koobas.hobune.stream
What is the best way to add root certificates to a unity build for distribution?
I have solved the issue of getting web requests to work in Unity scripts in this answer: http://answers.unity3d.com/questions/1184815/how-to-stop-mono-from-preventing-authentication.html#answer-1186348
However, manually adding certs by command line for all computers that needs to run my build isn't a great solution. I mean I guess from one of my scripts I could make a call to System.Diagnostics.Process.Start with the command I need. But that's really hacky.
Is there a better way to include the root certs I need with my unity application, that travels with my build files, and can be installed along with the application on another computer? Or am I stuck with this hack?
Did you find any solution that will work on linux/mac too?
Well I'll go ahead and add a response to my own unanswered question.... it turns out Mono uses a specific directory to store it's certs. On windows the default location appears to be in [local user]\AppData\Roaming.mono\certs\Trust. So what you can do is use mozroots (using an elevated command prompt) to download the certs into this directory, then copy them to whichever machine needs them.
This gets me close! But the problem I have now is that I need this location to be in a place where all users can access, because I don't want to have to manually copy these certs for each user on the machine. I wonder if there is a way to change the directory mono reads these certs from, or is it hard coded? Any ideas?
Can some help me out with this exception
TlsException: The authentication or decryption has failed. $$anonymous$$ono.Security.Protocol.Tls.RecordProtocol.ProcessAlert (AlertLevel alertLevel, AlertDescription alertDesc) $$anonymous$$ono.Security.Protocol.Tls.RecordProtocol.InternalReceiveRecordCallback (IAsyncResult asyncResult) Rethrow as IOException: The authentication or decryption has failed. $$anonymous$$ono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (IAsyncResult asyncResult) Rethrow as $$anonymous$$qttConnectionException: Exception connecting to the broker uPLibrary.Networking.$$anonymous$$2$$anonymous$$qtt.$$anonymous$$qttClient.Connect (System.String clientId, System.String username, System.String password, Boolean willRetain, Byte willQosLevel, Boolean willFlag, System.String willTopic, System.String will$$anonymous$$essage, Boolean cleanSession, UInt16 keepAlivePeriod) uPLibrary.Networking.$$anonymous$$2$$anonymous$$qtt.$$anonymous$$qttClient.Connect (System.String clientId) $$anonymous$$qttPublisher.Publish () (at Assets/$$anonymous$$qttPublisher.cs:48) Client.Start () (at Assets/Client.cs:30)
@stevesmith_styku You can import root certificates at runtime:
var path; //Path to root certificate
using (X509Store store = new X509Store(StoreName.Root, StoreLocation.CurrentUser)) {
store.Open(OpenFlags.ReadWrite);
store.Add(new X509Certificate2(X509Certificate2.CreateFromCertFile(path))); //where cert is an X509Certificate object
}
Actually, the X509Store is not available in Unity, on purpose. The store is not available on many platforms supported by Unity. If you try to run the code above, it will not actually add the certificate in the needed store.
