![[PukiWiki]](image/pukiwiki.png "[PukiWiki]")
#author("2025-04-15T10:15:40+00:00","default:iseki","iseki") #author("2025-04-15T10:16:41+00:00","default:iseki","iseki") **Communication by HTTPS [#z821af1d] *** HTTPS communication between Viewer and Relay Server [#s44d2538] In order to use HTTPS to communicate between the Viewer and the Relay Server, the following are needed. -A private secret key file for the Relay Server (PEM form) -A server certification file for the Relay Server signed by a CA (PEM form) (Common Name should be IP address) -A certification file of the CA (PEM form). The private secret key file and server certification file locations are specified in the configuration file. ([[SKEY_PEM_File>../SKEY_PEM_File]] and [[CERT_PEM_File>../CERT_PEM_File]]) The certificate of CA is added to ''CA.pem'' (Certificate of CA for Second Life Server) of the Viewer with a text editor. ''CA.pem'' is in C:\Program Files\SecondLife\app_settings for Windows XP. When starting the Viewer, use ''https'' instead of ''http'' following the ''--loginuri'' option. You also need to start the Relay Server with the ''-as'' option. *** Verification of the Second Life (SIM) Server [#ga3ea4ac] Communication between the Relay Server and Second Life servers uses HTTPS communication by default. However, the Relay Server is not verified from the stand point of the Second Life server. If verification of the Relay server is needed the ''CA.pem'' mentioned above is copied to an appropriate to Relay Server directory and the location is specified with [[CA_PEM_File>../CA_PEM_File]] in the configuration file. Relay Server ([[sl_relay>sl_relay (E)]]) also needs to be started with the ''-aca'' option. Note that if verification fails the connection is not made. *** OpenSSL [#ba52b784] *** [[OpenSSL]] [#ba52b784] You can make a server certificate for yourself, usually by setting CA. Please read the OpenSSL documentation for details on how this is done.
