Skip to content

Instantly share code, notes, and snippets.

@MidLevel-Bot MidLevel-Bot/quickstart.md Secret
Created Oct 9, 2019

Embed
What would you like to do?
http://cert.midlevel.io/ Generated on 09/10/2019 18:33:51 by ::ffff:18.208.126.191

ONLY USE SELF SIGNED CERTIFICATES INTERNALLY OR FOR TESTING. USE A SERVICE LIKE LETSENCRYPT FOR REAL CERTIFICATES. THIS PROGRAM WILL GENERATE A CERTIFICATE AUTHORITY KEY PAIR AND A CERTIFICATE SIGNED BY THAT AUTHORITY. CERTIFICATES ARE ONLY VALID FOR 30 DAYS. AFTER THAT TIME YOU NEED A NEW ISSUER AND CERTIFICATE.

Quickstart Instructions (Basic Usage)

Server Instructions

ONLY DO THIS STEP ON THE SERVER. IT SHOULD NOT BE DONE ON CLIENTS. THIS STRING CONTAINS A BASE64 ENCODED PFX FILE, WHICH IS A COMBINATION OF THE CERTIFICATE AND THE PRIVATE KEY FOR THE CERTIFICATE WHICH IS USED TO SIGN KEY EXCHANGES.

In the NetworkingManager.NetworkConfig ServerBase64PfxCertificate text field. Enter the following:

MIID/AIBAzCCA8IGCSqGSIb3DQEHAaCCA7MEggOvMIIDqzCCA6cGCSqGSIb3DQEHBqCCA5gwggOUAgEAMIIDjQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQI5C1pmwofTkMCAggAgIIDYJBoCxzvielvRBzP8rjMDQPMhSgfenHkCPspmEA/4isunvYegObbp7ifs9P+csIWGjTn8np7QBY1T2Am1fM71s5W/ibq9VuLrEiHPRkqYwHEMQujJ/OfNQBm5ooP6ltZXvxBSLfZju+J6KGV62MVD+6jfLG63U9pU+SHQg9OiJhfo5cOkHczCjWO4dvq/gTWc7MQaxru+tFySAolw0lCGBQvHZQgYQTNbLUsIxmM4+poNHCMDD/WFCLlKtG34HkPEGzzaYf0DpRSUVkPSt23v06CgQAFU5DGZoVw4r/Wmn1lJaCqp0cei3vN9vXfLO+9GjH1Z47lz40A8ky66t2CQzE+0+kVwUguC9KmQzKkUw4qtwoLp55b9JVNDQUXyoWPYbSXKgyN0CD1KPxzPFUmJfi5OaHTr/lo1Sb4yhXYqxDBx0jxjZw+ImcM442g+ejrppvmvVMHxm0I3ly+K7bQPXarb5OVh+2KxqatwWxBvm2GoyuQv95qgecDgBGXUDN0nnZW3MqqBi0fpubtppFzEDi+cCzx1DUGHNzAbaqUrWvbp6VEntq036Srn8MBC8IaRqBq05mt/iKkK8Y0GMFIar836V+r5RAtoYQ77g8vJ1G0e8uLeJzYE5LKdwGJP0YssK4MjEpAdqXSCOc29NlnWBRoaZZFKYgSsXuU6CHhAr/I+DqfzQvwp6afnniztasEVMHST4prLY07Pfdb5DLufcdsn6ugOSKsUVzG47C7v6nBCPrkq7cXX8+Ga1VQ6iEWT0h2aQX6J6FjNwqVJGliu4As7LhulPcAgSHVttg1nnNRFRzNLZKgETdwfpV6oEJpnPBQyhWW6jiKkjzriQ/s5Ms8DngEM/DukA6v6VmKdpiKlezFrnRQqecjNnuLlWjpyAAUncF8MEnewt2r1F/gn1WTjK6qV0yKusZv4S0V3t1yXEuuLLJw2Br4IansANuXRC/C8jVu4Ba1qhEYtllfsuz7b3i8k4TgWkT36NKGcACvmkFqefLTni6W3OtUqU2xZTpsChG7aGehd+iWNJOwzQ+0+YIyhuy1wVFIx/I1HC0hjUIaR54VsnF1bsrUbvFhCnxCnczcdGJlhQpizQz8lbGlV4qoyAt9vD/pc9mriH1butCrIksH1U68V/JI5c+tEzAxMCEwCQYFKw4DAhoFAAQU4RPVi8L8/ji6zPAPh69zTaCIqz0ECGQT4xo0CQuVAgIIAA==

Client instructions

To make clients trust your certificate issuer. Please do the following before connecting:

CryptographyHelper.OnValidateCertificateCallback = (certificate, hostname) =>
{
  X509Certificate2 issuerCertificate = new X509Certificate2(Convert.FromBase64String("MIIC5jCCAc6gAwIBAgIIcPDH/n3zVhcwDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UEAxMOVW5uYW1lZCBJc3N1ZXIwHhcNMTkxMDA5MTgzMzUxWhcNMTkxMTA4MTgzMzUxWjAZMRcwFQYDVQQDEw5Vbm5hbWVkIElzc3VlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKPAjAWlWokGUAeIiXCNnyCYMiFwBB5ItzjuFZot9L346C1GgNloLeiOou850KIb4Mqvs7BimU2qV03uk8g6k7HhBn3UdFDFUDrzdae02PpsO6NtaZ4AcP9ENCnSt4vG2Tbe09U4CKb7Ty9dmr3HspDrIlEwQ/0D/XV1CPRpxxBmdgFr4Skftk7qde61oQuVRo1o5NdY+s9ak1ut3yqy2RcsdGeKLgamRhS8jwwFuXRK2v7MwQ2GQQi2RAGYRVYLKEpQhM51X64Bv4k34V0+wIip5u8qV5cvYdAW9NMQl/7h/MGOmAR5uKamR3wHh4WZP2S5ZOiVzU4MlwqV2ZbzKnECAwEAAaMyMDAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU7onE7CWjHl1c3dfLql9ju88K0FUwDQYJKoZIhvcNAQELBQADggEBAFxUFdOmVTbsNT5yV4T71QDN5MYagYPOSOM3U8OQhQ7tJm5TFpYxdpx2vtNIIfRRrMMQ+ypBKINDjvDM5vA1DJu05H+E0TvHZtCaNEvgrx20f7QANEpGEyYWKzs4oCy5lREcxanvzRF8B2dC1cOnddLQqk6DRd8EVQMuTCZjM2WRgE36gJyIj5KfTTJJ08eUpAgEoh22jV9b3CYRgxlcPsZbbS8eToJPUoZPTlOxgorz3k1Gxvlqu3+dWvvxTBMqRElqn7KduUnG3nz669CHj6Sk4tqFrk4r48NbXJsk40i4skqrhI/xdHIA+PhGDDdHlWRnEhUekl5Xtj7gG6i/+4E="));
  X509Chain verify = new X509Chain();
  verify.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
  verify.ChainPolicy.ExtraStore.Add(issuerCertificate);
  verify.ChainPolicy.VerificationFlags = X509VerificationFlags.AllowUnknownCertificateAuthority;

  // Check if the chain accepts it. This can mean that it's from a CA we trust OR our own CA.
  bool isAcceptedByChain = verify.Build(new X509Certificate2(certificate));

  if (isAcceptedByChain)
  {
    // Validate with the last added CA, that's our CA
    return verify.ChainElements[verify.ChainElements.Count - 1].Certificate.Thumbprint == issuerCertificate.Thumbprint;
  }

  return false;
}

Details (Advanced Users Only)

Property Value
Issuer Name CN=Unnamed Issuer
Issuer Key Type RSA
Issuer Key Size 2048
Issuer Validity Start 09/10/2019 19:33:51 (UTC)
Issuer Validity End 08/11/2019 18:33:51 (UTC)
Issuer Serial Number 70F0C7FE7DF35617
Issuer Thumbprint 2AF6FC1D509C2D12EAAA2ECD1D968B7F08C07FC4
Certificate Name CN=Unnamed MLAPI Development Certificate
Certificate Serial Number 3837173F95B89D2BF4409941B779A8E4
Certificate Thumbprint 6936CF37746DDCF22AB246ADBD808B5FACCCD35E
Certificate Key Type RSA
Certificate Key Size 2048
Certificate Validity Start 09/10/2019 19:33:51 (UTC)
Certificate Validity End 08/11/2019 18:33:51 (UTC)

Keys

These are the keys that were used

Issuer Public/Private Key

<?xml version="1.0" encoding="utf-16"?>
<RSAParameters xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  <D>Rj5lklJxONBVajXex0JpHWFMN93GVntY5Xn0GFRYZVmttyZERX6UGut852QEpFWTIz8ltKdHHfLRSqPqDv1Zt/dQgo+taayKkw82zD8eyKW/G4bmxJlp34aRXdN/Wt1s9kW11wQXahHp0Oa1Z22PouzKpssujw20HzuaIMZzVwv81l8nDqJ9Rkg9/A8GDrG9wdCX6EBNhuelsRPQU2DCnxILc1FKH7xicXflXH96PVvgN1oepgcOf2F4AWQ7PhKV/q3qz2DOt9Raxbg+ze92SFDGuVaiaWNgbd6OGxfqgKSVPdeYj5+SV3GdyYmGdkYW/zr7umJU9d+rxvdJmmpxtQ==</D>
  <DP>DCxyVnn9ruhPsQ7X1vgrC7jgzuOiACa0f8FX3QY+GWZDqTP1FcEwI33nC+d3xXX7I3tb6cF92CkfL2QiQrXZA5a2PCZO5gYDRM6tHi9LXgs7qYp0viiJwiPjyULfSrySLcYZBpkWgHRmwoMWeR/UTF2AmHql3I3N48Bc7hLSmXU=</DP>
  <DQ>mZAM5LGljFTtX6H26SXPAWkvFrZdy5E6o4fpDvRnCWR1BA9tgt12noZ2Q3MDiJNH+FiJt3liHZkNq8IBAKhadtJ/wodSZ8tsJW8OQqE4LyPnwzx9affUJTDGJ8sRKfCvvdF/4RSsk0wmUgrFRorI0i1o8VPZSHouuLDXJtsEIJs=</DQ>
  <Exponent>AQAB</Exponent>
  <InverseQ>BTxh2I9RXeubh7Z4yaHUCbaWTxowwgmntJIqDyfHLyT8UMGPj4TjrNcMDd8Mau4efjPVhYPGaBPnm2SZUqUeCQuwGa1Ons0ZEEh4CBEEBsZc4zHKNKsP1Mbyoi4XXoNKhx3ttZ3GRvbe+wx4VfUQAe58QWNuDqEdhlRYnxQncgw=</InverseQ>
  <Modulus>o8CMBaVaiQZQB4iJcI2fIJgyIXAEHki3OO4Vmi30vfjoLUaA2Wgt6I6i7znQohvgyq+zsGKZTapXTe6TyDqTseEGfdR0UMVQOvN1p7TY+mw7o21pngBw/0Q0KdK3i8bZNt7T1TgIpvtPL12avceykOsiUTBD/QP9dXUI9GnHEGZ2AWvhKR+2Tup17rWhC5VGjWjk11j6z1qTW63fKrLZFyx0Z4ouBqZGFLyPDAW5dEra/szBDYZBCLZEAZhFVgsoSlCEznVfrgG/iTfhXT7AiKnm7ypXly9h0Bb00xCX/uH8wY6YBHm4pqZHfAeHhZk/ZLlk6JXNTgyXCpXZlvMqcQ==</Modulus>
  <P>2hp9VdKpbFWP15Y/ZFtmTu+pND0WhQSqF6S29n1ZafsJD4J4Ni+4qhAiR0eAIo33+/nMkfGyA5EZpl+SvqSVBo8skeJCpcjxgDTDLK2q/lzHFmcs+POJfskgsWJvhsdgmfu3i7H5q2IP4VYmFf761bdIyBmjSS3wtmUan9NB8bM=</P>
  <Q>wDRxbnuAMCkJt6q58vMUKfMf3KsfSQY0j9nPF+P8Nv2SdOG/sxRAz3EGp1d+8cMOAWua85AB6Vv3SCC4yIASTQc0XN6Y3AAd9v2FC+cKQRgpYKANzKQM84/ICC48gMny9VBDcY2IrPYqhFCq2jPP20OgidGdaESZtXpICPetuUs=</Q>
</RSAParameters>

Certificate Public/Private Key

<?xml version="1.0" encoding="utf-16"?>
<RSAParameters xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  <D>qQs7E3Wgj4nmZpCv4SEKgUbGRtDjIDizdw/vGobhc2Oh9janf70DxsRKNNz7zaiSYkD73y9uJe/xVOR1GoZE8ujBPpJqV40zh/fE7GquX+DlU3pw1p4Lnq7us0xdPr/PLMmcSUzAvTb0usTPfEuGnRALZSyQJmwu2eZK0PMOltV6WxBzTreyXa11WacN8xJQcXYrJ0lMfRXXQSaiwWX4R3Xs83e8sprZwKAZozKKG6XbkpxmgcU0ckPGduDZqCLHqgdftuLyg9QkTZP80dvUJSPZYY0Sv0gIpFrCr+Ar60M6rWq6j26E7jXMAZ8K+tgh+famoqqf7ljslk44j0HhcQ==</D>
  <DP>sbT0PPF+XglyNN7iUXMXevb+olxwEUDgVPeMJ7BCYpYAapNeLwAPSD+bGiX4/9JAKCc2OTjAjjzZlReZvoM5jIQEKFlrkekZX9Ash0z0KlaRMav2nWxKDdSO0OQFqt30MVHwSnfeOzMKuZBmel+Oyfcjiq6H39P0Ec0PtUSuKLM=</DP>
  <DQ>0O2qFDIk3suFMGUxVQHeeIxFMkuJcta1nf3lZLi1w6LJ7X+aEl5z6uCRB+Beb77WxrIX/5h3g3NRlHRuqQxhIDCJ0oCUAvAjYaHlnGjRhOCO3nxko5u/IsRP/eiPRE99Wt7wWADYu/LYr/ZEhN169y8Yu7pGQ0X3hGXDQF4lb7E=</DQ>
  <Exponent>AQAB</Exponent>
  <InverseQ>wsvhFvB1S2YgbvCSR4zwp6n7Zeh3FJjCdKkySFR9slTni5vOOUVGjyN99y5/i0ItWlAR2zfrBxhKNkNUtotApgD8EDFa5LsMpRNRt0RnnjNT7S/rpAXJcui/2uV5UD8C5gRmYEPHmFKH6mfdOdy/beGpl1LJBjvSF8mz0MCj+ng=</InverseQ>
  <Modulus>vw6UEY58OLuj2ulBsTmu1G5VjKCRcrA9YhYwl4tb/Tt02g+5dgv4kH1i45vfuu+D3dyMmuxTDvC2aHIfw8vU6orf3Z2Wh2STRGaWbIP2r+cEaF3BXd0h6wytP7hOGpB/fHDQLqkrMeCyyq8jeU6fsmYFRJSKExvmEUamVLPyllL8k1+kB2ryMETiil1E1nhl9Wr5wxphKi33mYkgJyAmfaRxvXMt/hjVkBLgaRluCXFVk54qqm8UiRs4L5fmvdlHzrd9lWRL0aBPQvrnA6PdfNUlZVPhGu8A6OVjM91WG0pedrcZXTDHTM7iwAxs7jFgmPNKdioVmcBRlwvtMnzPrw==</Modulus>
  <P>6W1QtGTE169XnPUH6zdsq1itOpX9syHrNV3ghcwtbx0FVYRWRjFsTRpIXbe9vMpi4uYi/Dk1k+B+rwDXNEOV6RfTm89woxDkhJztesbNXnXA68Oj/5V6aRCp4kkhLSVC8K9IVWFdKy8JCeyIhNIb/f+gx0HBoTBZRH0u4ipT4Ms=</P>
  <Q>0YhbJMs+UrUhACZ9/rpERI0VWj8CA9r9RrNvKD+pPKET2t5CywWeaaoUz7ny3ninIESRDDVuWPQoVWS5FWbBosUy1F5bzvAeqEjcwGu9DIdHF0BWX2533orgv0UD27QZ7WailleZETQ2+y9rTe87hF9F4iUVOSIv5YnY4WbtZC0=</Q>
</RSAParameters>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.