[Opensim-users] Using ssl in OpenSim

James Hughes jamesh at bluewallgroup.com
Fri May 6 02:08:58 UTC 2011 

SSL support for "out of band" applications is added in OpenSim commit
8ca793875318efc8db3339b25bf7fa5ddeeac218 . I have tested the region
server with the remote-admin plugin and also completed the lsl function
- llRequestSecureURL(). In Robust, I tested using a custom service to
expose a service that gets user information over https. I will post the
code for that soon as an example.

*Certificates
To use it, you will need a certificate in the PFX/PKCS12 format. These
may be certs purchased from someone like VeriSign,  Thawte or others
providing CA services. You may also use a self signed cert for testing.
If you are using Mono, see http://www.mono-project.com/FAQ:_Security and
page down to "Can I make my own certificates ? ",  and Windows users,
here: http://blogs.technet.com/b/jhoward/archive/2005/02/02/365323.aspx
for instructions. If you have an existing cert that is not in the PFX
format, such as *.crt - you may use openssl to copy it into the proper
format. See
http://security.ncsa.illinois.edu/research/grid-howtos/usefulopenssl.html for
some background information for using openssl to create certs or convert
between formats.

*Configuration
The region server may use ssl as an auxiliary port. The options are in
the OpenSimDefaults.ini. Copy them to your OpenSim.ini and adjust the
settings to your setup...

[Network]
http_listener_port = 9000

https_listener = True
https_port = 9080
cert_path = "/home/opensim/etc/os_server.p12"
cert_pass = "mypassword"

[RemoteAdmin]
enabled = true
port = 9080
access_password = "woohooo"

Then, set your remote-admin client to use the port and make the calls
using https. I used code from
http://xyzzyxyzzy.net/2008/01/23/using-pythons-xmlrpclib-with-opensim/
to test the remote-admin. Modifying it to use my port and https.

For applications in Robust, you have a couple of options. First, you can
add an auxiliary port, as in the region server. But, in-case you want to
split out your https application to a separate Robust server, you can
make the main listener talk on https. Same options as the region server
with one addition - the https_main option. Set that one to True to get
your Robust main listener on https. Or set it to False to add an
auxiliary https port to the main server. Then, in your application, set
the port in your ServiceConnectors line to tell your application to use
it...

[Startup]
ServiceConnectors = "8114/WxService.dll:WxServiceConnector"
;                    ^^^^  <-- Here
[Network]
    port = 8113
    ;;     ^^^^ <-- Main listener
    https_main = False
    ;; Create http listener true / false
    https_listener = True
    ;; Set our listener to this port
    https_port = 8114
    ;;           ^^^^  <-- And Here
    ;; Path to X.509 cert
    cert_path = "/home/opensim/etc/os_server.p12"
    ;; Password for cert
    cert_pass = "mypassword"


Have fun!
BlueWall

More information about the Opensim-users mailing list