■What you want to do
The server certificate you purchased will be sent from the server of your project when you communicating with the server.
I would like to check that it was sent.
I don't know what to do.
■ What I've tried
The instructions are as follows, and I have referred to the following URL page.
http://qiita.com/harmegiddo/items/b72ca4f430292251c8a6
1. Get the certificate hash when you send the API URL.
2. Have this hash value as a constant in the program.
3. The hash of the certificate sent from the server when I threw the request and
If the hash of the constant is compared and matched, it is true.
4. If the certificate is updated, you must also update the constants of the with different hash values.
SSL Policy Error—The logs in the show RemoteCertificateChainErrors.
■ Constant
private string FingerPrint="hash value";
■ Caller
ServicePointManager.ServerCertificateValidationCallback=newSystem.Net.Security.RemoteCertificateValidationCallback(ValidateServerCertificate);
■Delivery
public bool ValidateServerCertificate
(
object sender,
System.Security.Cryptography.X509Certificates.X509Certificate,
X509 Chain chain,
System.Net.Security.SslPolicyErrors sslPolicyErrors)
{
UnityEngine.Debug.Log("SSL Policy Error:" + sslPolicyErrors.ToString());
UnityEngine.Debug.Log("Cert.Hash:"+certificate.GetCertHashString()));
if (certificate.GetCertHashString() == FingerPrint)
{
UnityEngine.Debug.Log("Correct!");
return true;
}
return false;
}
■Question 1
that it was sent from the server of our project on the program.
How should I check it?
■Question 2
The hash value of the server certificate purchased from the following URL and the certificate used for communication is
We agreed, but this page is open to everyone, so I think it will be easy for everyone
I think so.
How do you judge that it is unique?
https://www.geotrust.co.jp/resources/repository/intermediate.html
■Question 3
RemoteCertificateChainErrors means that authentication with the server has failed
I think
in X509 Chain.ChainPolicy.ExtraStore
Should I add a server certificate or an accompanying intermediate certificate?
c# unity3d ssl
"I don't really understand the expression ""Don't avoid Ore certificates,"" but it means you don't want to set it as correct or not evaluating it."
http://qiita.com/harmegiddo/items/b72ca4f430292251c8a6
You're doing the same thing as above.
As you said, I think it would be better to do so, so rather than having a problem with the code specified, I think there is a problem with the test environment.
Is the certificate really rooting correctly, authenticated, and has no expiration date?
Is the hash value being compared correct?
Does the terminal you are checking contain the appropriate CA certificate?
Have you already confirmed that ?
Incidentally, it is difficult to process the Ore certificate as correct, and you need to distribute the Ore certificate public information to the terminal where you write it or sign it with the root certificate and distribute the root certificate public information to the terminal.If you want to do that, I think you can use the recent free certificate.
Let's first resolve RemoteCertificateChainErrors.There is something wrong with a CA-signed certificate that fails validation.For example, the web server may not have configured intermediate certificate distribution settings or may be incorrect.Apache+OpenSSL Geotrust Quick SSL Premium Installation Procedure (New)
Normally, you don't have to or shouldn't do anything on the program side.
■Question 1
How do I check that it was sent from the server of my project on the program?
This method is called Certificate pinning or Public key pinning.
If you do something unnecessary and the verification that was supposed to be done was leaked, it would be better not to do it, so please fully understand and consider the necessity before proceeding.Verifying the server certificate is usually sufficient.
■Question 2
The validity of the intermediate CA certificate is verified by the upstream certificate.There is no point in anyone distributing an "interim certificate" unless it is duly signed.
© 2024 OneMinuteCode. All rights reserved.