Jump to content

SSL connection certificates for "Uplift"-ed regions/simulators

HiEnergy

By HiEnergy,
in Second Life Server

 Share
You are about to reply to a thread that has been inactive for 1269 days.

Please take a moment to consider if this thread is worth bumping.

Recommended Posts

HiEnergy

HiEnergy

Posted
Posted

Not sure whether this is the correct sub-forum for my topic. Please move if necessary.

I'm working on developing a piece of semi-interactive software connecting to Second Life in Java using libomv-java.

Connecting my agent to unchanged regions works fine using the SSL certificate for the Agni grid provided by LL.

How do I connect to uplifted regions? Where do I find the necessary SSL certificate (either a *.pem or *.crt file) for the Uplift-ed regions running on AWS EC2 instances?

Link to comment
Share on other sites
bigmoe Whitfield

bigmoe Whitfield

Posted
Posted
15 minutes ago, HiEnergy said:

Not sure whether this is the correct sub-forum for my topic. Please move if necessary.

I'm working on developing a piece of semi-interactive software connecting to Second Life in Java using libomv-java.

Connecting my agent to unchanged regions works fine using the SSL certificate for the Agni grid provided by LL.

How do I connect to uplifted regions? Where do I find the necessary SSL certificate (either a *.pem or *.crt file) for the Uplift-ed regions running on AWS EC2 instances?

I'm not sure if they are going to be given or useable yet.  from what we understand the ip and naming is not going to be working much if any at all.   so @Oz Linden   what can you tell us?

  • Like 1
Link to comment
Share on other sites
HiEnergy

HiEnergy

Posted
  • Author
Posted
1 hour ago, animats said:

Is this for inbound HTTPS, where you request a URL in a prim and try to connect to it from outside SL?

No, we're not talking LSL in my case.

It's for a program controlling an Agent (aka. bot) that's written in Java and uses the libomv-java for communication with the Second Life servers (simulators, inv/asset servers, CAPS servers and whatnot).

The library requires a certificate to make the SSL (https) connections to the various services for Second Life work.

in pre-"Uplift" times two Linden Labs SSL certificates (one for Aditi and one for Agni) were published, those worked well with my software. Of course those certificates don't work with the new AWS EC2 instances (which is intended as they're not Linden Labs, which the certificates certify).

Where do I find the new certificates for the AWS EC2 instances?

Link to comment
Share on other sites
Oz Linden

Oz Linden

Posted
Posted
6 hours ago, HiEnergy said:

The library requires a certificate to make the SSL (https) connections to the various services for Second Life work.

in pre-"Uplift" times two Linden Labs SSL certificates (one for Aditi and one for Agni) were published, those worked well with my software. Of course those certificates don't work with the new AWS EC2 instances (which is intended as they're not Linden Labs, which the certificates certify).

What you did before was use the specific certificates installed on the individual simulator hosts; that works, but isn't very flexible. Since we changed the domain name in the cloud, those certificates would no longer match the hostname and would not be valid. Instead, we had to generate new certificates, but those new certificates are signed by the same Linden Lab Certificate Authority certificate that the datacenter hosts were. If you put that certificate in the set that your system trusts to sign host certificates, then you'll be able to validate any certificate it signs and trust it.

The Linden Lab CA Certificate is at https://bitbucket.org/lindenlab/llca/raw/master/LindenLab.crt

  • Like 2
  • Thanks 3
Link to comment
Share on other sites
bigmoe Whitfield

bigmoe Whitfield

Posted
Posted
35 minutes ago, Oz Linden said:

What you did before was use the specific certificates installed on the individual simulator hosts; that works, but isn't very flexible. Since we changed the domain name in the cloud, those certificates would no longer match the hostname and would not be valid. Instead, we had to generate new certificates, but those new certificates are signed by the same Linden Lab Certificate Authority certificate that the datacenter hosts were. If you put that certificate in the set that your system trusts to sign host certificates, then you'll be able to validate any certificate it signs and trust it.

The Linden Lab CA Certificate is at  https://bitbucket.org/lindenlab/llca/raw/master/LindenLab.crt

Ty!

Link to comment
Share on other sites
HiEnergy

HiEnergy

Posted
  • Author
Posted
2 hours ago, Oz Linden said:

What you did before was use the specific certificates installed on the individual simulator hosts; that works, but isn't very flexible. Since we changed the domain name in the cloud, those certificates would no longer match the hostname and would not be valid. Instead, we had to generate new certificates, but those new certificates are signed by the same Linden Lab Certificate Authority certificate that the datacenter hosts were. If you put that certificate in the set that your system trusts to sign host certificates, then you'll be able to validate any certificate it signs and trust it.

The Linden Lab CA Certificate is at https://bitbucket.org/lindenlab/llca/raw/master/LindenLab.crt

Installing the Linden Lab CA Certificate solved the problem. My program now works flawlessly on the AWS EC2 simulators.

Thank you very much, @Oz Linden - I appreciate your help.

  • Like 2
Link to comment
Share on other sites
You are about to reply to a thread that has been inactive for 1269 days.

Please take a moment to consider if this thread is worth bumping.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...