- View the source.
- Go to sl_relay (E)/Communication by HTTPS.
Cur: 2008-12-21 (Sun) 03:29:18 gambled  |
|||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | **Communication by HTTPS [#z821af1d] | ||
| + | *** HTTPS communication between Viewer and Relay Server [#s44d2538] | ||
| + | In order to use HTTPS to communicate between the Viewer and the Relay Server, the following are needed. | ||
| + | -A private secret key file for the Relay Server (PEM form) | ||
| + | -A server certification file for the Relay Server signed by a CA (PEM form) (Common Name should be IP address) | ||
| + | -A certification file of the CA (PEM form). | ||
| + | |||
| + | The private secret key file and server certification file locations are specified in the configuration file. ([[SKEY_PEM_File>../SKEY_PEM_File]] and [[CERT_PEM_File>../CERT_PEM_File]]) | ||
| + | |||
| + | The certificate of CA is added to ''CA.pem'' (Certificate of CA for Second Life Server) of the Viewer with a text editor. ''CA.pem'' is in C:\Program Files\SecondLife\app_settings for Windows XP. When starting the Viewer, use ''https'' instead of ''http'' following the ''--loginuri'' option. ~ | ||
| + | |||
| + | You also need to start the Relay Server with the ''-as'' option. | ||
| + | |||
| + | *** Verification of the Second Life (SIM) Server [#ga3ea4ac] | ||
| + | Communication between the Relay Server and Second Life servers uses HTTPS communication by default. However, the Relay Server is not verified from the stand point of the Second Life server. | ||
| + | |||
| + | If verification of the Relay server is needed the ''CA.pem'' mentioned above is copied to an appropriate to Relay Server directory and the location is specified with [[CA_PEM_File>../CA_PEM_File]] in the configuration file.~ | ||
| + | Relay Server ([[sl_relay>sl_relay (E)]]) also needs to be started with the ''-aca'' option. | ||
| + | |||
| + | Note that if verification fails the connection is not made. | ||
| + | |||
| + | *** OpenSSL [#ba52b784] | ||
| + | You can make a server certificate for yourself, usually by setting CA. Please read the OpenSSL documentation for details on how this is done. | ||
- Backup diff of sl_relay (E)/Communication by HTTPS(No. All)
- Cur: 2008-12-21 (Sun) 03:29:18 gambled
