Skip to content

Instantly share code, notes, and snippets.

@MidLevel-Bot MidLevel-Bot/quickstart.md Secret
Created Sep 11, 2019

Embed
What would you like to do?
http://cert.midlevel.io/ Generated on 11/09/2019 11:43:46 by ::ffff:34.204.176.189

ONLY USE SELF SIGNED CERTIFICATES INTERNALLY OR FOR TESTING. USE A SERVICE LIKE LETSENCRYPT FOR REAL CERTIFICATES. THIS PROGRAM WILL GENERATE A CERTIFICATE AUTHORITY KEY PAIR AND A CERTIFICATE SIGNED BY THAT AUTHORITY. CERTIFICATES ARE ONLY VALID FOR 30 DAYS. AFTER THAT TIME YOU NEED A NEW ISSUER AND CERTIFICATE.

Quickstart Instructions (Basic Usage)

Server Instructions

ONLY DO THIS STEP ON THE SERVER. IT SHOULD NOT BE DONE ON CLIENTS. THIS STRING CONTAINS A BASE64 ENCODED PFX FILE, WHICH IS A COMBINATION OF THE CERTIFICATE AND THE PRIVATE KEY FOR THE CERTIFICATE WHICH IS USED TO SIGN KEY EXCHANGES.

In the NetworkingManager.NetworkConfig ServerBase64PfxCertificate text field. Enter the following:

MIID/AIBAzCCA8IGCSqGSIb3DQEHAaCCA7MEggOvMIIDqzCCA6cGCSqGSIb3DQEHBqCCA5gwggOUAgEAMIIDjQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIvXRhfIpVNKcCAggAgIIDYJJETCGCt+HVqkfRkz90XPR+KhIg71c8L88ZqUKiCLaaX0B2BS0oa1qmCrgMk/5LSohiZnObpKo1lglhn6fUel/9jlr9x6zZObp3oqYmISD44dMi9xa+VtYC5MuNLjh7SwdgdwLhKGR80vrCRFe+gRwydSHE6F5b51DKV8/xtrl2XTGmNB4CzyWpuxqFDc4VZCJa/PSGYugajq2ycz5hl24PMXxUnKeih9sfeCmKx2aUFehu9GdRukZnaS3MNmcvJ58HyqTshkBHe4SD6zESzsdJxBhpV2tvrr1GPaYKTdfkgEegGEZ7q/xMkN8maamUaHyyBn4gHyCb8TgXK7Z7UjpWOKlmchR/oVhygR0g0oEWwF8EHApSdLyPp2mHqyYr9UhCZLTa0OzhKMN+HfNqHRQrt2BfH3uNPhd9D2TXvCRQLi7PKmqwaTeLFs0A6/ggcEi8ERM6uXyEAgvJkHTGCTArmLczEqpu06hJ8l2RjgcllOvUoV7CAWNBLkQ5h5nbOvnIXW2aBcgxx9qGL4iOpLpoVweXVYZwliIoUed1p3NejVvG1xiW3wTM7gSUBkLnhInQNunaTAbdANCup+pZ8C39wDsYQZHHXqnR1t3eCI6M7l7VT8lPoZ05fE+Pqtf6FwUJ1pEuXPn/eusyDzHNqIw5cCPOQG+p74LkMrqJoHJ2By3VJLLCZJl2bS8ZtEUsk0qZV9XLqzJ/2pACgho8doywzX231yKeoRpHAEZkYB2KjlhNOrmRL1xwPiJu1KoHGN8ue0kMRjX4rQRBThXrG0JwxG9CeuEdaElV/ehFGNyD3j173tYs/nOYY/DxfZYT1bDZ5w8j1I7ax8b2k4O10tXA1D+zKZI47Cyzg8vmaMje7F+jBpQ06vx+lnjXjADskeMsHN3J4E/DW0xqUsrdiwR7feU26O+w/sakILgrc8ZVyv0S8nwiWSotl8ekVX8uwCdK/vlrD1DBex/LGNmrt+LECaaf8EDZmLwswwOADw5x7OvASB9F/+4x2+nfcjeyjEXqlWfSmIfMIJiBF4JJPHnXLzRHEmyCKVxZJw0ErlmKL1QLBQCjMnb2oms1w9rZEUGv34MAJz3AMqNniEULtXSKatbNtM9gDakw9KuBOqcTu1AsL3Iy7Y7pHeowDcEm+TAxMCEwCQYFKw4DAhoFAAQUY9Z7wQgi1JreP7sP9ybsPlPfI3AECGELXkhSNQXlAgIIAA==

Client instructions

To make clients trust your certificate issuer. Please do the following before connecting:

CryptographyHelper.OnValidateCertificateCallback = (certificate, hostname) =>
{
  X509Certificate2 issuerCertificate = new X509Certificate2(Convert.FromBase64String("MIIC5zCCAc+gAwIBAgIJAKu0MK5SkuvpMA0GCSqGSIb3DQEBCwUAMBkxFzAVBgNVBAMTDlVubmFtZWQgSXNzdWVyMB4XDTE5MDkxMTExNDM0NloXDTE5MTAxMTExNDM0NlowGTEXMBUGA1UEAxMOVW5uYW1lZCBJc3N1ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiKUjVcaHOvHlQ5jaPXYocqz0pDvymnPFuDkYe4K5AqVJHDJQCiDTO+iNJ9hGBLwx90yomPf/fgQuCiEfdn91aZ0ycRu8U/80d41DBzebwWYHtl6W5HoptyZSSW0bHnNPctsBaNBGIUo6DKs9utP1M1GAxWkIA6g4pLhX313YtzvbHVSCcf9dLc8nHZXmOBw5+h5IHjUZlblAofD1x5xzuXRj1Lp727XdfbnC49UnaRcSdVEuPIWOFgT6hzLx5oZ65aA7khKx34KL6xQlwtGhPAN+2SNb3NiTXU5hEWwNHEIK4Um+ir5LM5/20g1q+06D67uwPm/0JLTFEVagvFb7FAgMBAAGjMjAwMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFPZdiTG/B1V0wYMSsXcsK81krISRMA0GCSqGSIb3DQEBCwUAA4IBAQB19htPcdeYUguWxBltZpYcYIlxtS23AI6YUPUriL1LiTUZgbm1vS0CBxQHaU9hsAff+8qBY6+tSdfXGHca1jpQUOvXCj5r49Ysn1UyzWGQarVQi5fnfrsAXjF+fZinnH7t+k1Oqb2Vq6ZI0WP1hDMETjztmSPsbfRZTYt/ekIwVl1cxIlWfbL0PMoCfyeFYxInuT8xrIbAIhwcB3uP7Ux+MnpVfVDaLE5MEg2aRdHofagLeXuuMADt6O4Viu0iFDF8Gc8h29gSkbrXOwlGL1Yd1EjxcQV3fXf6BIZlKZvrHX4bsd1KczFrga9Gfk1ckxQApqhpbb7+ccigaQYF8Vp+"));
  X509Chain verify = new X509Chain();
  verify.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
  verify.ChainPolicy.ExtraStore.Add(issuerCertificate);
  verify.ChainPolicy.VerificationFlags = X509VerificationFlags.AllowUnknownCertificateAuthority;

  // Check if the chain accepts it. This can mean that it's from a CA we trust OR our own CA.
  bool isAcceptedByChain = verify.Build(new X509Certificate2(certificate));

  if (isAcceptedByChain)
  {
    // Validate with the last added CA, that's our CA
    return verify.ChainElements[verify.ChainElements.Count - 1].Certificate.Thumbprint == issuerCertificate.Thumbprint;
  }

  return false;
}

Details (Advanced Users Only)

Property Value
Issuer Name CN=Unnamed Issuer
Issuer Key Type RSA
Issuer Key Size 2048
Issuer Validity Start 11/09/2019 12:43:46 (UTC)
Issuer Validity End 11/10/2019 12:43:46 (UTC)
Issuer Serial Number 00ABB430AE5292EBE9
Issuer Thumbprint C9D105E7D3C9EAD22AFF0F058B277F72B0658856
Certificate Name CN=Unnamed MLAPI Development Certificate
Certificate Serial Number 00BA764F121B396389B1F60886A1F87518
Certificate Thumbprint C2624526B7C93F474E0BC23C6B939A4E772D3304
Certificate Key Type RSA
Certificate Key Size 2048
Certificate Validity Start 11/09/2019 12:43:46 (UTC)
Certificate Validity End 11/10/2019 12:43:46 (UTC)

Keys

These are the keys that were used

Issuer Public/Private Key

<?xml version="1.0" encoding="utf-16"?>
<RSAParameters xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  <D>k3Qo93WZZcy6H9cGW7z53nHTbmdjU/m4C5RNLLyvlrqgx1xnphnGs0J/Hjzz0909ZZjDZfzQk6LbHXngp2U7uX3fCufxdM3Z7UiLYX9idMFfRPW1Syy7QXOgdqkrJk2z1KoVJLDeFHDFh/5AmvFWtysSwS3KgNxTvhxa+3/fxWxPHrcCpdPm7KonrqEgUTbjArTP7Z0Cu/sOKzy/kVYd5zHr5zU1UyUHo+7ocogfUCiu7OS5wWwILegUx8NqjbPGX3uoJQjtQ8v5wQ3Mrhz0b7hdoxDxHPbNiesd3dWuZPuL8METKAIneerX6M6V3zQbugvSDNgd2amMnAnXYWTKgQ==</D>
  <DP>U4EHNtngnY/ATTBEjFJzw0idfbMDPBGOHztAET56MyoEVIap9N9HrO2pFUl8jjTtWIyxLGgtrSQdv5xx/vpX5HE0vAQgFkDIUE49wjV0kOIlEgUmyulblYJDYxZSFpWdO6EclN4oUSGJigz6W2w527obO9YkIPPWyF6SpvM2HiE=</DP>
  <DQ>m0dxl2l/+TlW5NDj1HwajQO9MAuqVOLeDIY8fyVv6oFjsrwcp3768oOuFXF1ur7s7wAzudoqKw30tuS+WNDmgOpr4y+om8tK6eg2p1durw+3ci0Y+m29wlQ++yY5UKPDW7OF91/i2K6pnVSRXzic2gHkWU2yUV93qPST0OXjL9k=</DQ>
  <Exponent>AQAB</Exponent>
  <InverseQ>ZWUsZzuExfwEWDIrfNWc3hXIbMiod+YTKK4xFSIsJ6mCt9lui+KvlA+Tq53c7gkwcSWymAkKrQ2oNiURn4f+fdNfSUP++w9yfq93PASiAeZGzinZgTWv0V+2zTHAPP57j/scQOfN/gh7EJnjSudIl1wZ+QgyEVDxv9D09ycmPHo=</InverseQ>
  <Modulus>oilI1XGhzrx5UOY2j12KHKs9KQ78ppzxbg5GHuCuQKlSRwyUAog0zvojSfYRgS8MfdMqJj3/34ELgohH3Z/dWmdMnEbvFP/NHeNQwc3m8FmB7ZeluR6KbcmUkltGx5zT3LbAWjQRiFKOgyrPbrT9TNRgMVpCAOoOKS4V99d2Lc72x1UgnH/XS3PJx2V5jgcOfoeSB41GZW5QKHw9cecc7l0Y9S6e9u13X25wuPVJ2kXEnVRLjyFjhYE+ocy8eaGeuWgO5ISsd+Ci+sUJcLRoTwDftkjW9zYk11OYRFsDRxCCuFJvoq+SzOf9tINavtOg+u7sD5v9CS0xRFWoLxW+xQ==</Modulus>
  <P>z1GxnnemTond0E92pGlSZuZz/fLqqj9jcSQtPJHahe62j9AJu3xERsUke8+k1cx1yacB/67xvzcBouZ//VOdknsKiMVCgNtlMMbod5bIjzVoJjFy2tkgD378THnlkmO2u8IM/saH8M+4ROF2+FqXqHIKC/EkaE/o19CMK9p1nKE=</P>
  <Q>yD0TRDqrikHd605fMIxPoi3E15iReg6fZMurM2tWd9TKwe5JQkcJYwOepZmuMnSuCNS0OIbbEDr+kErmL+4avx2XrYdjdilwgbFxXV6osqvNCH7VB8fyddwzx30i3JgQCSRTl3UbDXT3CzlJVJByYKWx8I5jq9PW0W1my9qA66U=</Q>
</RSAParameters>

Certificate Public/Private Key

<?xml version="1.0" encoding="utf-16"?>
<RSAParameters xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  <D>lNIdNEbwLmpoNqmRWUcDy/8kg+/ONrURIUNn2eKN1c+dDE58zzd/1QYvvX2pbB/i60f9NNH5c0qjcOs0b1giUaloGguhkV7vEwiA246ZQ/6o1olgcZTVh0ZHlqyez2fUNSL/mTvsK0qbwvXHm4dB6N/U2aQ+aucWPptEKKVMAdl9DgLJASm7JbPfxIf9UVXraEKm/MOoqysmdJoOyh9NBf1DckITPJdYNrNKkcOokWHKH8EPKUXoMOoLrMc58XyR1sEg7rliQFmI55br7IrL6Q5I+hfilxaMdsm5umqgilXQOMsPuArPBZHUy+0L5+um7hT2EAaZO/lOr9bsSIRyoQ==</D>
  <DP>IXeIgD9DyBJ/wVmzmEqCf7qLThUjJ+NF08bDOI3Meh1tlMVKsl83ZSbFNXJzSrTzwRXVgs8m3SaFDQt0I5BlsT2tl0d8wJ4nDmaDqwWvu7P5BSberyUKBsZ59hKRTxNm3vCNW7AzUo9S1uskqS8Nb0+GjUVg9LNjJ35EONTd4qU=</DP>
  <DQ>0+ZYZVU+dVOrOmug50e8ICuftBOJUIkPnTnSp15veikFR2N8kF5eDDDlAKX2wyFuA0EgBcruNM0oCo5E7u1L3vskNBkpbFpLujuipGdTMsbK793DVQlJM9z0UYs0IqFcNM4bqEcsAcCIYy+RuhEECCyZKrbEUDLRZ9+yiDyX+kk=</DQ>
  <Exponent>AQAB</Exponent>
  <InverseQ>as2HBxwinzZEdxqkbYXjcasIdNGYq/Shp67fYnODmUwlik/lDpc9tKAg92huyoPHb+KtQoyqU1oM4k5vowKATFy7OH3nxCI8KnXGBVNkdy5f3hJe4UtiFAfw1vA19KIsmCJn5ybqBvd0C3tZvzGZdjEVU3xg4P5+FScT6ozWmt8=</InverseQ>
  <Modulus>5uEbKdbeBgb5DLA5zkLu+jlzw+khXqEM6O04fMEYXREO4glQogwQ2Z2plP0DCnSW113u9s7a0sS5pwfQQyw/kYk76xRDLOuFEOSPPDvBxF5rm/M+VtwxIqmHUG4VWw/Zx3ea8b5wX1pvJobjPCIEgmwlSk14yIw2PEUmTIK7IO9AmpTz/Z+Ny+IVJKIcbs88QyVisS6r+EKkcUYTNhQbYWg0n9EIUb0HLuIrYvhi+pWq7MyaMzRD09VLgPYZATia5l6cw+/ZpOSYoPFNawytdQooIZ2XQG1gwYHrgomgfn68vlC/qTELiyyMEARR5pVW7Ev2eBB3Vwz88Bb2k87q5w==</Modulus>
  <P>95vyHxcQOQ679stBUJPR0vIKxOHr6jixxJkHFvn18K4WX+q2wbArl6yakNbPMRR5jmjPaHcePRPjqjz00OhlUH+XLUoLN2Y9hB7PUXsFpZdJJozMU5Jxg/lQ/q+UxOPoQPOU2BrKf5XNbmYuBNjUMouzYQuurS5o7xr8Ge0erZs=</P>
  <Q>7rQGolw6qIpY9yZ/4pvfiwWI9kokZkXuF5MDW7cyUMYduus4vJd39E7kxN1HdOqg4KhIDer79ZhMNjRBbcMGOSWH52rNPHMuq/pjmuhZ4XiDi43IVwFWt5bsAd0WMb9YiNdwry3cbqApjhpM1hPK/ZUmN8cb2WoZF+8CA9nOcqU=</Q>
</RSAParameters>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.