Warning: technical post ahead!
This is how I fixed auth server in the files I released (http://forum.ragezone.com/f694/1-4-minimal-development-server-823016/). I believe there is another way, at least from what I've seen in the russian leaked files, but this one is simple enough and works.
The new thing
Auth server uses a certificate to encrypt the communications with delivery server. The reason is most likely that on official it is on a separate network or something like this.
The problem
Leaked auth server is incomplete and does not have the necessary certificates so it won't work.
Solution: in a nutshell
We'll tell delivery to accept any certificate and then create our own self signed certificate to use with the auth server.
Solution: delivery
You just need to set in the config:
This causes delivery server to not check the authenticity of the auth server's certificate.
Solution: auth
Now that delivery will accept any certificate, we create a self-signed certificate. Then we pack it in a java keystore file which auth server can use.
Firstly,
Once we have the key and the certificate, we'll convert them to DER format.
Those files can now be packed in a java keystore (see references for the "ImportKey" script).
We're nearly done, now we just need to modify the certificate initialization in auth server to use our keystore. Here in an example of what it can look like:
Attached is the keystore I used in my release. The certificate is valid for 10 years and the passphrase is "osppw_auth".
References
jd-gui and fernflower java decompilers.
thanks to the people who helped me get the files and such
This is how I fixed auth server in the files I released (http://forum.ragezone.com/f694/1-4-minimal-development-server-823016/). I believe there is another way, at least from what I've seen in the russian leaked files, but this one is simple enough and works.
The new thing
Auth server uses a certificate to encrypt the communications with delivery server. The reason is most likely that on official it is on a separate network or something like this.
The problem
Leaked auth server is incomplete and does not have the necessary certificates so it won't work.
Solution: in a nutshell
We'll tell delivery to accept any certificate and then create our own self signed certificate to use with the auth server.
Solution: delivery
You just need to set in the config:
Code:
au_cert = false
Solution: auth
Now that delivery will accept any certificate, we create a self-signed certificate. Then we pack it in a java keystore file which auth server can use.
Firstly,
You must be registered to see links
. You do not need to use a CA, but you will want to strip the key of its password. We'll assume the key is named "osppw.key" and the certificate "osppw.crt".Once we have the key and the certificate, we'll convert them to DER format.
Code:
openssl pkcs8 -topk8 -nocrypt -in osppw.key -inform PEM -out osppw.key.der -outform DER
openssl x509 -in osppw.crt -inform PEM -out osppw.crt.der -outform DER
Those files can now be packed in a java keystore (see references for the "ImportKey" script).
Code:
java ImportKey osppw.key.der osppw.crt.der
mv ~/keystore.ImportKey auth.keystore
We're nearly done, now we just need to modify the certificate initialization in auth server to use our keystore. Here in an example of what it can look like:
Code:
// set security
if(0 != CertVerify.getInstance().initJKS(AuthServer.class.getResource("auth.keystore").getPath(), "passphrase")) {
throw new Exception("load JKS failed.");
}
Attached is the keystore I used in my release. The certificate is valid for 10 years and the passphrase is "osppw_auth".
References
You must be registered to see links
jd-gui and fernflower java decompilers.
thanks to the people who helped me get the files and such
Attachments
You must be registered for see attachments list