Skip to content

Instantly share code, notes, and snippets.

@MidLevel-Bot MidLevel-Bot/quickstart.md Secret
Created Nov 8, 2019

Embed
What would you like to do?
http://cert.midlevel.io/ Generated on 08/11/2019 17:36:28 by ::ffff:34.236.36.239

ONLY USE SELF SIGNED CERTIFICATES INTERNALLY OR FOR TESTING. USE A SERVICE LIKE LETSENCRYPT FOR REAL CERTIFICATES. THIS PROGRAM WILL GENERATE A CERTIFICATE AUTHORITY KEY PAIR AND A CERTIFICATE SIGNED BY THAT AUTHORITY. CERTIFICATES ARE ONLY VALID FOR 30 DAYS. AFTER THAT TIME YOU NEED A NEW ISSUER AND CERTIFICATE.

Quickstart Instructions (Basic Usage)

Server Instructions

ONLY DO THIS STEP ON THE SERVER. IT SHOULD NOT BE DONE ON CLIENTS. THIS STRING CONTAINS A BASE64 ENCODED PFX FILE, WHICH IS A COMBINATION OF THE CERTIFICATE AND THE PRIVATE KEY FOR THE CERTIFICATE WHICH IS USED TO SIGN KEY EXCHANGES.

In the NetworkingManager.NetworkConfig ServerBase64PfxCertificate text field. Enter the following:

MIID/AIBAzCCA8IGCSqGSIb3DQEHAaCCA7MEggOvMIIDqzCCA6cGCSqGSIb3DQEHBqCCA5gwggOUAgEAMIIDjQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQI0W72mTmhu24CAggAgIIDYDJEarvNcZe+PTmvyVwbvJsu0FuriTqatt7Fj291Oc5LTNzDiYqkrcElC9Us6vekdDGXH2fd0tFzQx53v7ncK4BsWu2wq1uL0XdSyLikY+CKvYTbnsfRFEI4/ZxHwuwF/jMByPpzLoa8hePqSB2DaJdZZXVIhA6zwYQVKdCPwhGIFKYVEu0ujPy9CsxQQW0xYFn7j42ctVdrll37eMZseE28Sq+UCSCCs8/hCNLfMz7rQY8BI9Q046Z4yBT0SKEIjO8POZH1otzOsa+yPobfj817rUvoUDlUNwxpq/mbMxCKrSw0patnjpAL6q7CTSrIT6IGScizo6Jg6B6K8GJ6HRyW9hWeQZ4NrAXT2OQAZhmfLfOYYkcpy9FfS3GcpYLho168LBN4S3e1Y7PUlwq3dCtIeqsw59aWW9nV3sYKKqDQEkxThTd53OBJntGypOMuCbfo6+zAdpi3N6DGRDUR1vsmQOHyB4uM1bTvkuiqWbb11oEdC7BWqpmtFRA/fkmuHTpheAG4/DujVV6as08Or4dlyom54J1e0kDoUPFm7u4EwZeeJPtGfNT7i+HyT2CZQsxbGwASPz8dHlIOelobY/6DzckjZGunHJcD2N9NApemDA3HH0A3dcFuPJHGTFzIIqKVspb98l58DS1+sfefYIdRFGFljgXyoPNsFTh5pRD9+9c5KQtl62vPZKeKVnjSQOi/3hBoyRuXhXTlmof5awEmKhF4ikt+Wo5dGbPkiOGPf1No+ndNnpnTmNeYt891iWjS/DGVmepQ2YeJWOKG8h/V76bsL1tW6bRBhSpwrQz5XRkIN2Rl+UtAw05UluxSQnz4oFggvrrlrh4KNOt7MIrwabWQNEPiz2r08c+i+vGxvYBzuDSKlX5XYip4ngoHKhJXNF8+Mqslk2SZWlmYiVAN12tOC9yuEcchtJwMxJju+i/ssepfavzp6DF5OTcJntDFAvcCfHFP5cgLFSmtlVoKX3Y4SBQJLpcdUxniCe2210w/9pJubTLOx/c/5L6U0ONwF0JvuCsM+H7Wop7mIABarexWbArtnkI+FtA+EuWuUkjODzABEYjI+1x8nI5DZlvdA0q/VsXJUIb6H1KvcSUigKuV/ECsfgac+kG3tc/CflP0/SqKSE9cOcIEx/paYTAxMCEwCQYFKw4DAhoFAAQU6OyE630/2AiMoUIQ2fs3ApUhBgkECLqka3deQzrGAgIIAA==

Client instructions

To make clients trust your certificate issuer. Please do the following before connecting:

CryptographyHelper.OnValidateCertificateCallback = (certificate, hostname) =>
{
  X509Certificate2 issuerCertificate = new X509Certificate2(Convert.FromBase64String("MIIC5jCCAc6gAwIBAgIIB6wXxtHswV4wDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UEAxMOVW5uYW1lZCBJc3N1ZXIwHhcNMTkxMTA4MTczNjI3WhcNMTkxMjA4MTczNjI3WjAZMRcwFQYDVQQDEw5Vbm5hbWVkIElzc3VlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM4zH0pdIjL17+r8xat8V+zuciwlsg4fhEZaxChr7bIAJKkB5KPGsgbjyDFDiY+tteeISE4l7ccW1EGzshBUhRvDoZkgGaMcu4A7E91xGsUWS71bczJEjIChkTFRMmGupQTb60bGOKEGFMdQAexr1Dht7hY7tCsBMj1QWNY+U9hRdRK80wwyVO08Tkf62d9+xk4I0+tt0JYwtah6gQqweYyRELfO01jeQs3BvlSva9PbWL644gjhKNkUbkWK62kM4lb2kdYjeu25gPyKsbzorQ9j/M/15I6+D2zOzQC7eBNI6JyIR8Mn+MJLbrIrKbWed3h2irbpgV3hlEXiV8/K4OUCAwEAAaMyMDAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUs+djAwqq0bWFjCVTaFPoSg32gxUwDQYJKoZIhvcNAQELBQADggEBAJDPtMsjVOSx6YoUu4G8B32wPhaSdCTIGO7EOnOUoF0zmNWu3QyZ57EdHofFQf4XxZXCBCUJzvQyKQTRmB9NYdlykXyXuBpPTkVVi5LoIqr2Yb6j9RCQ0IPttgKGTo8qhcy6Od7f1+1X1/vAxF6LEv5PHb3slnNwNx9zhnJa6aI9qsnp9ZIcbl5KEoi0njaDN+q6jGn/7ayTl5+99jKtFTv8Poke11YzOeH3LosAYJ0ie1ezonIF7Iqe4xf2M66APcMwFhESZWciujme5M8n1xN/72Btkmge+fkf68PSmvS1fFGi6sNHSghDpae7BLRF7hlwMts2PHWdPc0MKxlwxyE="));
  X509Chain verify = new X509Chain();
  verify.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
  verify.ChainPolicy.ExtraStore.Add(issuerCertificate);
  verify.ChainPolicy.VerificationFlags = X509VerificationFlags.AllowUnknownCertificateAuthority;

  // Check if the chain accepts it. This can mean that it's from a CA we trust OR our own CA.
  bool isAcceptedByChain = verify.Build(new X509Certificate2(certificate));

  if (isAcceptedByChain)
  {
    // Validate with the last added CA, that's our CA
    return verify.ChainElements[verify.ChainElements.Count - 1].Certificate.Thumbprint == issuerCertificate.Thumbprint;
  }

  return false;
}

Details (Advanced Users Only)

Property Value
Issuer Name CN=Unnamed Issuer
Issuer Key Type RSA
Issuer Key Size 2048
Issuer Validity Start 08/11/2019 17:36:27 (UTC)
Issuer Validity End 08/12/2019 17:36:27 (UTC)
Issuer Serial Number 07AC17C6D1ECC15E
Issuer Thumbprint 6F50936A7D0CA2409AABC62B429484BCB697DCF0
Certificate Name CN=Unnamed MLAPI Development Certificate
Certificate Serial Number 00F9B7CB1BE67CE60773D627A8C3E1974F
Certificate Thumbprint 02974EA34696F79EAFDEF794B0B1F8129EE6790C
Certificate Key Type RSA
Certificate Key Size 2048
Certificate Validity Start 08/11/2019 17:36:27 (UTC)
Certificate Validity End 08/12/2019 17:36:27 (UTC)

Keys

These are the keys that were used

Issuer Public/Private Key

<?xml version="1.0" encoding="utf-16"?>
<RSAParameters xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  <D>JQ3YxKNB3wiFCaRM3Ukl/8TFrZtEiPcu7PmooF7swvz1mY1mievN2CEcu4WYdcJQmv/JhomYVhuLHxdsmzSlCt037+1tzfr+0sdLBZMqrVoZWDjT1aet2/usvMELnbQloV7nw7shOAaAu2RsRBEIfO98RnCKKuQ3I/+JR07CAHAoTIfPPsMNymw+kcSXjMoh2J1nMV6hDT0Zqi/KzG8TeUeohhNZ7mFKQ1SlotHPwFKLIYwRFBPHXt66gpp9YXFvfvw4PUBQzn13T1W2ov0lxGn0yAW+nBYY+zw+XpuX99iL7/n+sYtT5U//EL4BpeifwIj6xSR0n+D1UgrDp+6doQ==</D>
  <DP>5PqeHDxJqzzRTPYIrHPwVdaMZsCIfqMmn6xA4b5sJXsKc4DKUPRdnsj4xmiI4ZucLRbmPTnjaN0hwBdL4vI3D+XyrbzAEGHwpeJQc4HVhYcg12+6P3uc4/ZQfsKkmtmfqq7IiuUVR4s7Ptj6KcAB1wxAoQKCrtK2nooh7H7f7Xk=</DP>
  <DQ>1qAbieqSFBrgwNzO9MbDuh/PKV6zT9iNgU1DyE0lyhFCb6XQl3dJbCRt0CXxZ4fKFcT/oHH/31luvcPwCjKlYIxwqApse333yqsfAw1cADybCL1SgSP42tfJRwsfeu860wCj9uFU4KCSofvzMzK4OUXobH4SDN3ilhXrdi0F7wk=</DQ>
  <Exponent>AQAB</Exponent>
  <InverseQ>GzJh1l1b5EsdSTSOuP5A/SrSwcQ9Xzk7qKWsEDlwrBARD4X8PqCg27c/XmHS9i0F1z+AU0Za5FVdaOPZN8DMtKC+HIZ3bweyc5KoHqRKdPswsHkHUNJmR56qvqDjWZerR7WxoMK+1v6G527d3yOGBLYym3OqjmtGFF/+WoUK9E4=</InverseQ>
  <Modulus>zjMfSl0iMvXv6vzFq3xX7O5yLCWyDh+ERlrEKGvtsgAkqQHko8ayBuPIMUOJj62154hITiXtxxbUQbOyEFSFG8OhmSAZoxy7gDsT3XEaxRZLvVtzMkSMgKGRMVEyYa6lBNvrRsY4oQYUx1AB7GvUOG3uFju0KwEyPVBY1j5T2FF1ErzTDDJU7TxOR/rZ337GTgjT623QljC1qHqBCrB5jJEQt87TWN5CzcG+VK9r09tYvrjiCOEo2RRuRYrraQziVvaR1iN67bmA/IqxvOitD2P8z/Xkjr4PbM7NALt4E0jonIhHwyf4wktusisptZ53eHaKtumBXeGUReJXz8rg5Q==</Modulus>
  <P>7UMdrPaUwnvtqfjLQlIYL9piMHwTsykySyADjb6Xj+W1CuepZAMmuh9VfBCoF9FEScH/bP7ZWoAIaFUcUkDr/mKVR0cy3IHtwuMARTzTbB+UfiNwR0J3Jf+rgkPfuSU+O0HUUXEybiaNMXDosYQGCPg5NE1jCRN6dDTlAG+yRfk=</P>
  <Q>3nv++LpgrIRZKbBkO5hoHgLOqTNGJqUub5d0FNU9lePqp/qfpEruMG+rV1c8EngjjvlwFItTs/HWECBzHrZLWD1sanVdZBUaBdvfHOek5iC/RkmxW5yPJLJYL/XrZ+fsHodrBN9Whg0mHRFTzrAv/com9pdzhSFOg6qmDQpbvU0=</Q>
</RSAParameters>

Certificate Public/Private Key

<?xml version="1.0" encoding="utf-16"?>
<RSAParameters xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  <D>BCUlperN96ga+FgXafIIv+Vm3Uu2qP6c9wxG2q/ZtCuaJ0rB96Z5s+5kmlVY3lEghIT7TjubBtddGhSf9pIhq7NMm3mEBvJVMiKJLvbyCjDZDPCNQ9VaJItSiPjucrlvsceFWw+NCEdHoK+C3J3zAIwacJtqRGLaTnRyo3AmVvzsSBeQyaJvFUTNLq55WRVxJlRDueUU7/OgKm8f6bIBR/muRpNuc51U2yllg7aXd59tKwHEE8nr8Ni8/7DrfJ7ckLjKSZReTio8/SejCQx2PWoVYM3v3ev3Q6ANIn7YvkL+buJOD3sDmONftt5Sr/lVzkDd8FKrmnRXtOTresrTmQ==</D>
  <DP>7I92ggJUhKov9ApJRAN9hITValA//JAjVlmqffNX+UeAvv/BueCDDAGUZ86xofzA8lqDIxAvA35BTejGMgjRqO6j+6VPqxVZKDuHZbAz4JJVVT2LTGD1sM6QtP/o3S60dy1mqTQmaP1mscNWUQ65QmyjUl0PF1WkfC7fl7A/nck=</DP>
  <DQ>Ztsg/TmG2MKLO7IHPoL0HwTlzj//B+vhLZczv9I1Qdy1Xw81xBAC8g1RiJ+qcQDTLPQ/9USdWhff4kag+qF6zfYmuP2za4S0sui6Rrusg5ARq7Hj+80R3byAbLDTquNDniAd63vOEwShZtFMHWSVrOlR96Q7KE06sR7dWL7rH7c=</DQ>
  <Exponent>AQAB</Exponent>
  <InverseQ>02fpVoCIEErm5tIV92VktXepLxgAo57G7J9NEefCNrrZolVI/w8/TM85ChPM/Fq0DLoC+N1Uqay2DTwl+Z/I8Dn+h1Kn+joCaXFM/nJLwrkagPITerSWoASEyuEz21a8kBFlTFbvqwi//Yu652iCXS1jsbCiMNm8d2b3tMK+9dc=</InverseQ>
  <Modulus>47W1jYI6d1MtzZXxaofEVJQ6FnDcvtMknw827Q2aSobUM7IpSbKcTiEpJEEQBZQHOFQUbn4EYzjaVA8HxF2cZX4HCGUtYG0KL5SPqjGR8nUAK0LHpZPYEJ90J16B9vZu/JzkA6C+g9J84Y8H95czZHLM3dmP8aYF3ByPUX8zh654fPyfDxbY+iv72beY7e/AUagcW6IniBgfJgLro0uMjB4yFdg1fPz7asiWlhAPKeWweWjSad3syZy59Bnqxlo0y4SHJCDFeB3gKVoAZy9H+kL0vGs7+AviZ1KvgvR3dZlclbqfqO+4oZVoZzHWirxZHAjEgxcCDPrO+OrzMc8Q2w==</Modulus>
  <P>9HbzMYSE6qxBxmnMoUs1xu4wlRcn4L1/tREL39vralEU2PuzJcz6z5YUE3xP7fk/DtACcczWzM/DuXqgp/zZolVbGgJ73SzlsfLvixAhAduUluuA9ub9JB0Jwk4wxJHgjbZQMhlM76qtyPaxEVqeCKFMO7Zomc0zij0RAUAwXjU=</P>
  <Q>7nRdySBNifE9KAd9F+sWMhaOeiTCoLIDCbhqogbpC0Yz/yLKgB7H6uucjE3fNKvYdcsanF0U6pgQ07+pEz9zA2w28XN5lf5IBtvw9l+IT5aQlWrracp+t4LeHV7Tvc9kiqkukhYqK+i/lKiAb7gpF0YEzu2Yv/zW5g0LbxvT1M8=</Q>
</RSAParameters>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.