[Opensim-dev] Using ssl in OpenSim
Justin Clark-Casey
jjustincc at googlemail.com
Sat Dec 3 02:57:43 UTC 2011
Unfortunately, I can't provide much help since I haven't yet had reason to look into the area. Ordinary server-viewer
UDP traffic is not encrypted.
On 29/11/11 15:41, Fleep Tuque wrote:
> Following up on this thread, I'm looking into SSL for opensim to increase username and password security, but I'm pretty
> novice at server administration in general so I'm not sure I understand enough to even ask the right questions.
>
> Our Opensim 0.7.2 install is running in grid mode on Windows Server 2008/IIS. I've found information about installing
> the security certificate and I think I generally understand what to do there, but I just want to make sure I understand
> the process and how it works before I go through the process of requesting a cert from our InfoSec department.
>
> Reading the information in the thread below, I have a couple of questions:
>
> 1) Is it possible to have Diva's wifi account creation process done through https if I follow these steps? It's the
> usernames and passwords I'm most concerned about.
>
> 2) Is this only for remote admin applications or does this encrypt all traffic between the viewer and the server too?
>
> Sorry if these are stupid questions and many thanks in advance if anyone has more information or can explain Opensim SSL
> for Dummies style. ;)
>
> Sincerely,
>
> - Chris/Fleep
>
> Chris M. Collins (SL/OS: Fleep Tuque)
> Center for Simulations & Virtual Environments Research (UCSIM)
> UCIT Instructional & Research Computing
> University of Cincinnati
> 406A Zimmer Hall
> 315 College Drive
> PO BOX 210088
> Cincinnati, OH 45221-0088
> chris.collins at uc.edu <mailto:chris.collins at uc.edu>
> (513) 556-3018
>
> http://ucsim.uc.edu
>
>
>
>
> On Thu, May 5, 2011 at 10:07 PM, BlueWall <jamesh at bluewallgroup.com <mailto:jamesh at bluewallgroup.com>> wrote:
>
> SSL support for "out of band" applications is added in OpenSim commit
> 8ca793875318efc8db3339b25bf7fa5ddeeac218 . I have tested the region
> server with the remote-admin plugin and also completed the lsl function
> - llRequestSecureURL(). In Robust, I tested using a custom service to
> expose a service that gets user information over https. I will post the
> code for that soon as an example.
>
> *Certificates
> To use it, you will need a certificate in the PFX/PKCS12 format. These
> may be certs purchased from someone like VeriSign, Thawte or others
> providing CA services. You may also use a self signed cert for testing.
> If you are using Mono, see http://www.mono-project.com/FAQ:_Security and
> page down to "Can I make my own certificates ? ", and Windows users,
> here: http://blogs.technet.com/b/jhoward/archive/2005/02/02/365323.aspx
> for instructions. If you have an existing cert that is not in the PFX
> format, such as *.crt - you may use openssl to copy it into the proper
> format. See
> http://security.ncsa.illinois.edu/research/grid-howtos/usefulopenssl.html for
> some background information for using openssl to create certs or convert
> between formats.
>
> *Configuration
> The region server may use ssl as an auxiliary port. The options are in
> the OpenSimDefaults.ini. Copy them to your OpenSim.ini and adjust the
> settings to your setup...
>
> [Network]
> http_listener_port = 9000
>
> https_listener = True
> https_port = 9080
> cert_path = "/home/opensim/etc/os_server.p12"
> cert_pass = "mypassword"
>
> [RemoteAdmin]
> enabled = true
> port = 9080
> access_password = "woohooo"
>
> Then, set your remote-admin client to use the port and make the calls
> using https. I used code from
> http://xyzzyxyzzy.net/2008/01/23/using-pythons-xmlrpclib-with-opensim/
> to test the remote-admin. Modifying it to use my port and https.
>
> For applications in Robust, you have a couple of options. First, you can
> add an auxiliary port, as in the region server. But, in-case you want to
> split out your https application to a separate Robust server, you can
> make the main listener talk on https. Same options as the region server
> with one addition - the https_main option. Set that one to True to get
> your Robust main listener on https. Or set it to False to add an
> auxiliary https port to the main server. Then, in your application, set
> the port in your ServiceConnectors line to tell your application to use
> it...
>
> [Startup]
> ServiceConnectors = "8114/WxService.dll:WxServiceConnector"
> ; ^^^^ <-- Here
> [Network]
> port = 8113
> ;; ^^^^ <-- Main listener
> https_main = False
> ;; Create http listener true / false
> https_listener = True
> ;; Set our listener to this port
> https_port = 8114
> ;; ^^^^ <-- And Here
> ;; Path to X.509 cert
> cert_path = "/home/opensim/etc/os_server.p12"
> ;; Password for cert
> cert_pass = "mypassword"
>
>
> Have fun!
> BlueWall
>
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de <mailto:Opensim-dev at lists.berlios.de>
> https://lists.berlios.de/mailman/listinfo/opensim-dev
>
>
>
>
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
--
Justin Clark-Casey (justincc)
http://justincc.org/blog
http://twitter.com/justincc
More information about the Opensim-dev
mailing list