ONLY USE SELF SIGNED CERTIFICATES INTERNALLY OR FOR TESTING. USE A SERVICE LIKE LETSENCRYPT FOR REAL CERTIFICATES. THIS PROGRAM WILL GENERATE A CERTIFICATE AUTHORITY KEY PAIR AND A CERTIFICATE SIGNED BY THAT AUTHORITY. CERTIFICATES ARE ONLY VALID FOR 30 DAYS. AFTER THAT TIME YOU NEED A NEW ISSUER AND CERTIFICATE.
ONLY DO THIS STEP ON THE SERVER. IT SHOULD NOT BE DONE ON CLIENTS. THIS STRING CONTAINS A BASE64 ENCODED PFX FILE, WHICH IS A COMBINATION OF THE CERTIFICATE AND THE PRIVATE KEY FOR THE CERTIFICATE WHICH IS USED TO SIGN KEY EXCHANGES.
In the NetworkingManager.NetworkConfig ServerBase64PfxCertificate
text field. Enter the following:
MIIJaQIBAzCCCS8GCSqGSIb3DQEHAaCCCSAEggkcMIIJGDCCA88GCSqGSIb3DQEHBqCCA8AwggO8AgEAMIIDtQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQICyYLyP/lJ0oCAggAgIIDiAVB177X0l9uv8aRQ/Hr6gvoFwwKFCObKblkobNZOPWI97HB0WANhoBg2cIH49SkWqyo5zY1uB1+z/HYKpwRCiX0MV5/pqo0uJPiU/Q7MkKvyNs0jij0KbYOqLv3ld+zyI/ueS0W7vcpNEke9zhR+aqViYIhGQ+g5C67vXkGGzzXM3zLxK1Tg7YxDqUShDfqC7SsL3AtFGDJ7fK/OC2TO4Luu7gePAu5a4Enx6u92lkHeDcsZuDs1FajS4RQrV356DiCz/ixVn8BC6hwMHWcIJ55GX6MshTBX7P0zA4R1QKO2yohdrRgl6EY/7mi6bXoJ4OzQY2apT76Ouu8Smqj12b1UKBkqVmU/E91TFQAHw78FBPLLaOgOyq9UXjJiDLrhd7O//vwa7jl4cWOl7ssqyhtkfjNRAzalErdxEr2YTmCt2sCfbyU8dG+6Q+vr2M13NRwFad9DremfuO+wR5suK541a+2uX6v/VaN+L8SEWXx3WjjDy2BVDPZUCAQl5Au5rJZ/jTfmnQa/IEwFfMyoSfLRmR+F4J/tKkt+9Ra/NbcXn4jNmyeKxWXYBoCPJqC/kUDqo3xe8ZQq/9Uz+zttEEOIGzGjUOlbf9GME5AlNR9n9YI/D4mwaPf2w1hcivKIn2XnxtWw5V+BYhYQeeThoKan0ec5aSXJf921YlqhZMfIgPZXWq4e/0lmlFgEeQL9uTEJ5fXG/vmVkHVReN4I3E8YtAa8lvpAWCvWwaoBHRVE/MVhglEMNUXlxWnRhvksL0G+VM6duWFhhPclQc4snUsniKUHJSRo44ejToOzCPdEces7VoTkOoTVRJ+hN3YrooekTNoI94F7BSqOYJA71MVAtk3giohJ6b7xMFwfRVq/o31n13RPyKSI9a6QPVgv87jlBezBTpwi9VODH1G62Q2xCjZbgACSWOJTG1oFIvFbsFT7KKYV9hTDtSn1JP0qERqziMfqUFyvP4gOH292sk6WZNO3M/+zfEK0MTdk202dNMEbOXQLA+OMjHW+gD3GG/eSpV2hsBylw+D3T2WWCOKuC8sOHNSzGxV4DougW3NSZ87Xz+O1Wfk/A+wA6mZgtyvVVu4WuQbzR297jxt0K1M/m/PJhBaL/dWk1D0IaqmaUw3YjMiuFa49j2hXnH65VbBp4LazaPdyE0rFbf09WfwwiO8jr3iqEovMJ6VoRqr93QR+fYXURkwggVBBgkqhkiG9w0BBwGgggUyBIIFLjCCBSowggUmBgsqhkiG9w0BDAoBAqCCBO4wggTqMBwGCiqGSIb3DQEMAQMwDgQI3OTiUPBS058CAggABIIEyN6HuGX8Ld5ehYBoWm3PkFlDZ3sKkGmgr3MS2O455RFC1vppTiQujAgNxd6uePZQ4BXoi4CIp/hu7kBvdlbM+A5H88Q2jR5vA4Zf1fpuytsmd3kardJJw+dsGuCDWuppVBgKh1KPHS4sW6rO+sITskeI0wxvUlt7jKajR+ibDv4ZZDndTH63hNWUAfFVPJC+3TvCULasxKRnaOOxIQONmgw5HXJPQryjLkaA5hle4Y2Mu3QLEbQRQBJZy5SuvZChmZgBKQbYqzUZUox0dWj1d9DWjexxWJ06dPyGBpRT3m+qy5hUkg40vsMITBiqcsfaQzna0uzkOdwDg2Y53R+yFAAk8qMywAOK2BG8QmKjb09M/UTZudJoO6reBNwCtJEUt39n5EzNBRfJE9OazbiyiSH4tYRB8PSEGM9pTasJRhNqmGyY3QkNyv6MhhKtslGXe4MPBZ5Wh2cqq9cYNN9EQ+pX8/T2sR5YKN5BlPv15QIExm4g6cXGt0Oz1NxKKkJrNZ1Zn9fr1Yp/+0yIcZXPA14BgFwbdD9VpasEf/DstdheXcRfCNDuZHZyzWh/GkTVCuHg5xqfmVgxace3/4excFGMw+H3g1v0s6ikU+z/BMLqtmPlRxjQ2zvR3rO0b7h2JRYatUo4QE0aJl87NIBUTkl8RMUUxyf8d0crUJMcNYckHyMDjhSMwLD3XKbcUg0TeqbN2HTNbxOWiA2sp4AQpuIBc3gwpRDXWiruoEZGdyKAtTUdOXFKSFEFq2Ze0mBnoO22lqP6tllCgNmO2i3y9R4w/vcXGJF+u7DG5YRZ32fsymfzlv1mTx5HnPwVGBX5DXHbVbdby0euT/Psq2gbUyipP8igsUN02cKs/QBJLUuXRDUNwaSMqGW5i1DBARBsvhRGrL0z/0+S8yYCHgqFn5EMa6Ppbyure/AcRUBCdyXPBJdzE4Ww5eCR2zN6VQjpuZWxDKrJMVBcGeM7HEzfAxFRuo1+17zvvJy2V6dmEY1SpI9xVG5j0eZXIgk0SEYSxMwsC7Q9IY+lCXVBnyrmcq+Zo+QLjrII+1Unyuas0AWby0HKZJFa/bQTqJG0AO4DRpNZdXikDCwSRX8C9UO27WYiUKr/8v2O56iX6PEOv3MgfCHlVSy/LD4zP11RIdzuHCseAO9gJ/9/TzJ5HbbYrN31Vpgb/RyaP/EX0mhk6GMcf66VhjjtlA9r8jfJ03bE/bgqei5JWVCUM+eef8FfUf+FEm5XSI5AtHQ8Uyx6t7Eko5qwirrqxUBlCTqhGMQogfo+FfwmAmbITju+HeyPJr1PQ8X7wXIbNcG3aCg5/D7wgGVrjJLKnsbAFBfcGAf4H5g/I9PY50cnIblYC4LFomsAQFd7Yz0bcH2Wuehl/d5QAIu1Y9REsESnl1aQdRTnuDCfEXJyfsQEjhO8uZrCz4uDAXGHAUKV27+PJijNRzM8K8VxArcm6yxH+wNZEYEzphlyi9tJonk7dvAlWy8aFQArQCCdjHxhroDjqqk8YZEKGkWWwcLpmFvMlTyNJKVueNP8ZyAsmwgTiLeLmjbZTMCNcsLQTSRvgQrCoIfe58NWHfn3N97HbWHhkqPG0aHHODgWIp0Sku/n1EwUjMqqbZi/r1GwpN3ZxDElMCMGCSqGSIb3DQEJFTEWBBR5qFmFStQ66Gc4JN2GEB35A6c4CTAxMCEwCQYFKw4DAhoFAAQU+SIR9dznrK3iQcvWw4XPbejkbXQECFyhuZUAIE5tAgIIAA==
To make clients trust your certificate issuer. Please do the following before connecting:
CryptographyHelper.OnValidateCertificateCallback = (certificate, hostname) =>
{
X509Certificate2 issuerCertificate = new X509Certificate2(Convert.FromBase64String("MIIC5jCCAc6gAwIBAgIIEUyMGbV8gwswDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UEAxMOVW5uYW1lZCBJc3N1ZXIwHhcNMjAwNTIzMDE0MzQ4WhcNMjAwNjIyMDE0MzQ4WjAZMRcwFQYDVQQDEw5Vbm5hbWVkIElzc3VlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANQCh5NULjhZel2EMzqYxiyygLtAtyy1EFGk+vWGUCjWzr79trPRhlKkX1USa5F0jQPkj6vedeExQnozbL6pBULMIgi/CESe8k3UlM1jt/g1c4/HbumOZ5W3K0XTuLAOXTq7XDa6AVz2tJiYeSJX+A1/Awzx3JH4aiySpQV+1Wp/AwGwLsdqRfPDnYRqm2ldU/mR81RsZHDr23mlZxnVLbudOSsRekkC9kFJo5egsnqXqhVT7LjQ5YGno5F+6Zwg7PX1o6eGD7ut3R7tqshFSTdfoZys3HEPxjT2R92XRh3vKdBsOv5/q9fYvSrrS9rdII/rXzk761WlJ02sXVqFCs8CAwEAAaMyMDAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUuhjkVgsRQ5hzqPEU4sRiWXdPagkwDQYJKoZIhvcNAQELBQADggEBALswm87rcaexHu44qMCPTYuID5K7MPZrlHjzmAcW+yZ7zo7BARW8koAsfAAwdoz2VvoLROmb8fO7UuvKznJQVqJ+p4i3bSsK1CVdycqHuic9mV9ppLRxjuYSuyjPDXx5SZJAYhlVRolpNyFBF3jdrysGQ1v2SpnnR/YIvIKWZt+mNyvRwcSED1kptF9LJf6BgbLrJikIFX9a51uPQPH2BHx2z6jVNKjr2qVNSAHLKb7B0lzGfKsUEoGf5exb6YCR3F4gNGrv019IN41xfd3O6/CkzxAQE0xIfUFSUV+zxNNJ/UHv3+g870DRn+0thZxMIapHvZEzh8Dflu795UbqrH0="));
X509Chain verify = new X509Chain();
verify.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
verify.ChainPolicy.ExtraStore.Add(issuerCertificate);
verify.ChainPolicy.VerificationFlags = X509VerificationFlags.AllowUnknownCertificateAuthority;
// Check if the chain accepts it. This can mean that it's from a CA we trust OR our own CA.
bool isAcceptedByChain = verify.Build(new X509Certificate2(certificate));
if (isAcceptedByChain)
{
// Validate with the last added CA, that's our CA
return verify.ChainElements[verify.ChainElements.Count - 1].Certificate.Thumbprint == issuerCertificate.Thumbprint;
}
return false;
}
Property | Value |
---|---|
Issuer Name | CN=Unnamed Issuer |
Issuer Key Type | RSA |
Issuer Key Size | 2048 |
Issuer Validity Start | 23/05/2020 02:43:48 (UTC) |
Issuer Validity End | 22/06/2020 02:43:48 (UTC) |
Issuer Serial Number | 114C8C19B57C830B |
Issuer Thumbprint | 04650A70413994042899EEAF3D53358347AF0CA1 |
Certificate Name | CN=Unnamed MLAPI Development Certificate |
Certificate Serial Number | 556E8534DDCF6479353E3951F8FADB9B |
Certificate Thumbprint | 79A859854AD43AE8673824DD86101DF903A73809 |
Certificate Key Type | RSA |
Certificate Key Size | 2048 |
Certificate Validity Start | 23/05/2020 02:43:48 (UTC) |
Certificate Validity End | 22/06/2020 02:43:48 (UTC) |
These are the keys that were used
<?xml version="1.0" encoding="utf-16"?>
<RSAParameters xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<D>p77wooOCppc1mHSXTA/BDXCXJpHH3RnONatB3a5OEmIT5047lv97NjxUKa2PauE7Cg94FdbIkks1fBbgPeLiBL4bV6w+0Hyq3yYKLpBt6XfxXZvAiA9iqjTpijBA+xwCbAv+pFZ76aBRuEM75Q6Rd6w9L6rWiLBy4Z2N8FEwbzdpWWQIDCW2U/itjPy74+qOT4wzFHZFcmkmfdy86itDKQfVE+jXODF/TuJCrHU3PegGVdQ3fjI69TY6Jz+GRGCsaK5s7LbilOfnDUWbvIqyUIk1xvU3Wo2aMB94gAu+Ig82mfXArzCfuDDF4mRamZ3HfcGXtUKQ5gC7FCkw0D+oEQ==</D>
<DP>i9ZQ+kP+1JEbTM8qagJVhuaTyOvWsKoIppsrINHPaR0SoubCyVnoS4yAuOlQik+AncaLVM7gXXVHW6R3XnAYLjc5MUe50+zzPyJbU2SnCud6JdFFOAVzOf4yShXgO2ERHSLxdkq+R2KjO9zhUHYaMbZMVDI7K0rPEz0U0FXO1VM=</DP>
<DQ>uD+YHRUthwdzPIBQ9ETcT98Xwvh0pUWmqsXJguTT/kPBCeK6FTKj/+JQN0R5Hk2TZN1Dl73AidrLFK1qIFZBYpUYxpXCrR0pBwXLK4jakO7FTmHzi6o9ReanYIQFLzlqbfQM9yxIavf5WQKfdC6H4/pDRvUtwF9y768L6G+VzRk=</DQ>
<Exponent>AQAB</Exponent>
<InverseQ>thK5XwQQcs2kXMZg4mKMkdN7wRPyTqe9IBTjxxl3eSaMyfI1+EQ4UGHpTZys/jMV5EBsUrtHYM01AuzOvx4W64dN0ZUvaFj9GbJS3cmzYvSWhb7qCbfQvBrMqJa5uFU4TJjoXn/3qA8DjqwoKjaNChjOGuDaCdKXpGYweQ7mTew=</InverseQ>
<Modulus>1AKHk1QuOFl6XYQzOpjGLLKAu0C3LLUQUaT69YZQKNbOvv22s9GGUqRfVRJrkXSNA+SPq9514TFCejNsvqkFQswiCL8IRJ7yTdSUzWO3+DVzj8du6Y5nlbcrRdO4sA5dOrtcNroBXPa0mJh5Ilf4DX8DDPHckfhqLJKlBX7Van8DAbAux2pF88OdhGqbaV1T+ZHzVGxkcOvbeaVnGdUtu505KxF6SQL2QUmjl6CyepeqFVPsuNDlgaejkX7pnCDs9fWjp4YPu63dHu2qyEVJN1+hnKzccQ/GNPZH3ZdGHe8p0Gw6/n+r19i9KutL2t0gj+tfOTvrVaUnTaxdWoUKzw==</Modulus>
<P>/6ularL/RLYd0uU0kLpe5UTNbMZl6v5qsI9OgqjvaoKQ0o1SJ1P6hoP4IB/Vob31bMWNQRXTpsRdON6P1/HSGCZGsZiYAT+MrIBtoDLssUAbEAeBoHmp0oQ59yGIho/a2XhWZZKw1VkkWTeJT9WumILEjCuPkcW5nDNkqQ1ikqs=</P>
<Q>1Eh6eMzpnX8YucxpjKZzZbNc8g7sDWdpyq35bqkyjhcOwpo+FtR8ML4IDdjGZYInhpikfY2iJyI8QDvn5yihMf6FW9TfWRVC3rMdEgwbXxEH+J2iwYgOQiPCEZp5sPttBwFIRClwbeMXBSztMPvea1IYeG/HWqfG9xa+cVblyG0=</Q>
</RSAParameters>
<?xml version="1.0" encoding="utf-16"?>
<RSAParameters xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<D>4dZ+bhOVSqRNGufOPTB2jYe4aoM8DTDZnzB0UAajZaDErdWDEOvApWsh9JWcTONNQbiv29ajyJw1crIitf2OiHgRKZe3MaMrzojvkomaMJ95OlfzZlQfBqrh4/lCcIltA/IhSa0dBIP1Tz1MplOCRAA3DmaQg6oz5O2D+MVi0gGieL9AwTvQDgQCmyv6IxS13iqfH7dbozd868A5C9I2mHEnwSZ54HVnq31WA11TyNbynF0WE8DiXDW0WWdkfeQ442liAKeefAaPd4zANxvFVnsY+CwX3WP6hwg+SdhIPQ/o9xZU5FuDWG86UWqj2gGsGAMV94NQSaXSqd/Z4nFtoQ==</D>
<DP>EQXI0Z85LyzJJhzzTJeKg/hVKhRYgERLQOAftL956Ks6aTYMXIkgBdFcYze4nOUW9hQHSGidNKNnn3x8m4n7YxX036hayYrrWobxQir1OH4emNE1MtmfTrs/MdqM5WDMptd2p0dNuVVJLW+XCf9BUmngkXjY3OaK0DM7r8CNfTE=</DP>
<DQ>5SNerE7pzaWyIuucQfmV4RD2XO2XFycvDVvDjeP/sW3PUbTCRM52QbgcgGZdhxAV6csgMu67IKooEfokg52n+JVJcFlaFOdccSZv7JMI1cw0ERh3/DZKq+m9U2IW1LpPFKFRxgGtZ3VG12P/WmCh3kC7j3KAU2VxPQr0lE1iRHM=</DQ>
<Exponent>AQAB</Exponent>
<InverseQ>fClUWIT2aL0ynBQO4W4BMZXJiWA1ueczZwbzNSev73NJWVU5LuDb+U35TPoXFSV1U4NAFUHN+B74JCj0vbB8zaR7HUDkHdeBdGCYHR4FDhzzcN5jVHOGeErrwbrYW3NiktyqUQI8gIuyUxEI+6xKl8yN5QrcKSQdwtfL33U+Y1k=</InverseQ>
<Modulus>56CFu7t5LBBcXdkF58GtNpx8mwb6LjZou8K3oLGCg9lGr5sbvto7DMRrYmO4jaFCUh0FJnVsfgG/OrodhvAiD9XcKoTDwRw23ITbrC0phLdSGdA+XRCgrkRDD65sx2LYoJoewoAkGHFGKNW6lb+7oleVGxPEUJHsrZNYGJ7K/3n2aN/G1Kl+XAXJGt6KpPiOipz4B9cLU9lJkjyj4zjXwDetCy7x0gZZKhZY8uL8ebZa8GlpjtUDhDAG67+Eft9aokWD48LPcZMS4Cf1Kn/xbu33q+OOeLS+VLJv4QUyJ+jG36DJQbcFF9d4Wq6/rz1iz/ZEQGCkChTkhYd8bMw3Zw==</Modulus>
<P>+mrff75sSL9B2O41wnKH7jwsCm4iKySxDgrzlJx0FavvecqmN9M15cLe4HVyGboATAYN7mkFaoPWGlMY/4RG2z47DOKL+amC7XTPnz5tfnB2FXrqVu6Y/Px9kEa5JLOh+BOfnmyp5hWiuICEBwcHZM1uWZwIYAt57Dw3G08Va1E=</P>
<Q>7Mppq4T4uWSczUtwAt2J386fF4FUhKtjgnB9JIaasrVWUlsfhTlvAzPaAlhBxVJfJrxdsNZKInQzq2rARcMRt8HYBQRGy7P4n4HujLSGQx4RhCZaPOfw7ZD5GQuGhkWAjw9xGZw8aLBpIhGSCxWmRusPqKvlRNgTe5lMU2/zWTc=</Q>
</RSAParameters>