ONLY USE SELF SIGNED CERTIFICATES INTERNALLY OR FOR TESTING. USE A SERVICE LIKE LETSENCRYPT FOR REAL CERTIFICATES. THIS PROGRAM WILL GENERATE A CERTIFICATE AUTHORITY KEY PAIR AND A CERTIFICATE SIGNED BY THAT AUTHORITY. CERTIFICATES ARE ONLY VALID FOR 30 DAYS. AFTER THAT TIME YOU NEED A NEW ISSUER AND CERTIFICATE.
ONLY DO THIS STEP ON THE SERVER. IT SHOULD NOT BE DONE ON CLIENTS. THIS STRING CONTAINS A BASE64 ENCODED PFX FILE, WHICH IS A COMBINATION OF THE CERTIFICATE AND THE PRIVATE KEY FOR THE CERTIFICATE WHICH IS USED TO SIGN KEY EXCHANGES.
In the NetworkingManager.NetworkConfig ServerBase64PfxCertificate
text field. Enter the following:
MIID/AIBAzCCA8IGCSqGSIb3DQEHAaCCA7MEggOvMIIDqzCCA6cGCSqGSIb3DQEHBqCCA5gwggOUAgEAMIIDjQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIyCtD3kdltRECAggAgIIDYGm12tE9kvuYzgL2rEGMSVpaWUBQOgqm0V+mZtYOebFqfJoo2t6WRdr3JXrCNiLiaMPyyNsjt8m395KQHHAZUr0SzDtU5Zie+9mBb9dEMy8wfbavmD4C1gfpuQ6NWS5RQ9st75wetAzj/w22pI+i6+WFaf4lri/UNovaFpq2WcUaXtaeUnIbgi2HIkhf26NPgNZ+a0zr6f2mmOZHpauq5989NIlITH8czXVsYD8MQZgO435ckxiKwe63u9G31MFzjya+ddpcYJSrZ462m0L9wVGZP1OrC1PSDsPb4yAohKcZzlqu5oqx0v8mXi1EM1TaBQYPZiHkF5rEmPbLplp6SI2JCNZGYko9ZUb4Fi0U3pVg9XK70LoQFlj3kKdhLr7VNlf2J67VDwvyrij4I1eKWPQ8w3my7iJe3hVFanD7iIa8t90impLnwPztv/lYzFPqO3Iv6bI9hkn3k0HhAzctvEhtmFPQcVy+cn/05u3XeL6xgSKAN2+N79cvp9hg3mnDlhLN+bM/Y6EbSKBfIZ0ACE0cgKPn7/R+MYM8nfYZgsGexj5jHJzJkZnGsaltLmWJp7Nvr1FTOet1u+SAuhCVoG0GXf39vUX9MAbCJv/IDyp5QXlfchQ9750mNxUrF39KuLOLzzHHn4VdbqN0qXd5GIbmYc5GOOLmqUMc3EJjJ7WogK63NF8adI0z/wno8NiJ2sfALP2P52VDL8wZcVphT22XV6DUTG5Hj28+jRZ0uJb/dpyDLUnor16arhCKGl+FCf+HhbOaBugNdPJUH1ZgF5rGexR2lTCEpHxmYMkgmP4JI29U+7ri0gR0hENkXikfBXgA4EFVep3Ig7/4FiXyIyA207EAjmvZ+DX4iO+UJNpBzaKu5GssSKH9kLK/TaZorK8uA3FvZ1mHlHSaFM5mnjPe7d162TcFVWodBU/FHPtp4OkXZZAnIV9QmfkmHnjo7g8JCfd6QwnokMnEjYuDKtXpnq93jk9g4i3K/4UusOo4kMOW4UB8AJkbkjzTQHr3WgxjJ6uzsirZbaXgbvQqzAKFdK6Kj0EJ7AaHtiQjKJOemWFCylWT5PKrdUHeA31ymAqeyeAOejlkfkNUoCVQovWpxknlpMxH+kALUGGsD3VBajzFCUzuF+mcR/Lc/CO4VDAxMCEwCQYFKw4DAhoFAAQUsfGQYxemluhFn8OvRKCPyEp+ekgECLmY4IF+7F7kAgIIAA==
To make clients trust your certificate issuer. Please do the following before connecting:
CryptographyHelper.OnValidateCertificateCallback = (certificate, hostname) =>
{
X509Certificate2 issuerCertificate = new X509Certificate2(Convert.FromBase64String("MIIC5jCCAc6gAwIBAgIINRhUDIi3MVcwDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UEAxMOVW5uYW1lZCBJc3N1ZXIwHhcNMTkwODIxMTgxMDI1WhcNMTkwOTIwMTgxMDI1WjAZMRcwFQYDVQQDEw5Vbm5hbWVkIElzc3VlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL3UjFzRCQ5lZhgG6BU7hjYwp03wwtQupzynNWRpvbVDF/ecKIutmq4rZyzAIcPd4s9qnhQyu1cLHqBAqZY/92ikOxW7qn0piwStrJgBAuncCKPjsg7VvPPDU0OIpR/MHRw7g/fVjIVLsDBpi2/3xPZe3kRaWIEOjFesfFaJxnCmTlnYDQjIpolpyUSZlOEPz4zNxQM/9ATZilsPNtNtwW+flX1jzcQeTThLSnTOfcO8XpRNLcN1Ukq/Z05wKLvyA/LCYqDbEz+zEgtkgGDoqgRdyIn17Di++XiC16BstPZMG7oZwe3QGB6K0oMvIavREHhz2nvncjlukQaKoJ84TKMCAwEAAaMyMDAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU4yLZPV25AyWedit80r/AHvE7xT4wDQYJKoZIhvcNAQELBQADggEBALbwjEmvYcFpCpw2UvBQf63dzCTFfPnbivTKjsLnVIj3j+3RNuiHHKZTRlqVbdJ1vEL0LW7PA49v7Ojcf6moCgrDm0bH4XbbdM8luCzfCdgXG16E1/O7PV4FyeJjHeil3S63OmScMuz38zPwD5plcJHdqiDmVPBZLrj4fJ25n/gzQ9ivLBTkhcvzdXStHH4rxoPhjAk2hQh+36YvHADGpgS8s7vFYNWoLnCYK0JHVtldgA0TWnQDoFhg/xNaDl19gIuvVbEehLMk43KdqvpeP5rYdzy/5SOT0kGEwGkQyZ3gw8f6tHYN7aYfIGNqNXR6yGcaIPUkKFi2gWzouuNC26k="));
X509Chain verify = new X509Chain();
verify.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
verify.ChainPolicy.ExtraStore.Add(issuerCertificate);
verify.ChainPolicy.VerificationFlags = X509VerificationFlags.AllowUnknownCertificateAuthority;
// Check if the chain accepts it. This can mean that it's from a CA we trust OR our own CA.
bool isAcceptedByChain = verify.Build(new X509Certificate2(certificate));
if (isAcceptedByChain)
{
// Validate with the last added CA, that's our CA
return verify.ChainElements[verify.ChainElements.Count - 1].Certificate.Thumbprint == issuerCertificate.Thumbprint;
}
return false;
}
Property | Value |
---|---|
Issuer Name | CN=Unnamed Issuer |
Issuer Key Type | RSA |
Issuer Key Size | 2048 |
Issuer Validity Start | 21/08/2019 19:10:25 (UTC) |
Issuer Validity End | 20/09/2019 19:10:25 (UTC) |
Issuer Serial Number | 3518540C88B73157 |
Issuer Thumbprint | 3BCCA692ECC022D00D989830362543AE0B6C44E6 |
Certificate Name | CN=Unnamed MLAPI Development Certificate |
Certificate Serial Number | 00C5AEEDAE33026BB10B459C3FA8248007 |
Certificate Thumbprint | 5FB04EFEDFC798ACCAF399742C83182970914ADF |
Certificate Key Type | RSA |
Certificate Key Size | 2048 |
Certificate Validity Start | 21/08/2019 19:10:25 (UTC) |
Certificate Validity End | 20/09/2019 19:10:25 (UTC) |
These are the keys that were used
<?xml version="1.0" encoding="utf-16"?>
<RSAParameters xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<D>FEIkoJsmTkT/+jxydCGgFxRmJmk1QZOhAVYO2qJ2PmvkmOYvZYinY0L6hcoTUGXTmLMWH62yVH25TPzZnFFDRAWS0KTwct8GGP+31Zj2CKMUwPjBvdeNjK4hqqlghd4wlRy83qwJjQggy2nYGaDlgi1ppv3FSDCXRZwAwPN/G/JUFyzIj3BYNZRd8aNgIZRNIYfg540mJRfqH3LpgT+64KgDLv3XDi4dB77bibmguUgIBRWHJWYSdYh5kHUuY+++vUInhLl3p1wAxXqbdvLIcqmspQgfUFIXohCL67SHg/NnZOVviu9jTSRsg+oWiohnMt52rQO1vvA+0QpH9ppKsQ==</D>
<DP>aIMblHaF/KYEeXQBoG6qk7qAq0Rja2jS2SlHcUb5Sw7ssW140B5yvFoezSFDgZQMyup/Db3JhCm/p470B/17uEwrrz1DhHTC5m3CuGx2ftjduw3ouIKKbVJo4iH13b+LB0BjE7YApWVkEVztWPYdjzv1+zyBQjKYhOZd0Sh/zck=</DP>
<DQ>kReG38SM57/qlZftdAE60UWX1WClruQ76CxCvyOjMsGkZohzKcWCFrFOmIlIYCVS71zHHdk72ZEkdx7M3tG4O8JHDEr4/NDjpilj8+bYI6O9xQCQlKA7XR0ivBgeRGduCJf1zWjPAeF/yl3HlFPjw19mFUo1AsHHxrlVL4mYljE=</DQ>
<Exponent>AQAB</Exponent>
<InverseQ>mMJWipV65kUuZq491+WRIKz5jEptKeZXFLQsZ94iyZ5orHM/eglw0PSmsILNcpQ0LBVBP4Kz4vuoEU9QrDnRZeI3mpUlBUH6kfd5n4SW90Rk8SoF2yVmKVEXwW7zstsPMYvUpfGtcptjn0eTgQN1Ef+39gW8Iyys51eD0bNBX+E=</InverseQ>
<Modulus>vdSMXNEJDmVmGAboFTuGNjCnTfDC1C6nPKc1ZGm9tUMX95woi62aritnLMAhw93iz2qeFDK7VwseoECplj/3aKQ7FbuqfSmLBK2smAEC6dwIo+OyDtW888NTQ4ilH8wdHDuD99WMhUuwMGmLb/fE9l7eRFpYgQ6MV6x8VonGcKZOWdgNCMimiWnJRJmU4Q/PjM3FAz/0BNmKWw82023Bb5+VfWPNxB5NOEtKdM59w7xelE0tw3VSSr9nTnAou/ID8sJioNsTP7MSC2SAYOiqBF3IifXsOL75eILXoGy09kwbuhnB7dAYHorSgy8hq9EQeHPae+dyOW6RBoqgnzhMow==</Modulus>
<P>/OUoL6iI5WIMK1U2EeyE9OUCNajz7+8LoDuXckeOvtu9TzqWE4CJkrRMvmc5AQRBxtO+vsA124IPD1/0HkLN9Wmi32Fh5uXeTh5B66bDH0LtGFhbGmIaPNdqK7u32+gJcNB/OdGwLlWcoMUyJtL00k3b2QFdo46tKEFbwZmzKEc=</P>
<Q>wCkuFLYWCkn4iZVxpg8Zpvp7BJNlNbWu53AHgjdYvxFmH6UUzvr9zrm7OWHyg+OKpn+2d/upw4SSzSw+JrCNcremLryLri/4VqY4ukxBh1XSzyJG1xfRd5c1AKgApOpt4gZ9TnvFM+w5wUk0A4ktlYb92fd8dL8uIOiTDYxIQsU=</Q>
</RSAParameters>
<?xml version="1.0" encoding="utf-16"?>
<RSAParameters xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<D>XBzQTztWd35YRwH7valVB7nUdjFvse5wfL8Y9vFZimn3ZdusB1q9hBgJOngPpkTSwgHQXFT3oSf/egCJCVOrfXNGUJDpv9UggLGbJ4Hn+3DL6vaM2O6n0/uB551O230qmR13t2cIrusdyRTl+H1SDeQmLdJaoz56BNBZgy8QFgyYdTJ+BhmtOHjJyvGmjXzYCwj1j7Bx1OmLka7WbWCmxywy2bPuprMfgRdxGvsIQZVigJ15vt30XCSQ7fz6ks2wsYxKb6D4bHyyIsCZ7iEXJ8xQLM6xmf/ojOjJbb4g0FxXJrNh53xtAifmDHs58NMcs7QPy/UYmtXLxlVkPik/QQ==</D>
<DP>EWyolY1l3rEoC5TB3C90FmIEEJRK0X8Tdzvnp/ajumVn/icIBvtGS3O18KZ7f+uybUEeU/1YuQ114nT6QKDPBhDmv10fq1mVmuf+waEM3/lvKh/gSdRc2XGv0dGW2RwEm5HTBr8JCg+0GIVddSP479ozTRkOLMgq+xXsUcvkgNs=</DP>
<DQ>ls/72+Nc70I0nVPN2NS2mE8+pXAo97wiZBxYXZPm8rm2u05I3n3/q/VFlglgMQzlCUHeGh1myHKoTF+jXszYxqTdqk4G/qWT0OAy48+8wX2xOp8HVjx5RD6LWWC9Qdgl95ujTwFD2OHOpUFItpjGaTV9klx0OzA80DNETqkRR7E=</DQ>
<Exponent>AQAB</Exponent>
<InverseQ>zPe9xMUzrqCvNNei9Bibc75bGkMBHc6ROOnLTalOgLMiGtQRROfEB6swQenT+N8PuHyx1IM69/pWtxFbUwTf7t+o1uad5HpY9wZR/aR1JzjmUa6x0yi14g1T1FcOh4WmsTpewvn3GQ5HJv8LRcqcAMKaUzkjfVCJV9AsTWTBFvE=</InverseQ>
<Modulus>rkMLRvwJa7xOm9MmJNbMls3ajFzNG9EErd2qHXzoP0iCD3t4G5l27IvqNB93ioEnLCa9jSRBIqBOSc9lp3Hp3kNz+bpJSJM1cTay32sidiexk67E5FfqYcckN/rYaTPRhRADOnlmxyuex8DamkuaOIi2kvG2HPJtPyRNLSgIbsVbTor+zDxkX+vl8SNNQtwSgKEwenriUMSC0WB3pIEA7Urc4oQW4lhpeFTtpqT+7ZLH2mn5/897QN8cWgKdAX9pkngX8CQJ/3VeAkN42uY2x+pxZyYd2iTRcF5HUt5T0gVgr4YBU9FUFz0QsefVfMxZLalGvqtihgO2JU0Gz31ZXw==</Modulus>
<P>4s01CoYY6w227HdAd6bvXZv2KqAg1aQ5eDba7Y8CPSwaAn4aPHgOlA7q0P2eMkt4ZXYw9+Y1Gf2bbRq6rfDUrKmoQa8b1fb/kT3CJ4v/2UXD4T3L67IKKLPZVVZQ+rSVde3uB7s/dVXIL0HxlgMN+SSdlLyyQEjL8tOVNpEFyI8=</P>
<Q>xLJDtPuTs5i4lhHL4ptaSYEmC4nRHmKH3//Rq0cWiWfPe+Qp8WSdWjxb3OHtdS1JXleDJAgitsrcmkkQ3ECJXnUq+A5P9WK9yZRJxTDYWDXvduUIrr6rRl8DQ+ghOuqWGMIEsLm0HHTzLAru001d+GiTiilPbbR8x6YSe6IdqjE=</Q>
</RSAParameters>