- Timestamp:
- Jun 13, 2024, 10:32:26 PM (6 months ago)
- Location:
- trunk/BNC/src
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/BNC/src/bnchelp.html
r10503 r10509 1315 1315 <p><h4 id="network">2.2 Network</h4></p> 1316 1316 <p> 1317 You may need to specify a proxy when running BNC in a protected network. You may also like to use the Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL) cryptographic protocols for secure Ntrip communication over the Internet. 1317 You may need to specify a proxy when running BNC in a protected network. You may also like to use the Transport Layer Security (TLS) and its predecessor, 1318 Secure Sockets Layer (SSL) cryptographic protocols for secure Ntrip communication over the Internet. 1318 1319 </p> 1319 1320 <p><h4 id="proxy">2.2.1 Proxy - Usage in a protected LAN</h4></p> 1320 1321 <p> 1321 If you are running BNC within a protected Local Area Network (LAN), you might need to use a proxy server to access the Internet. Enter your proxy server IP and port number in case one is operated in front of BNC. If you do not know the IP and port of your proxy server, check the proxy server settings in your Internet browser or ask your network administrator. Without any entry, BNC will try to use the system proxies.</p> 1322 <p> 1323 Note that IP streaming is often not allowed in a LAN. In this case you need to ask your network administrator for an appropriate modification of the local security policy or for the installation of a TCP relay to the Ntrip Broadcaster you need to access. If this is not possible, you might need to run BNC outside your LAN on a host that has unobstructed connection to the Internet. 1324 </p> 1322 If you are running BNC within a protected Local Area Network (LAN), you might need to use a proxy server to access the Internet. 1323 Enter your proxy server IP and port number in case one is operated in front of BNC. 1324 If you do not know the IP and port of your proxy server, check the proxy server settings in your Internet browser or ask your network administrator. 1325 Without any entry, BNC will try to use the system proxies.</p> 1326 <p> 1327 Note that IP streaming is often not allowed in a LAN. In this case you need to ask your network administrator for an appropriate modification 1328 of the local security policy or for the installation of a TCP relay to the Ntrip Broadcaster you need to access. 1329 If this is not possible, you might need to run BNC outside your LAN on a host that has unobstructed connection to the Internet.</p> 1325 1330 1326 1331 <p><h4 id="ssl">2.2.2 SSL - Transport Layer Security</h4></p> 1327 <p>Communication with an Ntrip Broadcaster over Secure Sockets Layer (SSL) as well as the download of RINEX skeleton files when available from HTTPS websites requires the exchange of client and/or server certificates. Specify the path to a directory where you save certificates on your system. You may like to check out <u>http://software.rtcm-ntrip.org/wiki/Certificates</u> for a list of known Ntrip Server certificates. You may also just try communication via SSL to check out whether this is supported by the involved Ntrip Broadcaster. </p> 1328 <p>SSL communication may involve queries coming from the Ntrip Broadcaster or from a HTTPS website hosting RINEX skeletons. Such a query could show up under BNC's 'Log' tab especially when self-signed SSL certificates are used. Example: 1329 <pre> 1332 <p> 1333 Communication with an Ntrip Broadcaster over Secure Sockets Layer (SSL) as well as the download of RINEX skeleton files when available from HTTPS websites 1334 requires the exchange of client and/or server certificates. </p><p> 1335 Specify the path to a directory where you save CA certificates on your system. 1336 BNC creates from *.crt and *.pem files a CA certificate database, which is used by the socket during the handshake phase to validate the peer's certificate. </p> 1337 <p> 1338 SSL communication may involve queries coming from the Ntrip Broadcaster or from a HTTPS website hosting RINEX skeletons. 1339 Such a query could show up under BNC's 'Log' tab especially when self-signed SSL certificates are used. Example: 1340 <pre><p style="font-family:Monospace"> 1330 1341 SSL Error 1331 1342 Server Certificate Issued by: … … 1338 1349 No certificates could be verified 1339 1350 </pre> 1340 Queries should not be received by a client when a server uses official SSL certificates. 1341 </p> 1342 <p> 1343 Tick 'Ignore SSL authorization errors' if you generally trust the server and do not want to be bothered with this. Note that SSL communication is usually done over port 443. 1344 </p> 1351 </p> 1352 <p> 1353 Queries should not be received by a client when a server uses official SSL certificates. </p> 1354 <p> 1355 You may also just try communication via SSL to check out whether this is supported by the involved Ntrip Broadcaster. 1356 Note that SSL communication is usually done over port 443.</p> 1357 <p> 1358 Two-sided communication with an Ntrip Broadcaster over SSL requires in addition the exchange of client certificates. 1359 Specify the full path to the client certificates on your system. The file naming convention for client certificates in BNC is as follows: 1360 <pre> 1361 <hostname>.<port>.crt for the certificate and 1362 <hostname>.<port>.key for the private key, where <hostname> is without https://. 1363 </pre> 1364 </p> 1365 <p> 1366 If available, the client or personal authentication certificate is presented to the peer during the SSL handshake process. 1367 Password protected key files are not supported. 1368 Don't try communication via two sided SSL if you are not sure whether this is supported by the involved Ntrip Broadcaster. </p> 1369 <p> 1370 Tick 'Ignore SSL authorization errors' if you generally trust the server and do not want to be bothered with this. </p> 1345 1371 <p><img src="IMG/Figure07.png"width=800/></p> 1346 1372 <p>Figure 7: BNC's 'Network' panel configured to ignore eventually occurring SSL error messages</p> … … 1353 1379 <p><h4 id="genlog">2.3.1 Logfile - optional</h4></p> 1354 1380 <p> 1355 Records of BNC's activities are shown in the 'Log' tab on the bottom of the main window. These logs can be saved into a file when a valid path is specified in the 'Logfile (full path)' field. The logfile name will automatically be extended by a string '_YYMMDD' for the current date. This leads to series of daily logfiles when running BNC continuously. Message logs cover the communication status between BNC and the Ntrip Broadcaster as well as problems that may occur in the communication link, stream availability, stream delay, stream conversion etc. The time stamps within the 'Log' tab are given in UTC. The time stamps within the logfile are given in GPS Time. The default value for 'Logfile (full path)' is an empty option field, meaning that BNC logs will not be saved into a file. 1381 Records of BNC's activities are shown in the 'Log' tab on the bottom of the main window. 1382 These logs can be saved into a file when a valid path is specified in the 'Logfile (full path)' field. 1383 The logfile name will automatically be extended by a string '_YYMMDD' for the current date. 1384 This leads to series of daily logfiles when running BNC continuously. 1385 Message logs cover the communication status between BNC and the Ntrip Broadcaster as well as problems 1386 that may occur in the communication link, stream availability, stream delay, stream conversion etc. 1387 The time stamps within the 'Log' tab are given in UTC. The time stamps within the logfile are given in GPS Time. 1388 The default value for 'Logfile (full path)' is an empty option field, meaning that BNC logs will not be saved into a file. 1356 1389 </p> 1357 1390 <p> -
trunk/BNC/src/bncwindow.cpp
r10503 r10509 1407 1407 _proxyHostLineEdit->setWhatsThis(tr("<p>If you are running BNC within a protected Local Area Network (LAN), you may need to use a proxy server to access the Internet. Enter your proxy server IP and port number in case one is operated in front of BNC. If you do not know the IP and port of your proxy server, check the proxy server settings in your Internet browser or ask your network administrator. Without any entry, BNC will try to use the system proxies. </p><p>Note that IP streaming is sometimes not allowed in a LAN. In this case you need to ask your network administrator for an appropriate modification of the local security policy or for the installation of a TCP relay to the Ntrip Broadcasters. If this is not possible, you may need to run BNC outside your LAN on a network that has unobstructed connection to the Internet. <i>[key: proxyHost]</i></p>")); 1408 1408 _proxyPortLineEdit->setWhatsThis(tr("<p>Enter your proxy server port number in case a proxy is operated in front of BNC. <i>[key: proxyPort]</i></p>")); 1409 _sslCaCertPathLineEdit->setWhatsThis(tr("<p>Communication with an Ntrip Broadcaster over SSL requires the exchange of server certificates. Specify the path to a directory where you save CA certificates on your system. </p><p>BNC creates from *.crt and *.pem files a CA certificate database, which is used by the socket during the handshake phase to validate the peer's certificate. </p><p> Don't try communication via SSL if you are not sure whether this is supported by the involved Ntrip Broadcaster.</p><p>Note that SSL communication is usually done over port 443. <i>[key: sslCaCertPath]</i></p>"));1409 _sslCaCertPathLineEdit->setWhatsThis(tr("<p>Communication with an Ntrip Broadcaster over SSL requires the exchange of server certificates. Specify the path to a directory where you save CA certificates on your system. </p><p>BNC creates from *.crt and *.pem files a CA certificate database, which is used by the socket during the handshake phase to validate the peer's certificate. </p><p>Note that SSL communication is usually done over port 443. <i>[key: sslCaCertPath]</i></p>")); 1410 1410 _sslClientCertPathLineEdit->setWhatsThis(tr("<p>Two-sided communication with an Ntrip Broadcaster over SSL requires in addition the exchange of client certificates. Specify the full path to the client certificates on your system.</p><p></p><p>The file naming convention for client certificates in BNC is as follows: <hostname>.<port>.crt for the certificate and <hostname>.<port>.key for the private key, where <hostname> is without https://. </p><p> If available, the client or personal authentication certificate is presented to the peer during the SSL handshake process. Password protected key files are not supported. </p><p>Don't try communication via two sided SSL if you are not sure whether this is supported by the involved Ntrip Broadcaster. </p><p>Note that SSL communication is usually done over port 443. <i>[key: sslClientCertPath]</i></p>")); 1411 1411 _sslIgnoreErrorsCheckBox->setWhatsThis(tr("<p>SSL communication may involve queries coming from the Ntrip Broadcaster. Tick 'Ignore SSL authorization errors' if you don't want to be bothered with this. <i>[key: sslIgnoreErrors]</i></p>"));
Note:
See TracChangeset
for help on using the changeset viewer.