1 files changed, 82 insertions, 82 deletions
diff --git a/share/junkCA/Certificate commands OpenSSL.txt b/share/junkCA/Certificate commands OpenSSL.txt
index 0167ee1..2ae6963 100644
--- a/share/junkCA/Certificate commands OpenSSL.txt
+++ b/share/junkCA/Certificate commands OpenSSL.txt
@@ -1,82 +1,82 @@
-To generate a cert request and sign it with the JunkCA
+To generate a cert request and sign it with the JunkCA
-REMEMBER TO APPEND THE CA2.pem file to the bottom of the app_settings/CA.pem in the Linden client folders or you won't be able to connect!
+REMEMBER TO APPEND THE CA2.pem file to the bottom of the app_settings/CA.pem in the Linden client folders or you won't be able to connect!
-Generate a Host Key:
+Generate a Host Key:
- openssl genrsa -out host.key 2048
+ openssl genrsa -out host.key 2048
-Generate a Certificate signing request with *OpenSSL*:
+Generate a Certificate signing request with *OpenSSL*:
-  openssl req -new -nodes -key host.key -out host.csr
+  openssl req -new -nodes -key host.key -out host.csr
-  When prompted for: 'Common Name (eg, YOUR name) []:', please type the domain name that this certificate will be used on.
+  When prompted for: 'Common Name (eg, YOUR name) []:', please type the domain name that this certificate will be used on.
-Or you could;
+Or you could;
-Generate a Certificate request with the *IIS Snapin*:
+Generate a Certificate request with the *IIS Snapin*:
-  Go to Control Panel ---> Administrative tools ---> Internet Information Services
+  Go to Control Panel ---> Administrative tools ---> Internet Information Services
-  Pick a web site on your server.
+  Pick a web site on your server.
-  right click, choose properties from the context menu
+  right click, choose properties from the context menu
-  Go to the Directory Security tab
+  Go to the Directory Security tab
-  Click On the 'Server Certificate...' button
+  Click On the 'Server Certificate...' button
-  Click 'Prepare the request now, but send it later' and then follow the wizard.
+  Click 'Prepare the request now, but send it later' and then follow the wizard.
-  Be sure to type the common name as the domain name that you will be servicing.   www.osgrid.org or whatever server will be using this cert
+  Be sure to type the common name as the domain name that you will be servicing.   www.osgrid.org or whatever server will be using this cert
-Sign the certificate request with the junkCA;
+Sign the certificate request with the junkCA;
-openssl x509 -req -days 3620 -CA CA.crt -CAkey CA.key -CAcreateserial -in host.csr -out signed.cer
+openssl x509 -req -days 3620 -CA CA.crt -CAkey CA.key -CAcreateserial -in host.csr -out signed.cer
-Import it into your MY store on windows.
+Import it into your MY store on windows.
- If you used OpenSSL to generate the certificate;
+ If you used OpenSSL to generate the certificate;
-   openssl pkcs12 -export -in server.crt -inkey server.key.unsecure -out server.pfx -name "My Lovely Cert" 
+   openssl pkcs12 -export -in server.crt -inkey server.key.unsecure -out server.pfx -name "My Lovely Cert" 
-   server.crt is the signed cert from the CA.
+   server.crt is the signed cert from the CA.
-   server.key.unsecure is the *unencrypted* private key.
+   server.key.unsecure is the *unencrypted* private key.
-   You will be asked for a password, set this if you want.
+   You will be asked for a password, set this if you want.
-   In Windows, fire up "mmc", add the certificates Snap-in, set it to manage the local computer. Go to personal certificates folder, import server.pfx, enter password if you gave it one earlier.
+   In Windows, fire up "mmc", add the certificates Snap-in, set it to manage the local computer. Go to personal certificates folder, import server.pfx, enter password if you gave it one earlier.
-   In IIS, get it to let you choose from currently installed certs. You should now be able to choose the one you just installed.
+   In IIS, get it to let you choose from currently installed certs. You should now be able to choose the one you just installed.
- If you used the IIS Snap-in, 
+ If you used the IIS Snap-in, 
-   Go to Control Panel ---> Administrative tools ---> Internet Information Services
+   Go to Control Panel ---> Administrative tools ---> Internet Information Services
-   Pick a web site on your server.
+   Pick a web site on your server.
-   right click, choose properties from the context menu
+   right click, choose properties from the context menu
-   Go to the Directory Security tab
+   Go to the Directory Security tab
-   Click On the 'Server Certificate...' button
+   Click On the 'Server Certificate...' button
-   Choose the radio button that says, 'Assign an existing certificate'
+   Choose the radio button that says, 'Assign an existing certificate'
-Mono, you must use httpcfg in the Mono-1.9.1/lib/mono/2.0 folder.
+Mono, you must use httpcfg in the Mono-1.9.1/lib/mono/2.0 folder.
- httpcfg -add -port <TYPE HTTPS PORT> -pvk <TYPE PRIVATE KEY FILE> -cert MyCert
+ httpcfg -add -port <TYPE HTTPS PORT> -pvk <TYPE PRIVATE KEY FILE> -cert MyCert
-After that, make sure to set-up your opensim.ini!
+After that, make sure to set-up your opensim.ini!
-OpenSSL can be found:
+OpenSSL can be found:
-http://www.slproweb.com/products/Win32OpenSSL.html
+http://www.slproweb.com/products/Win32OpenSSL.html
-httpcfg.exe for windowsXP can be found:
+httpcfg.exe for windowsXP can be found:
-http://www.microsoft.com/downloads/details.aspx?FamilyID=49ae8576-9bb9-4126-9761-ba8011fabf38&displaylang=en
+http://www.microsoft.com/downloads/details.aspx?FamilyID=49ae8576-9bb9-4126-9761-ba8011fabf38&displaylang=en
-Windows Vista users need to use netsh http!
+Windows Vista users need to use netsh http!
---------------------------------------------------
+---------------------------------------------------
-Additional notes
+Additional notes
-To create your own CA
+To create your own CA
-openssl genrsa -out yourCA.key 2048
+openssl genrsa -out yourCA.key 2048
-openssl req -new -key yourCA.key -x509 -days 3620 -out yourCA.crt
+openssl req -new -key yourCA.key -x509 -days 3620 -out yourCA.crt
-and the final step..  (AND THIS IS IMPORTANT)
+and the final step..  (AND THIS IS IMPORTANT)
-openssl x509 -in CA.crt -out yourCA.pem -outform PEM
+openssl x509 -in CA.crt -out yourCA.pem -outform PEM
-The last step will produce a certificate in the PEM format that you can append to the Linden client's app_settings/CA.pem file 
+The last step will produce a certificate in the PEM format that you can append to the Linden client's app_settings/CA.pem file 
-so that it can validate certificates that are generated from your CA.   
+so that it can validate certificates that are generated from your CA.   
-One last important thing!  
+One last important thing!  
-All users that connect with linden clients 
+All users that connect with linden clients 
-using SSL NEED the pem file you created in that last step appended to theirs, or their client will give them a weird error about 
+using SSL NEED the pem file you created in that last step appended to theirs, or their client will give them a weird error about 
-their clock being wrong!
+their clock being wrong!

diff --git a/share/junkCA/Certificate commands OpenSSL.txt b/share/junkCA/Certificate commands OpenSSL.txt index 0167ee1..2ae6963 100644 --- a/share/junkCA/Certificate commands OpenSSL.txt +++ b/share/junkCA/Certificate commands OpenSSL.txt
@@ -1,82 +1,82 @@
1	To generate a cert request and sign it with the JunkCA	1	To generate a cert request and sign it with the JunkCA
2		2
3	REMEMBER TO APPEND THE CA2.pem file to the bottom of the app_settings/CA.pem in the Linden client folders or you won't be able to connect!	3	REMEMBER TO APPEND THE CA2.pem file to the bottom of the app_settings/CA.pem in the Linden client folders or you won't be able to connect!
4		4
5	Generate a Host Key:	5	Generate a Host Key:
6	openssl genrsa -out host.key 2048	6	openssl genrsa -out host.key 2048
7		7
8	Generate a Certificate signing request with OpenSSL:	8	Generate a Certificate signing request with OpenSSL:
9	openssl req -new -nodes -key host.key -out host.csr	9	openssl req -new -nodes -key host.key -out host.csr
10	When prompted for: 'Common Name (eg, YOUR name) []:', please type the domain name that this certificate will be used on.	10	When prompted for: 'Common Name (eg, YOUR name) []:', please type the domain name that this certificate will be used on.
11		11
12	Or you could;	12	Or you could;
13		13
14	Generate a Certificate request with the IIS Snapin:	14	Generate a Certificate request with the IIS Snapin:
15	Go to Control Panel ---> Administrative tools ---> Internet Information Services	15	Go to Control Panel ---> Administrative tools ---> Internet Information Services
16	Pick a web site on your server.	16	Pick a web site on your server.
17	right click, choose properties from the context menu	17	right click, choose properties from the context menu
18	Go to the Directory Security tab	18	Go to the Directory Security tab
19	Click On the 'Server Certificate...' button	19	Click On the 'Server Certificate...' button
20	Click 'Prepare the request now, but send it later' and then follow the wizard.	20	Click 'Prepare the request now, but send it later' and then follow the wizard.
21	Be sure to type the common name as the domain name that you will be servicing. www.osgrid.org or whatever server will be using this cert	21	Be sure to type the common name as the domain name that you will be servicing. www.osgrid.org or whatever server will be using this cert
22		22
23	Sign the certificate request with the junkCA;	23	Sign the certificate request with the junkCA;
24	openssl x509 -req -days 3620 -CA CA.crt -CAkey CA.key -CAcreateserial -in host.csr -out signed.cer	24	openssl x509 -req -days 3620 -CA CA.crt -CAkey CA.key -CAcreateserial -in host.csr -out signed.cer
25		25
26	Import it into your MY store on windows.	26	Import it into your MY store on windows.
27		27
28	If you used OpenSSL to generate the certificate;	28	If you used OpenSSL to generate the certificate;
29	openssl pkcs12 -export -in server.crt -inkey server.key.unsecure -out server.pfx -name "My Lovely Cert"	29	openssl pkcs12 -export -in server.crt -inkey server.key.unsecure -out server.pfx -name "My Lovely Cert"
30	server.crt is the signed cert from the CA.	30	server.crt is the signed cert from the CA.
31	server.key.unsecure is the unencrypted private key.	31	server.key.unsecure is the unencrypted private key.
32		32
33	You will be asked for a password, set this if you want.	33	You will be asked for a password, set this if you want.
34		34
35	In Windows, fire up "mmc", add the certificates Snap-in, set it to manage the local computer. Go to personal certificates folder, import server.pfx, enter password if you gave it one earlier.	35	In Windows, fire up "mmc", add the certificates Snap-in, set it to manage the local computer. Go to personal certificates folder, import server.pfx, enter password if you gave it one earlier.
36		36
37	In IIS, get it to let you choose from currently installed certs. You should now be able to choose the one you just installed.	37	In IIS, get it to let you choose from currently installed certs. You should now be able to choose the one you just installed.
38		38
39	If you used the IIS Snap-in,	39	If you used the IIS Snap-in,
40	Go to Control Panel ---> Administrative tools ---> Internet Information Services	40	Go to Control Panel ---> Administrative tools ---> Internet Information Services
41	Pick a web site on your server.	41	Pick a web site on your server.
42	right click, choose properties from the context menu	42	right click, choose properties from the context menu
43	Go to the Directory Security tab	43	Go to the Directory Security tab
44	Click On the 'Server Certificate...' button	44	Click On the 'Server Certificate...' button
45	Choose the radio button that says, 'Assign an existing certificate'	45	Choose the radio button that says, 'Assign an existing certificate'
46		46
47		47
48	Mono, you must use httpcfg in the Mono-1.9.1/lib/mono/2.0 folder.	48	Mono, you must use httpcfg in the Mono-1.9.1/lib/mono/2.0 folder.
49	httpcfg -add -port <TYPE HTTPS PORT> -pvk <TYPE PRIVATE KEY FILE> -cert MyCert	49	httpcfg -add -port <TYPE HTTPS PORT> -pvk <TYPE PRIVATE KEY FILE> -cert MyCert
50		50
51	After that, make sure to set-up your opensim.ini!	51	After that, make sure to set-up your opensim.ini!
52		52
53		53
54	OpenSSL can be found:	54	OpenSSL can be found:
55	http://www.slproweb.com/products/Win32OpenSSL.html	55	http://www.slproweb.com/products/Win32OpenSSL.html
56		56
57	httpcfg.exe for windowsXP can be found:	57	httpcfg.exe for windowsXP can be found:
58	http://www.microsoft.com/downloads/details.aspx?FamilyID=49ae8576-9bb9-4126-9761-ba8011fabf38&displaylang=en	58	http://www.microsoft.com/downloads/details.aspx?FamilyID=49ae8576-9bb9-4126-9761-ba8011fabf38&displaylang=en
59		59
60	Windows Vista users need to use netsh http!	60	Windows Vista users need to use netsh http!
61		61
62	---------------------------------------------------	62	---------------------------------------------------
63		63
64	Additional notes	64	Additional notes
65		65
66	To create your own CA	66	To create your own CA
67		67
68	openssl genrsa -out yourCA.key 2048	68	openssl genrsa -out yourCA.key 2048
69	openssl req -new -key yourCA.key -x509 -days 3620 -out yourCA.crt	69	openssl req -new -key yourCA.key -x509 -days 3620 -out yourCA.crt
70		70
71	and the final step.. (AND THIS IS IMPORTANT)	71	and the final step.. (AND THIS IS IMPORTANT)
72		72
73	openssl x509 -in CA.crt -out yourCA.pem -outform PEM	73	openssl x509 -in CA.crt -out yourCA.pem -outform PEM
74		74
75	The last step will produce a certificate in the PEM format that you can append to the Linden client's app_settings/CA.pem file	75	The last step will produce a certificate in the PEM format that you can append to the Linden client's app_settings/CA.pem file
76	so that it can validate certificates that are generated from your CA.	76	so that it can validate certificates that are generated from your CA.
77		77
78	One last important thing!	78	One last important thing!
79		79
80	All users that connect with linden clients	80	All users that connect with linden clients
81	using SSL NEED the pem file you created in that last step appended to theirs, or their client will give them a weird error about	81	using SSL NEED the pem file you created in that last step appended to theirs, or their client will give them a weird error about
82	their clock being wrong!	82	their clock being wrong!