llRequestSecureURL(): Impending HTTPS-in SSL certificate expiration
tracked
cudatox Resident
The SSL certificate linked to in the documentation on the the Wiki (https://wiki.secondlife.com/wiki/LlRequestSecureURL) for this feature is due to expire on April 16.
After this date, software that preforms certificate validation will no longer be able to connect.
Log In
Maestro Linden
tracked
cudatox Resident thanks for keeping tabs on this. The updated cert mentioned in the forum thread is live on the beta grid now - you can see it on the channel running regions "Bonifacio" and "Morris", as well as the 4 "Cloud Sandbox" regions (which are good for testing content).
curl shows the new cert as:
```
* Server certificate:
subject: C=US; ST=California; L=San Francisco; O=Linden Research Inc; CN=
.aditi.secondlife.io* start date: Feb 28 00:00:00 2025 GMT
* expire date: Feb 28 23:59:59 2026 GMT
subjectAltName: host "simhost-0675a117a85824c9c.aditi.secondlife.io" matched cert's "
.aditi.secondlife.io"* issuer: C=US; O=DigiCert Inc; CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1
* SSL certificate verify ok.
```
cudatox Resident
I was just informed that this is already being dealt with: https://community.secondlife.com/forums/topic/521090-grid-ssl-cert-updates-coming-soon/
Please feel free to close this report.
WolfGang Senizen
This is being addressed already
And solving the self signing problem too
ostiabs Resident
Y'all trusted Linden Lab Certificate Authority?
Has anyone tested this? Is the wiki up to date?
The cert I'm being served by simhost-0d9306f06c02152ae.agni.secondlife.io is valid until Fri, 04 Sep 2026 15:09:11 GMT`
cudatox Resident
ostiabs Resident It is possible to make most SSL libraries use a particular CA certificate file to verify a server certificate, which is exactly what I am doing.
If I keep certificate verification enabled and remove the Linden CA cert (using the root certificates that came with my OS instead), verification fails. This would seem to indicate that the server certificates are signed using that certificate authority.