ONLY USE SELF SIGNED CERTIFICATES INTERNALLY OR FOR TESTING. USE A SERVICE LIKE LETSENCRYPT FOR REAL CERTIFICATES. THIS PROGRAM WILL GENERATE A CERTIFICATE AUTHORITY KEY PAIR AND A CERTIFICATE SIGNED BY THAT AUTHORITY. CERTIFICATES ARE ONLY VALID FOR 30 DAYS. AFTER THAT TIME YOU NEED A NEW ISSUER AND CERTIFICATE.
ONLY DO THIS STEP ON THE SERVER. IT SHOULD NOT BE DONE ON CLIENTS. THIS STRING CONTAINS A BASE64 ENCODED PFX FILE, WHICH IS A COMBINATION OF THE CERTIFICATE AND THE PRIVATE KEY FOR THE CERTIFICATE WHICH IS USED TO SIGN KEY EXCHANGES.
In the NetworkingManager.NetworkConfig ServerBase64PfxCertificate
text field. Enter the following:
MIID/AIBAzCCA8IGCSqGSIb3DQEHAaCCA7MEggOvMIIDqzCCA6cGCSqGSIb3DQEHBqCCA5gwggOUAgEAMIIDjQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQItK5i48mnsToCAggAgIIDYDYgcEqeQAg0VB4fUnZvx2nZH5viCFWfHidkf0aGPi/fXBQmGYd7malR5goWsDtzrpiU+GhZDJoKRIxIgKIJNd2456SA1Pyiax0LVlRA8kbfos0Z9uN39ATcYOrxzVpfEeWCpzYLv29n4WH5I3JUn3gWiWxV2A2NxeFd5opeDtLKyjTeIlNWbhKvx3TcWYhxZUpHuvr6IzV+1IVILIKHtXhScWr+SQKRKYzImWCsL0fDFn0jT/kj1Wt652LHbZujMtZKvQRPnBQ7l2pz93T2Bz/Qfe3Fy4qPMdWgEboNXWEKHQdUfAIBNog90ox2dleuzl0LF59X0DZCpQXco6uwH4vv56hEaM9Q5xjcrkg1iNn1dHMRws7Z5Z55iYDm6EdS/8yqRk3UOrLEn/thigstN1HDMi0fpL1eZuwDmSO5rYLXCSGjMFYv5rwX4xj0+HPGOvFbSPK+Ajgg4yfSO5EyJEBY56EC8VjegSXYUZG1cs4rQ/9Me88MW7q0cr61L2FDOo8X/lir6dPSwnpaTi9TQ0XZx90MrehoQ8cG9EjH4HcB0rVN43TOI6jg33THjqK2ujKTDGctdhZqvGrHFXrpV3Kx/wDU1F3fjq4VbPYmAV3fB7yZAttYiOZsseAxh+JSS6u/QE9cZdvD90ppt2FICKsZ1ydv5xW1sy3JKJAMRTg+TmWcImZJrvWr6JdkxMDnMsAYEqbft0QgDKcd3b20g5dzzUgZAfXQ2r/0iPyRlSRTBzGYb5tfHGD2O1CkFi+w014vw7QxDyRKz4MDuul96g1D9bBP4FlCqQCsZ+bVQJxTSbtUBpdrSuWGJTwkhMfkI4ZVXcp0FxF+icroAD/97hSmV2eExwophGVRBo9UtPs91pONLRDAzKGWJR8JljuzMfFjV7BOcSWDPqVAS6tEy57CeruUNMuW2TqB9WPmRwdPXVKx40oa9M8K215PcC+SLYE0CWXGKAXLwjqBdcpbiBSTjUoUDQZeyIbIokqJiIjCf97EOFnyFU2jF6z657qKGhkXglPpCXpYjNgLBrsq1Lj/UHJtcGWVFuwGT17IyiSuXdRdw1GSJQKMWH+jMy/Fe1gFnlxrwe0xBM6qMxXRKNCnUVVAEk66CdtzSrNFNbWKvMFC2uxCvSMMgYSvpTOsADAxMCEwCQYFKw4DAhoFAAQUlvX0r/aoRqWv2RmeQfFnUcq7o2cECK3Q5hCVL9oFAgIIAA==
To make clients trust your certificate issuer. Please do the following before connecting:
CryptographyHelper.OnValidateCertificateCallback = (certificate, hostname) =>
{
X509Certificate2 issuerCertificate = new X509Certificate2(Convert.FromBase64String("MIIC5jCCAc6gAwIBAgIIPLbx8x5fA8kwDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UEAxMOVW5uYW1lZCBJc3N1ZXIwHhcNMTkxMDE4MjMzOTA4WhcNMTkxMTE3MjMzOTA4WjAZMRcwFQYDVQQDEw5Vbm5hbWVkIElzc3VlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL6HkFcJ2QtGLWMdXHRZb+uw+ahOCqW/45B+KXUiXh2gKsyFfph3ndQSsXYdovbQRW8QgAVk/uGDpkKUbKCethGFv9JwCM6FnmFu73WosLAz3sIoIVA/InVj+utCInqXDcKkXzwQnTSbYPAzgignEl0LOEV7SIv/1TkYvnzfEKBjs2EMwpKQ5ePX8gATpS0tHvKK1f6vP+3tqoo37IUM39zWb1zJwD87loBGFSV/Pmja9lqAHDtA8I/wSM55JKkvGyWZt5x0JL3PxA5TuHz8H2+kbRQuEsPTWzO45cAMzFBKr5XF/ZQfAH2mk3F01pPqJzZWXTKj64QCHG7sCHvPPqkCAwEAAaMyMDAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU26Q7ftrsynWgf6RoJDN3WQ6onUMwDQYJKoZIhvcNAQELBQADggEBAJKj/Qy2P6nHEIU9YZyqM0yhZnUo+Z9Ft51P8fKsOgz/XFmAXroa02jxiHV7n2muNKclrju/E6IXyvYN6ifQDucmd5dt+wBYVwkN7hGcmBOyjULV3kNy1VQdXrujrtNZxHUhJDWH3K1QZKaBnsbzBL+tguhY73HPpiB0Ge9twAeCwrpSgeomzzv86GpltlogMuS3ktaCpDNGt5QIGajXsHRtu0Ik8VWRhypBQBHgBhHex/3HHRBkvdIQZx3rT7Rt9UgrGX14XJMT4lwYyxP+3ev4y6aY0FRIUvuwWTssOKULHaWVXqClzutpvELHz292chQoIFNXQ65KIcMC2XXE0h0="));
X509Chain verify = new X509Chain();
verify.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
verify.ChainPolicy.ExtraStore.Add(issuerCertificate);
verify.ChainPolicy.VerificationFlags = X509VerificationFlags.AllowUnknownCertificateAuthority;
// Check if the chain accepts it. This can mean that it's from a CA we trust OR our own CA.
bool isAcceptedByChain = verify.Build(new X509Certificate2(certificate));
if (isAcceptedByChain)
{
// Validate with the last added CA, that's our CA
return verify.ChainElements[verify.ChainElements.Count - 1].Certificate.Thumbprint == issuerCertificate.Thumbprint;
}
return false;
}
Property | Value |
---|---|
Issuer Name | CN=Unnamed Issuer |
Issuer Key Type | RSA |
Issuer Key Size | 2048 |
Issuer Validity Start | 19/10/2019 00:39:08 (UTC) |
Issuer Validity End | 17/11/2019 23:39:08 (UTC) |
Issuer Serial Number | 3CB6F1F31E5F03C9 |
Issuer Thumbprint | 7B604B3F93B3321422DE0E1454F67311AEBBB9C4 |
Certificate Name | CN=Unnamed MLAPI Development Certificate |
Certificate Serial Number | 0083AFC35121A1197CA39044A544D4F819 |
Certificate Thumbprint | 761F58F24100484C3B2D47642E4A538AAE7419F4 |
Certificate Key Type | RSA |
Certificate Key Size | 2048 |
Certificate Validity Start | 19/10/2019 00:39:08 (UTC) |
Certificate Validity End | 17/11/2019 23:39:08 (UTC) |
These are the keys that were used
<?xml version="1.0" encoding="utf-16"?>
<RSAParameters xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<D>MtOhOsbiwrIu63DquBMf20Uz5KUlDAB7qZEuaBQJ/Wc746F9GxlV3jw6YSMY1TTMQQuqy0WdBPYExWAo9lRAh74hZPcEMmvMy3s3oDCnKeo8c5kXAfxFqgFI77eN0Rw4zILi8PgRp/YHTyy+fQ2nRXD3yvlPaiGOdRPXxSIQomhf7ybDRbS8FjrdVuy2tt7OcRkODxOy28kZPArIbNQuyYoHblXBTDVVTf6bb2W25zWduTBeGtgJ8W/+CY9IlK9oS5GzwEMc7lQde2Bc4RQBz2rBJATrVtTjML7zfYgB6FDVrkAr2sPOLQp5b5cLm35uhOMKtbSXdRGR4ixuSTf9HQ==</D>
<DP>TsgxjcgVgydDuC1EaRHWIgvjZC6a96hDVSyM4qQc6vWp4x78WpQLYZKKw6rSJaE2Hz+AiCxMZO4+ujFIIe3/UkB2Tk04NB2rFaRYxyUc/pOGa3bduTK3SYWt2PHSBY8xh3R0PiP07yzcSgu9SO/Np0CWON9ztF4qGAMN9KzOR/M=</DP>
<DQ>D4c1mPqnL1dbhXuakeRVOBHHnF8Kw8014d6qXksSZ/3fZFKw9BtCp1YoDQkHi28UaY47ZnKTM4JvHYErE6y/cxLvoNqQ7o81YYsVjS5qTnFWzxdS4Orz3dAZwAPJFypLjCEcCGGnBIsBUJHeIS5Nje4DCrI2hwFUvvixUsKP//s=</DQ>
<Exponent>AQAB</Exponent>
<InverseQ>Gvm+XvuckGHna004/Di+1X9LxjfZ2Zkm5oMnj2948YGD0C4TlIbUlxxqP0q2zjBBmIESiG8IO0IeBBy1qRLLNy8zDieS6A0iMO9GI4YeHyZyI0FduB0DDdTKu4er9ZVtTzWutXZI3CLU2gWBzXyKp9f3xDivu9GapAye1mGTOzo=</InverseQ>
<Modulus>voeQVwnZC0YtYx1cdFlv67D5qE4Kpb/jkH4pdSJeHaAqzIV+mHed1BKxdh2i9tBFbxCABWT+4YOmQpRsoJ62EYW/0nAIzoWeYW7vdaiwsDPewighUD8idWP660IiepcNwqRfPBCdNJtg8DOCKCcSXQs4RXtIi//VORi+fN8QoGOzYQzCkpDl49fyABOlLS0e8orV/q8/7e2qijfshQzf3NZvXMnAPzuWgEYVJX8+aNr2WoAcO0Dwj/BIznkkqS8bJZm3nHQkvc/EDlO4fPwfb6RtFC4Sw9NbM7jlwAzMUEqvlcX9lB8AfaaTcXTWk+onNlZdMqPrhAIcbuwIe88+qQ==</Modulus>
<P>9ewUgktF9+/9ERhO/ilsYrGHXAw7VhBNa8zcl78gNz47rxhqvEuGeeJTTsa/9CPk77Ff2SM7zJN8qIM6pxmC+N0+VGWTtvXIzeo0Dz2Kq+iZ0cEGAxo731Vh7sEnqFHtq0e63uv6uMzkGbQ44M93IUdWSTR/4ciAWYNumlQlXqc=</P>
<Q>xlZe59CCnnyTU1PFzMFXFUEYGxMQ2yDDiK8JLZ+95SvswEqA9nssYm3VWektk0PL8ZAwIW1MMMbnZlgjw+uZnG7lmKG95faEc/leddhcC460u7QPxzar+AP4OPRUkNup5/wEQ/A0MpeqwwpDTs1lPn56Erj2uxdJm2NZ7e7f8i8=</Q>
</RSAParameters>
<?xml version="1.0" encoding="utf-16"?>
<RSAParameters xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<D>PzUPWjvHGTvWK3grcj5Hs9pgbjRWKaC7p0kSrQHfye4NvOyKEL9Qeslt9Mn2xPNZReYs4vpAnnTaaTIqvPotqhBy/yZ+W6vqla5poDJRrGneDsNq39C7bK7ayfyTHUQzKvhNIa2EAGhunUFAH93bQhs+wQ7lpK2PTgcZ27AOvk7h9MAt6dXOSNCllzN2lyyE4c4nRIpOA5Wv30bqdTNB1tilV9HgZTVT8w6ESZwSL070VS5fG1IiBLFLIySvNGZjF4MDg1vkPOdz0EJhmGEx6gje3dPgacV3dod33cWIjx5e4vT/0YfTDlYghwV3nf4b2MjHRze7IEOjV/K9/Bc9kQ==</D>
<DP>UdumOJv/UzQ/CItc6hO9ilQc4606JyP7zRe4+kekOma7KFnLGtWx4lK68jhluLbRhoXgD5iztqVeTikIFb16PQCICTXkSsVZjpf9GwkiT4tktcnOb60JTfMV15/tw/RRfgpfpJV0GGOh3wnaIiMrJhtrkh1w80KPYa9fznUGyR0=</DP>
<DQ>sywOPPcF7lhQMRGRlxjC8yVUpmpJO1A8VDH1kupDJyfmLiqO/g2jxjVtp2jKp7L5fMmKbcpdnG52yrS+JTp9UZX21olmN01Ze8F6Ma1rxXwHnbJewbTMWE4c2FWzdlwN535KbJ2QVvk5egrCbzgmlY6Qb2hhygBRxzgSkTuVdik=</DQ>
<Exponent>AQAB</Exponent>
<InverseQ>IaengEpJ7O9ZSdrgGuGkww9Y7lg5CLJqLj/ew08qrei5sAKSPyTcZl12eIiQ0Fl9nJbGC0XyUORxB92LRLNzSxYX2td1X1MlEaehv1ATYwyGZqmzSAtfxZtSDkjEIKIaDJsvs99q3BJxRodUGCjX1v1QO/juPfLIHE89/6nrOhg=</InverseQ>
<Modulus>xJCvgD6Z2bKWehaU3NEobdcXEDbdA6e57rXmE+3JxTpHzfqw+56KwH2qHl5Cs6pclJVmzr4t1GIp6PmcCeACxcospmSA/GhaAmSfdSz+TufbLQmE9YYgFkg/eDrbT+YnsEGZQTdwJXf7mUcUo+uhP2q9aQAOnuHAiRqBPIr/toJIqyazvFYlcrhgimmO5eWbHeqJgkNpvgbHPDpCgIQqLzs1nt6OOMooW9Xx0BWU12puFpv3fmZge1EKdNgtaxMz7yi2dqmEeTfJ+wYOJfWD5lBVM0ewqXGAOoTZM0zM8TAXcCmHC569OYwn9pdW3oP09+d879g/VnwWLFPJwC9aEw==</Modulus>
<P>80xfEMRwp2kwbDuZblNa7h3aDl/fivMlpuw3qIOvrsO3Q7J8R84tppBZl/eMGVDmrr8VcviJ03oIKv7jZuffzKtr+ERUnweA/HcdaIn9FQip+9mBAQntIjUf9XqMP0Z9Rpw+T2zLGmXedHfUHTnPNNrv7Sg6tUu0Wiv+9AFEr68=</P>
<Q>ztO8Z3HQWptpzIOR1iXnXKCYbLgBilGmN3RMPnD9T1jTjvyyDu/f6ZqrteY8OdBoP9zTT85FWDm7KQWRbXT3+6+hsJYxVTFur31e94xWxK+yoatgCQjEFDY9n5tWedV4pxKBR7jHSXE+ZMniRFDLFG5yLfFFBvHLmiN8VwkTUN0=</Q>
</RSAParameters>