Search Unity

  1. Unity 2019.2 is now released.
    Dismiss Notice

Allow "self signed certificate in certificate chain"

Discussion in 'Editor & General Support' started by Domvel, Nov 5, 2018.

  1. Domvel

    Domvel

    Joined:
    Sep 18, 2018
    Posts:
    24
    Hi there,
    our network is behind a firewall with ssl inspection. So it's a man-in-the-middle and re-sign the certificates. I can't change it. I have to set the clients on my PC to ignore strict-ssl or assign the certificates. e.g. for NPM, etc.

    Is there an option in Unity (e.g. setting or enviroment variable, etc) to ignore self signed certificates?
    I mean not in my scripts. I mean in editor. e.g. The Package Manager connects to a URL to fetch the possible additional packages. But I get an error.

    Cannot perform upm operation: self signed certificate in certificate chain [NotFound]
    UnityEditor.EditorApplication:Internal_CallUpdateFunctions()
     
  2. Aurimas-Cernius

    Aurimas-Cernius

    Unity Technologies

    Joined:
    Jul 31, 2013
    Posts:
    2,307
    The most straight-forward thing is to add your certificate to your OSes trusted root certificate store. Unity takes trusted certs from there.
     
  3. Domvel

    Domvel

    Joined:
    Sep 18, 2018
    Posts:
    24
    Thats weird, because the certificates are set in my OS. (Windows 10 Pro 64bit) I checked it in the certmgr of windows and asked our admin. And the Chrome browser works as well. And it also access to it. In my experience the best solution is to set strict-ssl to false of every client. I guess Unity has no such property, right? If so I have a great new feature request for unity. :)

    Mabye the package manager is a separated system and does not use the OS certs or needs an option to disable strict-ssl?
     
    Last edited: Nov 6, 2018
  4. Domvel

    Domvel

    Joined:
    Sep 18, 2018
    Posts:
    24
    Are you really sure that Unity takes trusted certs from the windows certificates? (certlm / certmgr)? (please see my prev post)
     
  5. Aurimas-Cernius

    Aurimas-Cernius

    Unity Technologies

    Joined:
    Jul 31, 2013
    Posts:
    2,307
    Looked into code: we are using CertOpenStore()/CertEnumCertificatesInStore() to get certificates on Windows.
     
  6. Domvel

    Domvel

    Joined:
    Sep 18, 2018
    Posts:
    24
    Ok, thanks. Weird, that this is not working in my case.
    For Google Chrome it works.
     
    Last edited: Nov 8, 2018