OpenSim
/
OpenSimMirror
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update svn properties, minor formatting cleanup, fix a compiler warning.

0.6.0-stable
Jeff Ames 2008-09-15 14:21:57 +00:00
parent 0e2edbb5d4
commit ab30c6dc62
2 changed files with 88 additions and 85 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
OpenSim/Data/SQLite/Tests/SQLiteInventoryTest.cs
View File

@ -48,9 +48,12 @@ namespace OpenSim.Data.SQLite.Tests
public void Init() public void Init()
{ {
SuperInit(); SuperInit();
try { try
{
log4net.Config.XmlConfigurator.Configure(); log4net.Config.XmlConfigurator.Configure();
} catch (Exception e) { }
catch (Exception)
{
// I don't care, just leave log4net off // I don't care, just leave log4net off
} }
connect = "URI=file:" + file + ",version=3"; connect = "URI=file:" + file + ",version=3";
@ -64,4 +67,4 @@ namespace OpenSim.Data.SQLite.Tests
System.IO.File.Delete(file); System.IO.File.Delete(file);
} }
} }
} }

164
share/junkCA/Certificate commands OpenSSL.txt
View File

@ -1,82 +1,82 @@
To generate a cert request and sign it with the JunkCA To generate a cert request and sign it with the JunkCA
REMEMBER TO APPEND THE CA2.pem file to the bottom of the app_settings/CA.pem in the Linden client folders or you won't be able to connect! REMEMBER TO APPEND THE CA2.pem file to the bottom of the app_settings/CA.pem in the Linden client folders or you won't be able to connect!
Generate a Host Key: Generate a Host Key:
openssl genrsa -out host.key 2048 openssl genrsa -out host.key 2048
Generate a Certificate signing request with *OpenSSL*: Generate a Certificate signing request with *OpenSSL*:
openssl req -new -nodes -key host.key -out host.csr openssl req -new -nodes -key host.key -out host.csr
When prompted for: 'Common Name (eg, YOUR name) []:', please type the domain name that this certificate will be used on. When prompted for: 'Common Name (eg, YOUR name) []:', please type the domain name that this certificate will be used on.
Or you could; Or you could;
Generate a Certificate request with the *IIS Snapin*: Generate a Certificate request with the *IIS Snapin*:
Go to Control Panel ---> Administrative tools ---> Internet Information Services Go to Control Panel ---> Administrative tools ---> Internet Information Services
Pick a web site on your server. Pick a web site on your server.
right click, choose properties from the context menu right click, choose properties from the context menu
Go to the Directory Security tab Go to the Directory Security tab
Click On the 'Server Certificate...' button Click On the 'Server Certificate...' button
Click 'Prepare the request now, but send it later' and then follow the wizard. Click 'Prepare the request now, but send it later' and then follow the wizard.
Be sure to type the common name as the domain name that you will be servicing. www.osgrid.org or whatever server will be using this cert Be sure to type the common name as the domain name that you will be servicing. www.osgrid.org or whatever server will be using this cert
Sign the certificate request with the junkCA; Sign the certificate request with the junkCA;
openssl x509 -req -days 3620 -CA CA.crt -CAkey CA.key -CAcreateserial -in host.csr -out signed.cer openssl x509 -req -days 3620 -CA CA.crt -CAkey CA.key -CAcreateserial -in host.csr -out signed.cer
Import it into your MY store on windows. Import it into your MY store on windows.
If you used OpenSSL to generate the certificate; If you used OpenSSL to generate the certificate;
openssl pkcs12 -export -in server.crt -inkey server.key.unsecure -out server.pfx -name "My Lovely Cert" openssl pkcs12 -export -in server.crt -inkey server.key.unsecure -out server.pfx -name "My Lovely Cert"
server.crt is the signed cert from the CA. server.crt is the signed cert from the CA.
server.key.unsecure is the *unencrypted* private key. server.key.unsecure is the *unencrypted* private key.
You will be asked for a password, set this if you want. You will be asked for a password, set this if you want.
In Windows, fire up "mmc", add the certificates Snap-in, set it to manage the local computer. Go to personal certificates folder, import server.pfx, enter password if you gave it one earlier. In Windows, fire up "mmc", add the certificates Snap-in, set it to manage the local computer. Go to personal certificates folder, import server.pfx, enter password if you gave it one earlier.
In IIS, get it to let you choose from currently installed certs. You should now be able to choose the one you just installed. In IIS, get it to let you choose from currently installed certs. You should now be able to choose the one you just installed.
If you used the IIS Snap-in, If you used the IIS Snap-in,
Go to Control Panel ---> Administrative tools ---> Internet Information Services Go to Control Panel ---> Administrative tools ---> Internet Information Services
Pick a web site on your server. Pick a web site on your server.
right click, choose properties from the context menu right click, choose properties from the context menu
Go to the Directory Security tab Go to the Directory Security tab
Click On the 'Server Certificate...' button Click On the 'Server Certificate...' button
Choose the radio button that says, 'Assign an existing certificate' Choose the radio button that says, 'Assign an existing certificate'
Mono, you must use httpcfg in the Mono-1.9.1/lib/mono/2.0 folder. Mono, you must use httpcfg in the Mono-1.9.1/lib/mono/2.0 folder.
httpcfg -add -port <TYPE HTTPS PORT> -pvk <TYPE PRIVATE KEY FILE> -cert MyCert httpcfg -add -port <TYPE HTTPS PORT> -pvk <TYPE PRIVATE KEY FILE> -cert MyCert
After that, make sure to set-up your opensim.ini! After that, make sure to set-up your opensim.ini!
OpenSSL can be found: OpenSSL can be found:
http://www.slproweb.com/products/Win32OpenSSL.html http://www.slproweb.com/products/Win32OpenSSL.html
httpcfg.exe for windowsXP can be found: httpcfg.exe for windowsXP can be found:
http://www.microsoft.com/downloads/details.aspx?FamilyID=49ae8576-9bb9-4126-9761-ba8011fabf38&displaylang=en http://www.microsoft.com/downloads/details.aspx?FamilyID=49ae8576-9bb9-4126-9761-ba8011fabf38&displaylang=en
Windows Vista users need to use netsh http! Windows Vista users need to use netsh http!
--------------------------------------------------- ---------------------------------------------------
Additional notes Additional notes
To create your own CA To create your own CA
openssl genrsa -out yourCA.key 2048 openssl genrsa -out yourCA.key 2048
openssl req -new -key yourCA.key -x509 -days 3620 -out yourCA.crt openssl req -new -key yourCA.key -x509 -days 3620 -out yourCA.crt
and the final step.. (AND THIS IS IMPORTANT) and the final step.. (AND THIS IS IMPORTANT)
openssl x509 -in CA.crt -out yourCA.pem -outform PEM openssl x509 -in CA.crt -out yourCA.pem -outform PEM
The last step will produce a certificate in the PEM format that you can append to the Linden client's app_settings/CA.pem file The last step will produce a certificate in the PEM format that you can append to the Linden client's app_settings/CA.pem file
so that it can validate certificates that are generated from your CA. so that it can validate certificates that are generated from your CA.
One last important thing! One last important thing!
All users that connect with linden clients All users that connect with linden clients
using SSL NEED the pem file you created in that last step appended to theirs, or their client will give them a weird error about using SSL NEED the pem file you created in that last step appended to theirs, or their client will give them a weird error about
their clock being wrong! their clock being wrong!