||
8 | fDEHMCg1WugpMjvzpXsRg8HSqQZfDEu36I/7zvMK/30/fuZAakpdLQNLSERGFlb6 | ||
9 | h4y0ON0q7OAXi1RBjFr05r7yZyVuCI6FPHr/pZrP1JEekuXG4ZJ8MM7S3b8mhPIS | ||
10 | KVmQNEvaOppXF9mbYw5vI25U4pvIljfAKZxkeU7aHb9asrnuBOwLjFRtLDTo13Nc | ||
11 | dHTT3X+G+74mU8rYTV3njAmh9iE+PmDlc2mJckS/0TqpJbZgFueCCBIK5iJSc7lO | ||
12 | +DFFgRcouvnCdZW9fp6/8Hz4FGa2TX6jsYj/H1dGWELioUOoBwkdqFP9JaBvd7ni | ||
13 | Nx2PObkCgYEA31rYJJ5jUiosf1I894MuEg2HWosXd0pVAPW3QjHdx7oiVUBRS5ZB | ||
14 | YAOy5zeleLckfWKJiE4z/5CMdsEM/Q9F0X2xg3TDhxUM7A4px0AXAsbyJT7AcE0O | ||
15 | kZBZjhluIF8O3Lic/LqzT39KgG35zvvd+H42Je1WvsCLSREL1MQDwCUCgYEAynak | ||
16 | x41uazl5UaDwL+mahIVW+n/Bko3e9BhD7ZRkLI2+R7y180Fw7dMmnxG/jVw7hotk | ||
17 | Ylx3Oa+JjnEplxTd1TShnP1aQ0nhnxnhS9EbIW8SjsazeK8V8zezJ54uZziVedgg | ||
18 | x/ISvQM0yPbvkrSo4mQEjl3q4DjmIyg5Nx+cVD8CgYBGD0vPKLOE2V+9zED9bnNs | ||
19 | DDxRxWFl9LX3KBwEsnmbpaIRVaxqZkY5ZM+gQU8xL1lNzzPOwqEC4Ad/VIzLcBf5 | ||
20 | X1DoKB8Q5yR3gvXN3yeYomjgD+/zCeiw9jNxJD7r/oU97NapW7LVE9t9r4F1UIHO | ||
21 | 6V/4w5q7GNBX6fXpFlcK1QKBgQCYNbYP5/4ZUm4otiucea0W7//B94YZndr9+7gl | ||
22 | xqfA7xcca30G0i4KPfINKJSvu6VssyLW59kiXxu1INI5qRBVF2pg0f+oEsUyjYxZ | ||
23 | KW2SJyT2fd+zXT3NShTANiWAqIOHxLpwV0dLHjvy0eKukm9dNABQ376Sr3Qk/jp1 | ||
24 | fKhUlQKBgAj6o2lw0vLOuQmqV08YF/UFWN/TZAcBzDE353fypi16aqY35pYSvUez | ||
25 | 64d1anTTwuq5fLGaQlH0XgGor/XbBqgif8eVyTRdfmA/2YQjwMIFyrWyxLpTiuiO | ||
26 | 0P6lO4B9NCT2N/gDPomdlOfkA2g063C21CPa43lr8lGx8oaQW95W | ||
27 | -----END RSA PRIVATE KEY----- | ||
diff --git a/share/junkCA/CA.srl b/share/junkCA/CA.srl new file mode 100644 index 0000000..ea34835 --- /dev/null +++ b/share/junkCA/CA.srl | |||
@@ -0,0 +1 @@ | |||
F10DF59AD0EE66E0 | |||
diff --git a/share/junkCA/CA2.pem b/share/junkCA/CA2.pem new file mode 100644 index 0000000..8e2f099 --- /dev/null +++ b/share/junkCA/CA2.pem | |||
@@ -0,0 +1,30 @@ | |||
1 | -----BEGIN CERTIFICATE----- | ||
2 | MIIFJzCCBA+gAwIBAgIJAK3s6O4dAEQSMA0GCSqGSIb3DQEBBQUAMIG9MQswCQYD | ||
3 | VQQGEwJVUzEUMBIGA1UECBMLTXVsdGktc3RhdGUxEzARBgNVBAcTCm11bHRpLWNp | ||
4 | dHkxJTAjBgNVBAoTHE9wZW5TaW11bGF0b3IgRGV2IERPTlQgVFJVU1QxEzARBgNV | ||
5 | BAsTCkRPTlQgVFJVU1QxJTAjBgNVBAMTHE9wZW5TaW11bGF0b3IgRGV2IERPTlQg | ||
6 | VFJVU1QxIDAeBgkqhkiG9w0BCQEWEXRlcmF2dXNAZ21haWwuY29tMB4XDTA4MDkx | ||
7 | MjE2MTEwNVoXDTE4MDgxMTE2MTEwNVowgb0xCzAJBgNVBAYTAlVTMRQwEgYDVQQI | ||
8 | EwtNdWx0aS1zdGF0ZTETMBEGA1UEBxMKbXVsdGktY2l0eTElMCMGA1UEChMcT3Bl | ||
9 | blNpbXVsYXRvciBEZXYgRE9OVCBUUlVTVDETMBEGA1UECxMKRE9OVCBUUlVTVDEl | ||
10 | MCMGA1UEAxMcT3BlblNpbXVsYXRvciBEZXYgRE9OVCBUUlVTVDEgMB4GCSqGSIb3 | ||
11 | DQEJARYRdGVyYXZ1c0BnbWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw | ||
12 | ggEKAoIBAQCwpTIw01Y6Lg7INnmDp9KHLC1p0Udg4Y9Ux232zd2tOTpjF7QnlHIO | ||
13 | GKg8jE6SiaV4NPC9nRqgVCOMa6H7crbr/IrXcTUq0ZYyIG07ZkbUb+4aNNJLh/vq | ||
14 | xHj0kXfRKGxq1QzjmNO7kfCzR4vQudI4F/Hw6HL2vIqRI3sNepn+j3VKCILyTLQP | ||
15 | b0mJi6EfRizqLtIgQwaaMN3AgZWF8rAANNLerzkYLM7+uT5sQYX/sGPi16x/NgFr | ||
16 | UfCI6Ag2Sbufj8VOOp08kDwVZNq7Vr44y+l1gJySPnLMbBrTb/erc+UJv4xgVsRI | ||
17 | opMKP/DG+z3eRbxKcPZ0hpPWJS4JhG0bAgMBAAGjggEmMIIBIjAdBgNVHQ4EFgQU | ||
18 | u0ZSqD+MrxiuSy0IsX5Iye8lHZswgfIGA1UdIwSB6jCB54AUu0ZSqD+MrxiuSy0I | ||
19 | sX5Iye8lHZuhgcOkgcAwgb0xCzAJBgNVBAYTAlVTMRQwEgYDVQQIEwtNdWx0aS1z | ||
20 | dGF0ZTETMBEGA1UEBxMKbXVsdGktY2l0eTElMCMGA1UEChMcT3BlblNpbXVsYXRv | ||
21 | ciBEZXYgRE9OVCBUUlVTVDETMBEGA1UECxMKRE9OVCBUUlVTVDElMCMGA1UEAxMc | ||
22 | T3BlblNpbXVsYXRvciBEZXYgRE9OVCBUUlVTVDEgMB4GCSqGSIb3DQEJARYRdGVy | ||
23 | YXZ1c0BnbWFpbC5jb22CCQCt7OjuHQBEEjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3 | ||
24 | DQEBBQUAA4IBAQAaI69OZmjTVcZxtWLASB9nv3WNEOxJW+aBjseUhyM4H9pJ5bkh | ||
25 | MmgiG9JgnBUpNzL3/1EV2Ud8ZCBy7JxhvwWnJMjxJL67US16sKpCLVvNAD2pCZ6f | ||
26 | iaT/qorLYP/yJ7OieYmAh5lZsvG8xJM44ZZyvtYEVBB+qZw1gHkb4hhf3roUCV67 | ||
27 | aHMDRRolWyWm6weid7wTWz38QfRohVWidH9CPwubG7K4zPrDpBJAZV1cKra1YTrM | ||
28 | eje1GuIyHzpIAAYP5z1hgI9p/0oTrWnG7w7Ydkpm9lu50WMt1DScsYnh0MhW/uas | ||
29 | e24cQsvz0m9PZlfAsJQeX6pbqlJppoX+XeVC | ||
30 | -----END CERTIFICATE----- | ||
diff --git a/share/junkCA/Certificate commands OpenSSL.txt b/share/junkCA/Certificate commands OpenSSL.txt new file mode 100644 index 0000000..0167ee1 --- /dev/null +++ b/share/junkCA/Certificate commands OpenSSL.txt | |||
@@ -0,0 +1,82 @@ | |||
1 | To generate a cert request and sign it with the JunkCA | ||
2 | |||
3 | REMEMBER TO APPEND THE CA2.pem file to the bottom of the app_settings/CA.pem in the Linden client folders or you won't be able to connect! | ||
4 | |||
5 | Generate a Host Key: | ||
6 | openssl genrsa -out host.key 2048 | ||
7 | |||
8 | Generate a Certificate signing request with *OpenSSL*: | ||
9 | openssl req -new -nodes -key host.key -out host.csr | ||
10 | When prompted for: 'Common Name (eg, YOUR name) []:', please type the domain name that this certificate will be used on. | ||
11 | |||
12 | Or you could; | ||
13 | |||
14 | Generate a Certificate request with the *IIS Snapin*: | ||
15 | Go to Control Panel ---> Administrative tools ---> Internet Information Services | ||
16 | Pick a web site on your server. | ||
17 | right click, choose properties from the context menu | ||
18 | Go to the Directory Security tab | ||
19 | Click On the 'Server Certificate...' button | ||
20 | Click 'Prepare the request now, but send it later' and then follow the wizard. | ||
21 | Be sure to type the common name as the domain name that you will be servicing. www.osgrid.org or whatever server will be using this cert | ||
22 | |||
23 | Sign the certificate request with the junkCA; | ||
24 | openssl x509 -req -days 3620 -CA CA.crt -CAkey CA.key -CAcreateserial -in host.csr -out signed.cer | ||
25 | |||
26 | Import it into your MY store on windows. | ||
27 | |||
28 | If you used OpenSSL to generate the certificate; | ||
29 | openssl pkcs12 -export -in server.crt -inkey server.key.unsecure -out server.pfx -name "My Lovely Cert" | ||
30 | server.crt is the signed cert from the CA. | ||
31 | server.key.unsecure is the *unencrypted* private key. | ||
32 | |||
33 | You will be asked for a password, set this if you want. | ||
34 | |||
35 | In Windows, fire up "mmc", add the certificates Snap-in, set it to manage the local computer. Go to personal certificates folder, import server.pfx, enter password if you gave it one earlier. | ||
36 | |||
37 | In IIS, get it to let you choose from currently installed certs. You should now be able to choose the one you just installed. | ||
38 | |||
39 | If you used the IIS Snap-in, | ||
40 | Go to Control Panel ---> Administrative tools ---> Internet Information Services | ||
41 | Pick a web site on your server. | ||
42 | right click, choose properties from the context menu | ||
43 | Go to the Directory Security tab | ||
44 | Click On the 'Server Certificate...' button | ||
45 | Choose the radio button that says, 'Assign an existing certificate' | ||
46 | |||
47 | |||
48 | Mono, you must use httpcfg in the Mono-1.9.1/lib/mono/2.0 folder. | ||
49 | httpcfg -add -port <TYPE HTTPS PORT> -pvk <TYPE PRIVATE KEY FILE> -cert MyCert | ||
50 | |||
51 | After that, make sure to set-up your opensim.ini! | ||
52 | |||
53 | |||
54 | OpenSSL can be found: | ||
55 | http://www.slproweb.com/products/Win32OpenSSL.html | ||
56 | |||
57 | httpcfg.exe for windowsXP can be found: | ||
58 | http://www.microsoft.com/downloads/details.aspx?FamilyID=49ae8576-9bb9-4126-9761-ba8011fabf38&displaylang=en | ||
59 | |||
60 | Windows Vista users need to use netsh http! | ||
61 | |||
62 | --------------------------------------------------- | ||
63 | |||
64 | Additional notes | ||
65 | |||
66 | To create your own CA | ||
67 | |||
68 | openssl genrsa -out yourCA.key 2048 | ||
69 | openssl req -new -key yourCA.key -x509 -days 3620 -out yourCA.crt | ||
70 | |||
71 | and the final step.. (AND THIS IS IMPORTANT) | ||
72 | |||
73 | openssl x509 -in CA.crt -out yourCA.pem -outform PEM | ||
74 | |||
75 | The last step will produce a certificate in the PEM format that you can append to the Linden client's app_settings/CA.pem file | ||
76 | so that it can validate certificates that are generated from your CA. | ||
77 | |||
78 | One last important thing! | ||
79 | |||
80 | All users that connect with linden clients | ||
81 | using SSL NEED the pem file you created in that last step appended to theirs, or their client will give them a weird error about | ||
82 | their clock being wrong! | ||
diff --git a/share/junkCA/This Folder contains Junk CA files and directions for signing with it. Comply with Export laws! b/share/junkCA/This Folder contains Junk CA files and directions for signing with it. Comply with Export laws! new file mode 100644 index 0000000..cab724a --- /dev/null +++ b/share/junkCA/This Folder contains Junk CA files and directions for signing with it. Comply with Export laws! | |||
@@ -0,0 +1 @@ | |||
This Folder contains Junk CA files and directions for signing with it. Comply with Export laws! \ No newline at end of file | |||