aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
authorTeravus Ovares2008-09-14 18:39:17 +0000
committerTeravus Ovares2008-09-14 18:39:17 +0000
commitdbbbec48dfbc51f30953d8a46f4fc8f192bd277c (patch)
tree218f93b95724e8bdc9a9c6e986268f2101c1eb6e
parentAdded some further clipping to color- and alpha-values. (diff)
downloadopensim-SC_OLD-dbbbec48dfbc51f30953d8a46f4fc8f192bd277c.zip
opensim-SC_OLD-dbbbec48dfbc51f30953d8a46f4fc8f192bd277c.tar.gz
opensim-SC_OLD-dbbbec48dfbc51f30953d8a46f4fc8f192bd277c.tar.bz2
opensim-SC_OLD-dbbbec48dfbc51f30953d8a46f4fc8f192bd277c.tar.xz
* This update makes configuring SSL a little easier on Windows XP. It also makes it possible to run a HTTPS server on the region. It also has a junk Certification authority for test purposes.
* There are still a lot of things that are hard coded to use http. They need to be fixed. * Also includes directions * A standard junk PEM file to append to app_settings/CA.pem in the client so SSL will work
-rw-r--r--OpenSim/Framework/NetworkServersInfo.cs7
-rw-r--r--OpenSim/Framework/Servers/BaseHttpServer.cs129
-rw-r--r--OpenSim/Region/ClientStack/RegionApplicationBase.cs7
-rw-r--r--OpenSim/Region/Environment/Modules/InterGrid/OpenGridProtocolModule.cs57
-rw-r--r--bin/OpenSim.ini.example9
-rw-r--r--share/junkCA/CA.crt30
-rw-r--r--share/junkCA/CA.key27
-rw-r--r--share/junkCA/CA.srl1
-rw-r--r--share/junkCA/CA2.pem30
-rw-r--r--share/junkCA/Certificate commands OpenSSL.txt82
-rw-r--r--share/junkCA/This Folder contains Junk CA files and directions for signing with it. Comply with Export laws!1
11 files changed, 373 insertions, 7 deletions
diff --git a/OpenSim/Framework/NetworkServersInfo.cs b/OpenSim/Framework/NetworkServersInfo.cs
index 43ec11e..9f3014d 100644
--- a/OpenSim/Framework/NetworkServersInfo.cs
+++ b/OpenSim/Framework/NetworkServersInfo.cs
@@ -49,6 +49,9 @@ namespace OpenSim.Framework
49 public string UserRecvKey = String.Empty; 49 public string UserRecvKey = String.Empty;
50 public string UserSendKey = String.Empty; 50 public string UserSendKey = String.Empty;
51 public string UserURL = String.Empty; 51 public string UserURL = String.Empty;
52 public bool HttpUsesSSL = false;
53 public string HttpSSLCN = "";
54 public uint httpSSLPort = 9001;
52 55
53 56
54 public NetworkServersInfo() 57 public NetworkServersInfo()
@@ -78,6 +81,10 @@ namespace OpenSim.Framework
78 81
79 HttpListenerPort = 82 HttpListenerPort =
80 (uint) config.Configs["Network"].GetInt("http_listener_port", (int) DefaultHttpListenerPort); 83 (uint) config.Configs["Network"].GetInt("http_listener_port", (int) DefaultHttpListenerPort);
84 httpSSLPort =
85 (uint)config.Configs["Network"].GetInt("http_listener_sslport", ((int)DefaultHttpListenerPort+1));
86 HttpUsesSSL = config.Configs["Network"].GetBoolean("http_listener_ssl", false);
87 HttpSSLCN = config.Configs["Network"].GetString("http_listener_cn", "");
81 RemotingListenerPort = 88 RemotingListenerPort =
82 (uint) config.Configs["Network"].GetInt("remoting_listener_port", (int) RemotingListenerPort); 89 (uint) config.Configs["Network"].GetInt("remoting_listener_port", (int) RemotingListenerPort);
83 GridURL = 90 GridURL =
diff --git a/OpenSim/Framework/Servers/BaseHttpServer.cs b/OpenSim/Framework/Servers/BaseHttpServer.cs
index 181eb92..6cf6744 100644
--- a/OpenSim/Framework/Servers/BaseHttpServer.cs
+++ b/OpenSim/Framework/Servers/BaseHttpServer.cs
@@ -26,12 +26,14 @@
26 */ 26 */
27 27
28using System; 28using System;
29using System.Diagnostics;
29using System.Collections; 30using System.Collections;
30using System.Collections.Generic; 31using System.Collections.Generic;
31using System.IO; 32using System.IO;
32using System.Net; 33using System.Net;
33using System.Net.Sockets; 34using System.Net.Sockets;
34using System.Reflection; 35using System.Reflection;
36using System.Security.Cryptography.X509Certificates;
35using System.Text; 37using System.Text;
36using System.Threading; 38using System.Threading;
37using System.Xml; 39using System.Xml;
@@ -39,6 +41,7 @@ using OpenMetaverse.StructuredData;
39using log4net; 41using log4net;
40using Nwc.XmlRpc; 42using Nwc.XmlRpc;
41 43
44
42namespace OpenSim.Framework.Servers 45namespace OpenSim.Framework.Servers
43{ 46{
44 public class BaseHttpServer 47 public class BaseHttpServer
@@ -55,9 +58,14 @@ namespace OpenSim.Framework.Servers
55 protected Dictionary<string, IHttpAgentHandler> m_agentHandlers = new Dictionary<string, IHttpAgentHandler>(); 58 protected Dictionary<string, IHttpAgentHandler> m_agentHandlers = new Dictionary<string, IHttpAgentHandler>();
56 59
57 protected uint m_port; 60 protected uint m_port;
61 protected uint m_sslport;
58 protected bool m_ssl = false; 62 protected bool m_ssl = false;
59 protected bool m_firstcaps = true; 63 protected bool m_firstcaps = true;
60 64
65 public uint SSLPort
66 {
67 get { return m_sslport; }
68 }
61 public uint Port 69 public uint Port
62 { 70 {
63 get { return m_port; } 71 get { return m_port; }
@@ -72,8 +80,124 @@ namespace OpenSim.Framework.Servers
72 { 80 {
73 m_ssl = ssl; 81 m_ssl = ssl;
74 m_port = port; 82 m_port = port;
83
84 }
85
86 public BaseHttpServer(uint port, bool ssl, uint sslport, string CN)
87 {
88 m_ssl = ssl;
89 m_port = port;
90 if (m_ssl)
91 {
92 bool result = SetupSsl((int)sslport, CN);
93 m_sslport = sslport;
94 }
95 }
96
97
98
99 public bool SetupSsl(int port, string CN)
100 {
101 string searchCN = Environment.MachineName.ToUpper();
102
103 if (CN.Length > 0)
104 searchCN = CN.ToUpper();
105
106 Type t = Type.GetType("Mono.Runtime");
107 if (t != null)
108 {
109 // TODO Mono User Friendly HTTPS setup
110 // if this doesn't exist, then mono people can still manually use httpcfg
111 }
112 else
113 {
114 // Windows.
115 // Search through the store for a certificate with a Common name specified in OpenSim.ini.
116 // We need to find it's hash so we can pass it to httpcfg
117 X509Store store = new X509Store(StoreLocation.LocalMachine);
118 //Use the first cert to configure Ssl
119 store.Open(OpenFlags.ReadOnly);
120 //Assumption is we have certs. If not then this call will fail :(
121 try
122 {
123 bool found = false;
124 //X509Certificate2.CreateFromCertFile("testCert.cer");
125
126 foreach (X509Certificate2 cert in store.Certificates)
127 {
128 String certHash = cert.GetCertHashString();
129 //Only install certs issued for the machine and has the name as the machine name
130 if (cert.Subject.ToUpper().IndexOf(searchCN) >= 0)
131 {
132 string httpcfgparams = String.Format("set ssl -i 0.0.0.0:{1} -c \"MY\" -h {0}", certHash, port);
133 try
134 {
135 found = true;
136
137 ExecuteHttpcfgCommand(httpcfgparams);
138
139 break;
140 }
141 catch (Exception e)
142 {
143 m_log.WarnFormat("[HTTPS]: Automatic HTTPS setup failed. Do you have httpcfg.exe in your path? If not, you can download it in the windowsXP Service Pack 2 Support Tools, here: http://www.microsoft.com/downloads/details.aspx?FamilyID=49ae8576-9bb9-4126-9761-ba8011fabf38&displaylang=en. When you get it installed type, httpcfg {0}", httpcfgparams);
144 return false;
145 }
146 }
147 }
148
149 if (!found)
150 {
151 m_log.WarnFormat("[HTTPS]: We didn't find a certificate that matched the common name {0}. Automatic HTTPS setup failed, you may have certificate errors. To fix this, make sure you generate a certificate request(CSR) using OpenSSL or the IIS snap-in with the common name you specified in opensim.ini. Then get it signed by a certification authority or sign it yourself with OpenSSL and the junkCA. Finally, be sure to import the cert to the 'MY' store(StoreLocation.LocalMachine)", searchCN);
152 return false;
153 }
154
155 }
156 catch (Exception e)
157 {
158 m_log.WarnFormat("[HTTPS]: We didn't any certificates in your LocalMachine certificate store. Automatic HTTPS setup failed, you may have certificate errors. To fix this, make sure you generate a certificate request(CSR) using OpenSSL or the IIS snap-inwith the common name you specified in opensim.ini. Then get it signed by a certification authority or sign it yourself with OpenSSL and the junkCA. Finally, be sure to import the cert to the 'MY' store(StoreLocation.LocalMachine). The configured common name is {0}", searchCN);
159 return false;
160 }
161 finally
162 {
163 if (store != null)
164 {
165 store.Close();
166 }
167 }
168 }
169 return true;
75 } 170 }
76 171
172 private void ExecuteHttpcfgCommand(string p)
173 {
174
175 string file = "httpcfg";
176
177 ProcessStartInfo info = new ProcessStartInfo(file, p);
178 // Redirect output so we can read it.
179 info.RedirectStandardOutput = true;
180 // To redirect, we must not use shell execute.
181 info.UseShellExecute = false;
182
183 // Create and execute the process.
184 Process httpcfgprocess = Process.Start(info);
185 httpcfgprocess.Start();
186 string result = httpcfgprocess.StandardOutput.ReadToEnd();
187 if (result.Contains("HttpSetServiceConfiguration completed with"))
188 {
189 //success
190
191 }
192 else
193 {
194 //fail
195 m_log.WarnFormat("[HTTPS]:Error binding certificate with the requested port. Message:{0}", result);
196 }
197
198 }
199
200
77 /// <summary> 201 /// <summary>
78 /// Add a stream handler to the http server. If the handler already exists, then nothing happens. 202 /// Add a stream handler to the http server. If the handler already exists, then nothing happens.
79 /// </summary> 203 /// </summary>
@@ -907,7 +1031,8 @@ namespace OpenSim.Framework.Servers
907 } 1031 }
908 else 1032 else
909 { 1033 {
910 m_httpListener.Prefixes.Add("https://+:" + m_port + "/"); 1034 m_httpListener.Prefixes.Add("https://+:" + (m_sslport) + "/");
1035 m_httpListener.Prefixes.Add("http://+:" + m_port + "/");
911 } 1036 }
912 m_httpListener.Start(); 1037 m_httpListener.Start();
913 1038
@@ -921,7 +1046,7 @@ namespace OpenSim.Framework.Servers
921 catch (Exception e) 1046 catch (Exception e)
922 { 1047 {
923 m_log.Warn("[HTTPD]: Error - " + e.Message); 1048 m_log.Warn("[HTTPD]: Error - " + e.Message);
924 m_log.Warn("Tip: Do you have permission to listen on port " + m_port + "?"); 1049 m_log.Warn("Tip: Do you have permission to listen on port " + m_port + "," + m_sslport + "?");
925 } 1050 }
926 } 1051 }
927 1052
diff --git a/OpenSim/Region/ClientStack/RegionApplicationBase.cs b/OpenSim/Region/ClientStack/RegionApplicationBase.cs
index 8bb35c1..469c084 100644
--- a/OpenSim/Region/ClientStack/RegionApplicationBase.cs
+++ b/OpenSim/Region/ClientStack/RegionApplicationBase.cs
@@ -81,7 +81,12 @@ namespace OpenSim.Region.ClientStack
81 81
82 Initialize(); 82 Initialize();
83 83
84 m_httpServer = new BaseHttpServer(m_httpServerPort); 84 m_httpServer = new BaseHttpServer(m_httpServerPort,m_networkServersInfo.HttpUsesSSL,m_networkServersInfo.httpSSLPort, m_networkServersInfo.HttpSSLCN);
85 if (m_networkServersInfo.HttpUsesSSL && (m_networkServersInfo.HttpListenerPort == m_networkServersInfo.httpSSLPort))
86 {
87 m_log.Error("[HTTP]: HTTP Server config failed. HTTP Server and HTTPS server must be on different ports");
88 }
89
85 90
86 m_log.Info("[REGION]: Starting HTTP server"); 91 m_log.Info("[REGION]: Starting HTTP server");
87 92
diff --git a/OpenSim/Region/Environment/Modules/InterGrid/OpenGridProtocolModule.cs b/OpenSim/Region/Environment/Modules/InterGrid/OpenGridProtocolModule.cs
index 6e37b95..68f35e8 100644
--- a/OpenSim/Region/Environment/Modules/InterGrid/OpenGridProtocolModule.cs
+++ b/OpenSim/Region/Environment/Modules/InterGrid/OpenGridProtocolModule.cs
@@ -86,6 +86,9 @@ namespace OpenSim.Region.Environment.Modules.InterGrid
86 private Dictionary<UUID, OGPState> m_OGPState = new Dictionary<UUID, OGPState>(); 86 private Dictionary<UUID, OGPState> m_OGPState = new Dictionary<UUID, OGPState>();
87 private string LastNameSuffix = "_EXTERNAL"; 87 private string LastNameSuffix = "_EXTERNAL";
88 private string FirstNamePrefix = ""; 88 private string FirstNamePrefix = "";
89 private string httpsCN = "";
90 private bool httpSSL = false;
91 private uint httpsslport = 0;
89 92
90 #region IRegionModule Members 93 #region IRegionModule Members
91 94
@@ -93,6 +96,7 @@ namespace OpenSim.Region.Environment.Modules.InterGrid
93 { 96 {
94 bool enabled = false; 97 bool enabled = false;
95 IConfig cfg = null; 98 IConfig cfg = null;
99 IConfig httpcfg = null;
96 try 100 try
97 { 101 {
98 cfg = config.Configs["OpenGridProtocol"]; 102 cfg = config.Configs["OpenGridProtocol"];
@@ -100,6 +104,16 @@ namespace OpenSim.Region.Environment.Modules.InterGrid
100 { 104 {
101 enabled = false; 105 enabled = false;
102 } 106 }
107
108 try
109 {
110 httpcfg = config.Configs["Network"];
111 }
112 catch (NullReferenceException)
113 {
114
115 }
116
103 if (cfg != null) 117 if (cfg != null)
104 { 118 {
105 enabled = cfg.GetBoolean("ogp_enabled", false); 119 enabled = cfg.GetBoolean("ogp_enabled", false);
@@ -139,6 +153,20 @@ namespace OpenSim.Region.Environment.Modules.InterGrid
139 } 153 }
140 } 154 }
141 } 155 }
156 lock (m_scene)
157 {
158 if (m_scene.Count == 1)
159 {
160 if (httpcfg != null)
161 {
162 httpSSL = httpcfg.GetBoolean("http_listener_ssl", false);
163 httpsCN = httpcfg.GetString("http_listener_cn", scene.RegionInfo.ExternalHostName);
164 if (httpsCN.Length == 0)
165 httpsCN = scene.RegionInfo.ExternalHostName;
166 httpsslport = (uint)httpcfg.GetInt("http_listener_sslport",((int)scene.RegionInfo.HttpPort + 1));
167 }
168 }
169 }
142 // Of interest to this module potentially 170 // Of interest to this module potentially
143 //scene.EventManager.OnNewClient += OnNewClient; 171 //scene.EventManager.OnNewClient += OnNewClient;
144 //scene.EventManager.OnGridInstantMessageToFriendsModule += OnGridInstantMessage; 172 //scene.EventManager.OnGridInstantMessageToFriendsModule += OnGridInstantMessage;
@@ -371,14 +399,35 @@ namespace OpenSim.Region.Environment.Modules.InterGrid
371 // Get a reference to the user's cap so we can pull out the Caps Object Path 399 // Get a reference to the user's cap so we can pull out the Caps Object Path
372 OpenSim.Framework.Communications.Capabilities.Caps userCap = homeScene.GetCapsHandlerForUser(agentData.AgentID); 400 OpenSim.Framework.Communications.Capabilities.Caps userCap = homeScene.GetCapsHandlerForUser(agentData.AgentID);
373 401
402 string rezHttpProtocol = "http://";
403 string regionCapsHttpProtocol = "http://";
404 string httpaddr = reg.ExternalHostName;
405 string urlport = reg.HttpPort.ToString();
406
407
408 if (httpSSL)
409 {
410 rezHttpProtocol = "https://";
411
412 urlport = httpsslport.ToString();
413
414 if (httpsCN.Length > 0)
415 httpaddr = httpsCN;
416 }
417
418
419 // Be warned that the two following lines assume http not
420 // https since region caps are not implemented in https currently
421
374 // DEPRECIATED 422 // DEPRECIATED
375 responseMap["seed_capability"] = LLSD.FromString("http://" + reg.ExternalHostName + ":" + reg.HttpPort + "/CAPS/" + userCap.CapsObjectPath + "0000/"); 423 responseMap["seed_capability"] = LLSD.FromString(regionCapsHttpProtocol + httpaddr + ":" + reg.HttpPort + "/CAPS/" + userCap.CapsObjectPath + "0000/");
376 424
377 // REPLACEMENT 425 // REPLACEMENT
378 responseMap["region_seed_capability"] = LLSD.FromString("http://" + reg.ExternalHostName + ":" + reg.HttpPort + "/CAPS/" + userCap.CapsObjectPath + "0000/"); 426 responseMap["region_seed_capability"] = LLSD.FromString(regionCapsHttpProtocol + httpaddr + ":" + reg.HttpPort + "/CAPS/" + userCap.CapsObjectPath + "0000/");
427
379 428
380 responseMap["rez_avatar/rez"] = LLSD.FromString("http://" + reg.ExternalHostName + ":" + reg.HttpPort + rezAvatarPath); 429 responseMap["rez_avatar/rez"] = LLSD.FromString(rezHttpProtocol + httpaddr + ":" + urlport + rezAvatarPath);
381 responseMap["rez_avatar/derez"] = LLSD.FromString("http://" + reg.ExternalHostName + ":" + reg.HttpPort + derezAvatarPath); 430 responseMap["rez_avatar/derez"] = LLSD.FromString(rezHttpProtocol + httpaddr + ":" + urlport + derezAvatarPath);
382 431
383 // Add the user to the list of CAPS that are outstanding. 432 // Add the user to the list of CAPS that are outstanding.
384 // well allow the caps hosts in this dictionary 433 // well allow the caps hosts in this dictionary
diff --git a/bin/OpenSim.ini.example b/bin/OpenSim.ini.example
index 28a32cf..eda5813 100644
--- a/bin/OpenSim.ini.example
+++ b/bin/OpenSim.ini.example
@@ -169,6 +169,15 @@ dump_assets_to_file = false
169http_listener_port = 9000 169http_listener_port = 9000
170remoting_listener_port = 8895 170remoting_listener_port = 8895
171 171
172; ssl config: Experimental! The auto https config only really works definately on windows XP now
173; you need a Cert Request/Signed pair installed in the MY store with the CN specified below
174; you can use https on other platforms, but you'll need to configure the httpapi yourself for now
175http_listener_ssl = false ; Also create a SSL server
176http_listener_cn = "localhost" ; Use the cert with the common name
177http_listener_sslport = 9001 ; Use this port for SSL connections
178http_listener_ssl_cert = "" ; Currently unused, but will be used for OSHttpServer
179
180
172; Uncomment below to enable llRemoteData/remote channels 181; Uncomment below to enable llRemoteData/remote channels
173; remoteDataPort = 20800 182; remoteDataPort = 20800
174 183
diff --git a/share/junkCA/CA.crt b/share/junkCA/CA.crt
new file mode 100644
index 0000000..8e2f099
--- /dev/null
+++ b/share/junkCA/CA.crt
@@ -0,0 +1,30 @@
1-----BEGIN CERTIFICATE-----
2MIIFJzCCBA+gAwIBAgIJAK3s6O4dAEQSMA0GCSqGSIb3DQEBBQUAMIG9MQswCQYD
3VQQGEwJVUzEUMBIGA1UECBMLTXVsdGktc3RhdGUxEzARBgNVBAcTCm11bHRpLWNp
4dHkxJTAjBgNVBAoTHE9wZW5TaW11bGF0b3IgRGV2IERPTlQgVFJVU1QxEzARBgNV
5BAsTCkRPTlQgVFJVU1QxJTAjBgNVBAMTHE9wZW5TaW11bGF0b3IgRGV2IERPTlQg
6VFJVU1QxIDAeBgkqhkiG9w0BCQEWEXRlcmF2dXNAZ21haWwuY29tMB4XDTA4MDkx
7MjE2MTEwNVoXDTE4MDgxMTE2MTEwNVowgb0xCzAJBgNVBAYTAlVTMRQwEgYDVQQI
8EwtNdWx0aS1zdGF0ZTETMBEGA1UEBxMKbXVsdGktY2l0eTElMCMGA1UEChMcT3Bl
9blNpbXVsYXRvciBEZXYgRE9OVCBUUlVTVDETMBEGA1UECxMKRE9OVCBUUlVTVDEl
10MCMGA1UEAxMcT3BlblNpbXVsYXRvciBEZXYgRE9OVCBUUlVTVDEgMB4GCSqGSIb3
11DQEJARYRdGVyYXZ1c0BnbWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
12ggEKAoIBAQCwpTIw01Y6Lg7INnmDp9KHLC1p0Udg4Y9Ux232zd2tOTpjF7QnlHIO
13GKg8jE6SiaV4NPC9nRqgVCOMa6H7crbr/IrXcTUq0ZYyIG07ZkbUb+4aNNJLh/vq
14xHj0kXfRKGxq1QzjmNO7kfCzR4vQudI4F/Hw6HL2vIqRI3sNepn+j3VKCILyTLQP
15b0mJi6EfRizqLtIgQwaaMN3AgZWF8rAANNLerzkYLM7+uT5sQYX/sGPi16x/NgFr
16UfCI6Ag2Sbufj8VOOp08kDwVZNq7Vr44y+l1gJySPnLMbBrTb/erc+UJv4xgVsRI
17opMKP/DG+z3eRbxKcPZ0hpPWJS4JhG0bAgMBAAGjggEmMIIBIjAdBgNVHQ4EFgQU
18u0ZSqD+MrxiuSy0IsX5Iye8lHZswgfIGA1UdIwSB6jCB54AUu0ZSqD+MrxiuSy0I
19sX5Iye8lHZuhgcOkgcAwgb0xCzAJBgNVBAYTAlVTMRQwEgYDVQQIEwtNdWx0aS1z
20dGF0ZTETMBEGA1UEBxMKbXVsdGktY2l0eTElMCMGA1UEChMcT3BlblNpbXVsYXRv
21ciBEZXYgRE9OVCBUUlVTVDETMBEGA1UECxMKRE9OVCBUUlVTVDElMCMGA1UEAxMc
22T3BlblNpbXVsYXRvciBEZXYgRE9OVCBUUlVTVDEgMB4GCSqGSIb3DQEJARYRdGVy
23YXZ1c0BnbWFpbC5jb22CCQCt7OjuHQBEEjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3
24DQEBBQUAA4IBAQAaI69OZmjTVcZxtWLASB9nv3WNEOxJW+aBjseUhyM4H9pJ5bkh
25MmgiG9JgnBUpNzL3/1EV2Ud8ZCBy7JxhvwWnJMjxJL67US16sKpCLVvNAD2pCZ6f
26iaT/qorLYP/yJ7OieYmAh5lZsvG8xJM44ZZyvtYEVBB+qZw1gHkb4hhf3roUCV67
27aHMDRRolWyWm6weid7wTWz38QfRohVWidH9CPwubG7K4zPrDpBJAZV1cKra1YTrM
28eje1GuIyHzpIAAYP5z1hgI9p/0oTrWnG7w7Ydkpm9lu50WMt1DScsYnh0MhW/uas
29e24cQsvz0m9PZlfAsJQeX6pbqlJppoX+XeVC
30-----END CERTIFICATE-----
diff --git a/share/junkCA/CA.key b/share/junkCA/CA.key
new file mode 100644
index 0000000..59a7a5e
--- /dev/null
+++ b/share/junkCA/CA.key
@@ -0,0 +1,27 @@
1-----BEGIN RSA PRIVATE KEY-----
2MIIEowIBAAKCAQEAsKUyMNNWOi4OyDZ5g6fShywtadFHYOGPVMdt9s3drTk6Yxe0
3J5RyDhioPIxOkomleDTwvZ0aoFQjjGuh+3K26/yK13E1KtGWMiBtO2ZG1G/uGjTS
4S4f76sR49JF30ShsatUM45jTu5Hws0eL0LnSOBfx8Ohy9ryKkSN7DXqZ/o91SgiC
58ky0D29JiYuhH0Ys6i7SIEMGmjDdwIGVhfKwADTS3q85GCzO/rk+bEGF/7Bj4tes
6fzYBa1HwiOgINkm7n4/FTjqdPJA8FWTau1a+OMvpdYCckj5yzGwa02/3q3PlCb+M
7YFbESKKTCj/wxvs93kW8SnD2dIaT1iUuCYRtGwIDAQABAoIBAFNoXU+iqodkMgSl
8fDEHMCg1WugpMjvzpXsRg8HSqQZfDEu36I/7zvMK/30/fuZAakpdLQNLSERGFlb6
9h4y0ON0q7OAXi1RBjFr05r7yZyVuCI6FPHr/pZrP1JEekuXG4ZJ8MM7S3b8mhPIS
10KVmQNEvaOppXF9mbYw5vI25U4pvIljfAKZxkeU7aHb9asrnuBOwLjFRtLDTo13Nc
11dHTT3X+G+74mU8rYTV3njAmh9iE+PmDlc2mJckS/0TqpJbZgFueCCBIK5iJSc7lO
12+DFFgRcouvnCdZW9fp6/8Hz4FGa2TX6jsYj/H1dGWELioUOoBwkdqFP9JaBvd7ni
13Nx2PObkCgYEA31rYJJ5jUiosf1I894MuEg2HWosXd0pVAPW3QjHdx7oiVUBRS5ZB
14YAOy5zeleLckfWKJiE4z/5CMdsEM/Q9F0X2xg3TDhxUM7A4px0AXAsbyJT7AcE0O
15kZBZjhluIF8O3Lic/LqzT39KgG35zvvd+H42Je1WvsCLSREL1MQDwCUCgYEAynak
16x41uazl5UaDwL+mahIVW+n/Bko3e9BhD7ZRkLI2+R7y180Fw7dMmnxG/jVw7hotk
17Ylx3Oa+JjnEplxTd1TShnP1aQ0nhnxnhS9EbIW8SjsazeK8V8zezJ54uZziVedgg
18x/ISvQM0yPbvkrSo4mQEjl3q4DjmIyg5Nx+cVD8CgYBGD0vPKLOE2V+9zED9bnNs
19DDxRxWFl9LX3KBwEsnmbpaIRVaxqZkY5ZM+gQU8xL1lNzzPOwqEC4Ad/VIzLcBf5
20X1DoKB8Q5yR3gvXN3yeYomjgD+/zCeiw9jNxJD7r/oU97NapW7LVE9t9r4F1UIHO
216V/4w5q7GNBX6fXpFlcK1QKBgQCYNbYP5/4ZUm4otiucea0W7//B94YZndr9+7gl
22xqfA7xcca30G0i4KPfINKJSvu6VssyLW59kiXxu1INI5qRBVF2pg0f+oEsUyjYxZ
23KW2SJyT2fd+zXT3NShTANiWAqIOHxLpwV0dLHjvy0eKukm9dNABQ376Sr3Qk/jp1
24fKhUlQKBgAj6o2lw0vLOuQmqV08YF/UFWN/TZAcBzDE353fypi16aqY35pYSvUez
2564d1anTTwuq5fLGaQlH0XgGor/XbBqgif8eVyTRdfmA/2YQjwMIFyrWyxLpTiuiO
260P6lO4B9NCT2N/gDPomdlOfkA2g063C21CPa43lr8lGx8oaQW95W
27-----END RSA PRIVATE KEY-----
diff --git a/share/junkCA/CA.srl b/share/junkCA/CA.srl
new file mode 100644
index 0000000..ea34835
--- /dev/null
+++ b/share/junkCA/CA.srl
@@ -0,0 +1 @@
F10DF59AD0EE66E0
diff --git a/share/junkCA/CA2.pem b/share/junkCA/CA2.pem
new file mode 100644
index 0000000..8e2f099
--- /dev/null
+++ b/share/junkCA/CA2.pem
@@ -0,0 +1,30 @@
1-----BEGIN CERTIFICATE-----
2MIIFJzCCBA+gAwIBAgIJAK3s6O4dAEQSMA0GCSqGSIb3DQEBBQUAMIG9MQswCQYD
3VQQGEwJVUzEUMBIGA1UECBMLTXVsdGktc3RhdGUxEzARBgNVBAcTCm11bHRpLWNp
4dHkxJTAjBgNVBAoTHE9wZW5TaW11bGF0b3IgRGV2IERPTlQgVFJVU1QxEzARBgNV
5BAsTCkRPTlQgVFJVU1QxJTAjBgNVBAMTHE9wZW5TaW11bGF0b3IgRGV2IERPTlQg
6VFJVU1QxIDAeBgkqhkiG9w0BCQEWEXRlcmF2dXNAZ21haWwuY29tMB4XDTA4MDkx
7MjE2MTEwNVoXDTE4MDgxMTE2MTEwNVowgb0xCzAJBgNVBAYTAlVTMRQwEgYDVQQI
8EwtNdWx0aS1zdGF0ZTETMBEGA1UEBxMKbXVsdGktY2l0eTElMCMGA1UEChMcT3Bl
9blNpbXVsYXRvciBEZXYgRE9OVCBUUlVTVDETMBEGA1UECxMKRE9OVCBUUlVTVDEl
10MCMGA1UEAxMcT3BlblNpbXVsYXRvciBEZXYgRE9OVCBUUlVTVDEgMB4GCSqGSIb3
11DQEJARYRdGVyYXZ1c0BnbWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
12ggEKAoIBAQCwpTIw01Y6Lg7INnmDp9KHLC1p0Udg4Y9Ux232zd2tOTpjF7QnlHIO
13GKg8jE6SiaV4NPC9nRqgVCOMa6H7crbr/IrXcTUq0ZYyIG07ZkbUb+4aNNJLh/vq
14xHj0kXfRKGxq1QzjmNO7kfCzR4vQudI4F/Hw6HL2vIqRI3sNepn+j3VKCILyTLQP
15b0mJi6EfRizqLtIgQwaaMN3AgZWF8rAANNLerzkYLM7+uT5sQYX/sGPi16x/NgFr
16UfCI6Ag2Sbufj8VOOp08kDwVZNq7Vr44y+l1gJySPnLMbBrTb/erc+UJv4xgVsRI
17opMKP/DG+z3eRbxKcPZ0hpPWJS4JhG0bAgMBAAGjggEmMIIBIjAdBgNVHQ4EFgQU
18u0ZSqD+MrxiuSy0IsX5Iye8lHZswgfIGA1UdIwSB6jCB54AUu0ZSqD+MrxiuSy0I
19sX5Iye8lHZuhgcOkgcAwgb0xCzAJBgNVBAYTAlVTMRQwEgYDVQQIEwtNdWx0aS1z
20dGF0ZTETMBEGA1UEBxMKbXVsdGktY2l0eTElMCMGA1UEChMcT3BlblNpbXVsYXRv
21ciBEZXYgRE9OVCBUUlVTVDETMBEGA1UECxMKRE9OVCBUUlVTVDElMCMGA1UEAxMc
22T3BlblNpbXVsYXRvciBEZXYgRE9OVCBUUlVTVDEgMB4GCSqGSIb3DQEJARYRdGVy
23YXZ1c0BnbWFpbC5jb22CCQCt7OjuHQBEEjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3
24DQEBBQUAA4IBAQAaI69OZmjTVcZxtWLASB9nv3WNEOxJW+aBjseUhyM4H9pJ5bkh
25MmgiG9JgnBUpNzL3/1EV2Ud8ZCBy7JxhvwWnJMjxJL67US16sKpCLVvNAD2pCZ6f
26iaT/qorLYP/yJ7OieYmAh5lZsvG8xJM44ZZyvtYEVBB+qZw1gHkb4hhf3roUCV67
27aHMDRRolWyWm6weid7wTWz38QfRohVWidH9CPwubG7K4zPrDpBJAZV1cKra1YTrM
28eje1GuIyHzpIAAYP5z1hgI9p/0oTrWnG7w7Ydkpm9lu50WMt1DScsYnh0MhW/uas
29e24cQsvz0m9PZlfAsJQeX6pbqlJppoX+XeVC
30-----END CERTIFICATE-----
diff --git a/share/junkCA/Certificate commands OpenSSL.txt b/share/junkCA/Certificate commands OpenSSL.txt
new file mode 100644
index 0000000..0167ee1
--- /dev/null
+++ b/share/junkCA/Certificate commands OpenSSL.txt
@@ -0,0 +1,82 @@
1To generate a cert request and sign it with the JunkCA
2
3REMEMBER TO APPEND THE CA2.pem file to the bottom of the app_settings/CA.pem in the Linden client folders or you won't be able to connect!
4
5Generate a Host Key:
6 openssl genrsa -out host.key 2048
7
8Generate a Certificate signing request with *OpenSSL*:
9 openssl req -new -nodes -key host.key -out host.csr
10 When prompted for: 'Common Name (eg, YOUR name) []:', please type the domain name that this certificate will be used on.
11
12Or you could;
13
14Generate a Certificate request with the *IIS Snapin*:
15 Go to Control Panel ---> Administrative tools ---> Internet Information Services
16 Pick a web site on your server.
17 right click, choose properties from the context menu
18 Go to the Directory Security tab
19 Click On the 'Server Certificate...' button
20 Click 'Prepare the request now, but send it later' and then follow the wizard.
21 Be sure to type the common name as the domain name that you will be servicing. www.osgrid.org or whatever server will be using this cert
22
23Sign the certificate request with the junkCA;
24openssl x509 -req -days 3620 -CA CA.crt -CAkey CA.key -CAcreateserial -in host.csr -out signed.cer
25
26Import it into your MY store on windows.
27
28 If you used OpenSSL to generate the certificate;
29 openssl pkcs12 -export -in server.crt -inkey server.key.unsecure -out server.pfx -name "My Lovely Cert"
30 server.crt is the signed cert from the CA.
31 server.key.unsecure is the *unencrypted* private key.
32
33 You will be asked for a password, set this if you want.
34
35 In Windows, fire up "mmc", add the certificates Snap-in, set it to manage the local computer. Go to personal certificates folder, import server.pfx, enter password if you gave it one earlier.
36
37 In IIS, get it to let you choose from currently installed certs. You should now be able to choose the one you just installed.
38
39 If you used the IIS Snap-in,
40 Go to Control Panel ---> Administrative tools ---> Internet Information Services
41 Pick a web site on your server.
42 right click, choose properties from the context menu
43 Go to the Directory Security tab
44 Click On the 'Server Certificate...' button
45 Choose the radio button that says, 'Assign an existing certificate'
46
47
48Mono, you must use httpcfg in the Mono-1.9.1/lib/mono/2.0 folder.
49 httpcfg -add -port <TYPE HTTPS PORT> -pvk <TYPE PRIVATE KEY FILE> -cert MyCert
50
51After that, make sure to set-up your opensim.ini!
52
53
54OpenSSL can be found:
55http://www.slproweb.com/products/Win32OpenSSL.html
56
57httpcfg.exe for windowsXP can be found:
58http://www.microsoft.com/downloads/details.aspx?FamilyID=49ae8576-9bb9-4126-9761-ba8011fabf38&displaylang=en
59
60Windows Vista users need to use netsh http!
61
62---------------------------------------------------
63
64Additional notes
65
66To create your own CA
67
68openssl genrsa -out yourCA.key 2048
69openssl req -new -key yourCA.key -x509 -days 3620 -out yourCA.crt
70
71and the final step.. (AND THIS IS IMPORTANT)
72
73openssl x509 -in CA.crt -out yourCA.pem -outform PEM
74
75The last step will produce a certificate in the PEM format that you can append to the Linden client's app_settings/CA.pem file
76so that it can validate certificates that are generated from your CA.
77
78One last important thing!
79
80All users that connect with linden clients
81using SSL NEED the pem file you created in that last step appended to theirs, or their client will give them a weird error about
82their clock being wrong!
diff --git a/share/junkCA/This Folder contains Junk CA files and directions for signing with it. Comply with Export laws! b/share/junkCA/This Folder contains Junk CA files and directions for signing with it. Comply with Export laws!
new file mode 100644
index 0000000..cab724a
--- /dev/null
+++ b/share/junkCA/This Folder contains Junk CA files and directions for signing with it. Comply with Export laws!
@@ -0,0 +1 @@
This Folder contains Junk CA files and directions for signing with it. Comply with Export laws! \ No newline at end of file