Nixyri/godot
1
0
Fork 0
mirror of https://github.com/godotengine/godot.git synced 2024-11-21 19:42:43 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Created tutorial_ssl (markdown)

Juan Linietsky 2015-04-08 16:30:42 -03:00
parent 0c506d88d2
commit 01a4670253
1 changed files with 45 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
tutorial_ssl.md Normal file

@ -0,0 +1,45 @@
# SSL Certificates
### Introduction
It is often desired to use SSL connections for communications to avoid "main in the middle" attacks. Godot has a connection wrapper, [StreamPeerSSL](class_streampeerssl), which can take a regular connection and add security around it. The [HTTPClient](class_httpclient) class also supports HTTPS by using this same wrapper.
For SSL to work, certificates need to be provided. A .crt file must be specified in the project settings:
<p align="center"><img src="images/ssl_certs.png"></p>
This file should contain any number of public certificicates in [PEM](http://en.wikipedia.org/wiki/Privacy-enhanced_Electronic_Mail) format.
Of course, remember to add .crt as filter so the exporter recognizes this when exporting your project.
<p align="center"><img src="images/add_crt.png"></p>
There are two ways to obtain certificates:
### Approach 1, Self Signed Cert
The first approach is the simplest, just generate a private and public key pair, and put the public pair in the .crt file (again, in PEM format). The private key should go to your server.
OpenSSL has [some documentation](https://www.openssl.org/docs/HOWTO/keys.txt) about this. This approach also **does not require domain validation** nor requires you to spend a considerable amount of money in purchasing certificates from a CA.
### Approach 2, CA Cert
The second approach consists of using a certificate authority (CA) such as Verisign, Geotrust, etc. This is a more cumbersome process, but it's more "official" and ensures your identity is clearly represented.
Unless you are working with large companies or corporations, this method does not make much sense.
Also, when using a CA issued cert, **you must enable domain validation**, to ensure the domain you are connecting to is valid, otherwise any website can issue any certificate in the same CA and it will work.
If you are using Linux, you can use the supplied certs file, generally located in:
```
/etc/ssl/certs/ca-certificates.crt
```
This file allows HTTPS connections to virtually any website (ie, Google, Microsoft, etc) .
Or just pick any of the more specific certificates there if you are connecting to a specific one.