From 01a46702537154e57ae7402186ffded0ba3010c2 Mon Sep 17 00:00:00 2001
From: Juan Linietsky <reduzio@gmail.com>
Date: Wed, 8 Apr 2015 16:30:42 -0300
Subject: [PATCH] Created tutorial_ssl (markdown)

---
 tutorial_ssl.md | 45 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100644 tutorial_ssl.md

diff --git a/tutorial_ssl.md b/tutorial_ssl.md
new file mode 100644
index 0000000..5ddfac6
--- /dev/null
+++ b/tutorial_ssl.md
@@ -0,0 +1,45 @@
+# SSL Certificates
+
+### Introduction
+
+It is often desired to use SSL connections for communications to avoid "main in the middle" attacks. Godot has a connection wrapper, [StreamPeerSSL](class_streampeerssl), which can take a regular connection and add security around it. The [HTTPClient](class_httpclient) class also supports HTTPS by using this same wrapper.
+
+For SSL to work, certificates need to be provided. A .crt file must be specified in the project settings:
+
+<p align="center"><img src="images/ssl_certs.png"></p>
+
+This file should contain any number of public certificicates in [PEM](http://en.wikipedia.org/wiki/Privacy-enhanced_Electronic_Mail) format.
+
+Of course, remember to add .crt as filter so the exporter recognizes this when exporting your project.
+
+<p align="center"><img src="images/add_crt.png"></p>
+
+There are two ways to obtain certificates:
+
+### Approach 1, Self Signed Cert
+
+The first approach is the simplest, just generate a private and public key pair, and put the public pair in the .crt file (again, in PEM format). The private key should go to your server.
+
+OpenSSL has [some documentation](https://www.openssl.org/docs/HOWTO/keys.txt) about this. This approach also **does not require domain validation** nor requires you to spend a considerable amount of money in purchasing certificates from a CA.
+
+### Approach 2, CA Cert
+
+The second approach consists of using a certificate authority (CA) such as Verisign, Geotrust, etc. This is a more cumbersome process, but it's more "official" and ensures your identity is clearly represented.
+Unless you are working with large companies or corporations, this method does not make much sense.
+
+Also, when using a CA issued cert, **you must enable domain validation**, to ensure the domain you are connecting to is valid, otherwise any website can issue any certificate in the same CA and it will work.
+
+If you are using Linux, you can use the supplied certs file, generally located in:
+
+```
+/etc/ssl/certs/ca-certificates.crt
+```
+
+This file allows HTTPS connections to virtually any website (ie, Google, Microsoft, etc) .
+
+Or just pick any of the more specific certificates there if you are connecting to a specific one.
+
+
+
+
+