Unfortunately, I can't provide much help since I haven't yet had reason to look into the area. Ordinary server-viewer
UDP traffic is not encrypted.
On 29/11/11 15:41, Fleep Tuque wrote:
Following up on this thread, I'm looking into SSL for opensim to increase
username and password security, but I'm pretty
novice at server administration in general so I'm not sure I understand enough
to even ask the right questions.
Our Opensim 0.7.2 install is running in grid mode on Windows Server 2008/IIS.
I've found information about installing
the security certificate and I think I generally understand what to do there,
but I just want to make sure I understand
the process and how it works before I go through the process of requesting a
cert from our InfoSec department.
Reading the information in the thread below, I have a couple of questions:
1) Is it possible to have Diva's wifi account creation process done through
https if I follow these steps? It's the
usernames and passwords I'm most concerned about.
2) Is this only for remote admin applications or does this encrypt all traffic
between the viewer and the server too?
Sorry if these are stupid questions and many thanks in advance if anyone has
more information or can explain Opensim SSL
for Dummies style. ;)
Sincerely,
- Chris/Fleep
Chris M. Collins (SL/OS: Fleep Tuque)
Center for Simulations & Virtual Environments Research (UCSIM)
UCIT Instructional & Research Computing
University of Cincinnati
406A Zimmer Hall
315 College Drive
PO BOX 210088
Cincinnati, OH 45221-0088
[email protected] <mailto:[email protected]>
(513) 556-3018
http://ucsim.uc.edu
On Thu, May 5, 2011 at 10:07 PM, BlueWall <[email protected]
<mailto:[email protected]>> wrote:
SSL support for "out of band" applications is added in OpenSim commit
8ca793875318efc8db3339b25bf7fa5ddeeac218 . I have tested the region
server with the remote-admin plugin and also completed the lsl function
- llRequestSecureURL(). In Robust, I tested using a custom service to
expose a service that gets user information over https. I will post the
code for that soon as an example.
*Certificates
To use it, you will need a certificate in the PFX/PKCS12 format. These
may be certs purchased from someone like VeriSign, Thawte or others
providing CA services. You may also use a self signed cert for testing.
If you are using Mono, see http://www.mono-project.com/FAQ:_Security and
page down to "Can I make my own certificates ? ", and Windows users,
here: http://blogs.technet.com/b/jhoward/archive/2005/02/02/365323.aspx
for instructions. If you have an existing cert that is not in the PFX
format, such as *.crt - you may use openssl to copy it into the proper
format. See
http://security.ncsa.illinois.edu/research/grid-howtos/usefulopenssl.html
for
some background information for using openssl to create certs or convert
between formats.
*Configuration
The region server may use ssl as an auxiliary port. The options are in
the OpenSimDefaults.ini. Copy them to your OpenSim.ini and adjust the
settings to your setup...
[Network]
http_listener_port = 9000
https_listener = True
https_port = 9080
cert_path = "/home/opensim/etc/os_server.p12"
cert_pass = "mypassword"
[RemoteAdmin]
enabled = true
port = 9080
access_password = "woohooo"
Then, set your remote-admin client to use the port and make the calls
using https. I used code from
http://xyzzyxyzzy.net/2008/01/23/using-pythons-xmlrpclib-with-opensim/
to test the remote-admin. Modifying it to use my port and https.
For applications in Robust, you have a couple of options. First, you can
add an auxiliary port, as in the region server. But, in-case you want to
split out your https application to a separate Robust server, you can
make the main listener talk on https. Same options as the region server
with one addition - the https_main option. Set that one to True to get
your Robust main listener on https. Or set it to False to add an
auxiliary https port to the main server. Then, in your application, set
the port in your ServiceConnectors line to tell your application to use
it...
[Startup]
ServiceConnectors = "8114/WxService.dll:WxServiceConnector"
; ^^^^ <-- Here
[Network]
port = 8113
;; ^^^^ <-- Main listener
https_main = False
;; Create http listener true / false
https_listener = True
;; Set our listener to this port
https_port = 8114
;; ^^^^ <-- And Here
;; Path to X.509 cert
cert_path = "/home/opensim/etc/os_server.p12"
;; Password for cert
cert_pass = "mypassword"
Have fun!
BlueWall
_______________________________________________
Opensim-dev mailing list
[email protected] <mailto:[email protected]>
https://lists.berlios.de/mailman/listinfo/opensim-dev
_______________________________________________
Opensim-dev mailing list
[email protected]
https://lists.berlios.de/mailman/listinfo/opensim-dev
--
Justin Clark-Casey (justincc)
http://justincc.org/blog
http://twitter.com/justincc
_______________________________________________
Opensim-dev mailing list
[email protected]
https://lists.berlios.de/mailman/listinfo/opensim-dev
