[Opensim-dev] Using ssl in OpenSim

Fleep Tuque fleep513 at gmail.com
Tue Nov 29 15:41:30 UTC 2011 

Following up on this thread, I'm looking into SSL for opensim to increase
username and password security, but I'm pretty novice at server
administration in general so I'm not sure I understand enough to even ask
the right questions.

Our Opensim 0.7.2 install is running in grid mode on Windows Server
2008/IIS.  I've found information about installing the security certificate
and I think I generally understand what to do there, but I just want to
make sure I understand the process and how it works before I go through the
process of requesting a cert from our InfoSec department.

Reading the information in the thread below, I have a couple of questions:

1)  Is it possible to have Diva's wifi account creation process done
through https if I follow these steps?  It's the usernames and passwords
I'm most concerned about.

2)  Is this only for remote admin applications or does this encrypt all
traffic between the viewer and the server too?

Sorry if these are stupid questions and many thanks in advance if anyone
has more information or can explain Opensim SSL for Dummies style.  ;)

Sincerely,

- Chris/Fleep

Chris M. Collins (SL/OS: Fleep Tuque)
Center for Simulations & Virtual Environments Research (UCSIM)
UCIT Instructional & Research Computing
University of Cincinnati
406A Zimmer Hall
315 College Drive
PO BOX 210088
Cincinnati, OH 45221-0088
chris.collins at uc.edu
(513) 556-3018

http://ucsim.uc.edu





On Thu, May 5, 2011 at 10:07 PM, BlueWall <jamesh at bluewallgroup.com> wrote:

> SSL support for "out of band" applications is added in OpenSim commit
> 8ca793875318efc8db3339b25bf7fa5ddeeac218 . I have tested the region
> server with the remote-admin plugin and also completed the lsl function
> - llRequestSecureURL(). In Robust, I tested using a custom service to
> expose a service that gets user information over https. I will post the
> code for that soon as an example.
>
> *Certificates
> To use it, you will need a certificate in the PFX/PKCS12 format. These
> may be certs purchased from someone like VeriSign,  Thawte or others
> providing CA services. You may also use a self signed cert for testing.
> If you are using Mono, see http://www.mono-project.com/FAQ:_Security and
> page down to "Can I make my own certificates ? ",  and Windows users,
> here: http://blogs.technet.com/b/jhoward/archive/2005/02/02/365323.aspx
> for instructions. If you have an existing cert that is not in the PFX
> format, such as *.crt - you may use openssl to copy it into the proper
> format. See
> http://security.ncsa.illinois.edu/research/grid-howtos/usefulopenssl.htmlfor
> some background information for using openssl to create certs or convert
> between formats.
>
> *Configuration
> The region server may use ssl as an auxiliary port. The options are in
> the OpenSimDefaults.ini. Copy them to your OpenSim.ini and adjust the
> settings to your setup...
>
> [Network]
> http_listener_port = 9000
>
> https_listener = True
> https_port = 9080
> cert_path = "/home/opensim/etc/os_server.p12"
> cert_pass = "mypassword"
>
> [RemoteAdmin]
> enabled = true
> port = 9080
> access_password = "woohooo"
>
> Then, set your remote-admin client to use the port and make the calls
> using https. I used code from
> http://xyzzyxyzzy.net/2008/01/23/using-pythons-xmlrpclib-with-opensim/
> to test the remote-admin. Modifying it to use my port and https.
>
> For applications in Robust, you have a couple of options. First, you can
> add an auxiliary port, as in the region server. But, in-case you want to
> split out your https application to a separate Robust server, you can
> make the main listener talk on https. Same options as the region server
> with one addition - the https_main option. Set that one to True to get
> your Robust main listener on https. Or set it to False to add an
> auxiliary https port to the main server. Then, in your application, set
> the port in your ServiceConnectors line to tell your application to use
> it...
>
> [Startup]
> ServiceConnectors = "8114/WxService.dll:WxServiceConnector"
> ;                    ^^^^  <-- Here
> [Network]
>    port = 8113
>    ;;     ^^^^ <-- Main listener
>    https_main = False
>    ;; Create http listener true / false
>    https_listener = True
>    ;; Set our listener to this port
>    https_port = 8114
>    ;;           ^^^^  <-- And Here
>    ;; Path to X.509 cert
>    cert_path = "/home/opensim/etc/os_server.p12"
>    ;; Password for cert
>    cert_pass = "mypassword"
>
>
> Have fun!
> BlueWall
>
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://opensimulator.org/pipermail/opensim-dev/attachments/20111129/81d41c7c/attachment-0001.html>

More information about the Opensim-dev mailing list