1 files changed, 25 insertions, 11 deletions
diff --git a/bin/OpenSimDefaults.ini b/bin/OpenSimDefaults.ini
index 3f8864e..a8566e2 100644
--- a/bin/OpenSimDefaults.ini
+++ b/bin/OpenSimDefaults.ini
@@ -401,7 +401,18 @@
    ; routing and land at the landmark coordinates when set to true
    ; default is false
    ; TelehubAllowLandmark = false
-   
+    ; #
+    ; # SSL certificates validation options
+    ; #
+    
+    ; SSL certificate validation options
+    ; you can allow selfsigned certificates or no official CA with next option set to true
+    ; NoVerifyCertChain = true
+    ; you can also bypass the hostname or domain verification
+    ; NoVerifyCertHostname = true
+    ; having both options true does provide encryption but with low security
+    ; set both true if you don't care to use SSL, they are needed to contact regions or grids that do use it.
    
 [Map]
    ; Map tile options.  
@@ -561,16 +572,18 @@
    http_listener_port = 9000
    console_port = 0
-    ; ssl config: Experimental!  The auto https config only really works definately on windows XP now
+    ; ssl config: Experimental!
-    ; you need a Cert Request/Signed pair installed in the MY store with the CN specified below
+    http_listener_ssl = false ; if set to true main server is replaced by a ssl one
-    ; you can use https on other platforms, but you'll need to configure the httpapi yourself for now
-    http_listener_ssl = false ; Also create a SSL server
-    http_listener_cn = "localhost" ; Use the cert with the common name
    http_listener_sslport = 9001 ; Use this port for SSL connections
-    http_listener_ssl_cert = "" ; Currently unused, but will be used for OSHttpServer
+        ; currently if using ssl, regions ExternalHostName must the the same and equal to http_listener_cn
+        ; this will change is future
-    ; HTTPS for "Out of band" management applications such as the remote 
+    http_listener_cn = "myRegionsExternalHostName"
-    ; admin module
+        ; if the cert doesnt have a oficial CA or is selfsigned viewers option NoVerifySSLCert need to be set true
+    http_listener_cert_path = "mycert.p12" ; path for the cert file that is valid for the ExternalHostName
+        http_listener_cert_pass = "mycertpass" ; the cert passwork
+    ; addicional HTTPS for "Out of band" management applications such as the remote 
+    ; admin module or scripts
    ;
    ; Create https_listener = "True" will create a listener on the port
    ; specified. Provide the path to your server certificate along with it's
@@ -578,7 +591,7 @@
    ; https_listener = False
    ; Set our listener to this port
    ; https_port = 0
-    ; Path to X509 certificate
+    ; Path to X509 certificate, can be the same as main or another
    ; cert_path = "path/to/cert.p12"
    ; Password for cert
    ; cert_pass = "password"
@@ -590,6 +603,7 @@
    ; HttpBodyMaxLenMAX=16384
    ; Hostname to use in llRequestURL/llRequestSecureURL
+        ; must be a valid hostname for the ssl cert.
    ; if not defined - default machine name is being used
    ; (on Windows this mean NETBIOS name - useably only inside local network)
    ; ExternalHostNameForLSL=127.0.0.1

diff --git a/bin/OpenSimDefaults.ini b/bin/OpenSimDefaults.ini index 3f8864e..a8566e2 100644 --- a/bin/OpenSimDefaults.ini +++ b/bin/OpenSimDefaults.ini
@@ -401,7 +401,18 @@
401	; routing and land at the landmark coordinates when set to true	401	; routing and land at the landmark coordinates when set to true
402	; default is false	402	; default is false
403	; TelehubAllowLandmark = false	403	; TelehubAllowLandmark = false
404		404
		405	; #
		406	; # SSL certificates validation options
		407	; #
		408
		409	; SSL certificate validation options
		410	; you can allow selfsigned certificates or no official CA with next option set to true
		411	; NoVerifyCertChain = true
		412	; you can also bypass the hostname or domain verification
		413	; NoVerifyCertHostname = true
		414	; having both options true does provide encryption but with low security
		415	; set both true if you don't care to use SSL, they are needed to contact regions or grids that do use it.
405		416
406	[Map]	417	[Map]
407	; Map tile options.	418	; Map tile options.
@@ -561,16 +572,18 @@
561	http_listener_port = 9000	572	http_listener_port = 9000
562	console_port = 0	573	console_port = 0
563		574
564	; ssl config: Experimental! The auto https config only really works definately on windows XP now	575	; ssl config: Experimental!
565	; you need a Cert Request/Signed pair installed in the MY store with the CN specified below	576	http_listener_ssl = false ; if set to true main server is replaced by a ssl one
566	; you can use https on other platforms, but you'll need to configure the httpapi yourself for now
567	http_listener_ssl = false ; Also create a SSL server
568	http_listener_cn = "localhost" ; Use the cert with the common name
569	http_listener_sslport = 9001 ; Use this port for SSL connections	577	http_listener_sslport = 9001 ; Use this port for SSL connections
570	http_listener_ssl_cert = "" ; Currently unused, but will be used for OSHttpServer	578	; currently if using ssl, regions ExternalHostName must the the same and equal to http_listener_cn
571		579	; this will change is future
572	; HTTPS for "Out of band" management applications such as the remote	580	http_listener_cn = "myRegionsExternalHostName"
573	; admin module	581	; if the cert doesnt have a oficial CA or is selfsigned viewers option NoVerifySSLCert need to be set true
		582	http_listener_cert_path = "mycert.p12" ; path for the cert file that is valid for the ExternalHostName
		583	http_listener_cert_pass = "mycertpass" ; the cert passwork
		584
		585	; addicional HTTPS for "Out of band" management applications such as the remote
		586	; admin module or scripts
574	;	587	;
575	; Create https_listener = "True" will create a listener on the port	588	; Create https_listener = "True" will create a listener on the port
576	; specified. Provide the path to your server certificate along with it's	589	; specified. Provide the path to your server certificate along with it's
@@ -578,7 +591,7 @@
578	; https_listener = False	591	; https_listener = False
579	; Set our listener to this port	592	; Set our listener to this port
580	; https_port = 0	593	; https_port = 0
581	; Path to X509 certificate	594	; Path to X509 certificate, can be the same as main or another
582	; cert_path = "path/to/cert.p12"	595	; cert_path = "path/to/cert.p12"
583	; Password for cert	596	; Password for cert
584	; cert_pass = "password"	597	; cert_pass = "password"
@@ -590,6 +603,7 @@
590	; HttpBodyMaxLenMAX=16384	603	; HttpBodyMaxLenMAX=16384
591		604
592	; Hostname to use in llRequestURL/llRequestSecureURL	605	; Hostname to use in llRequestURL/llRequestSecureURL
		606	; must be a valid hostname for the ssl cert.
593	; if not defined - default machine name is being used	607	; if not defined - default machine name is being used
594	; (on Windows this mean NETBIOS name - useably only inside local network)	608	; (on Windows this mean NETBIOS name - useably only inside local network)
595	; ExternalHostNameForLSL=127.0.0.1	609	; ExternalHostNameForLSL=127.0.0.1