Use a custom root certificate

You can choose to not use the default embedded root certificate and use your own instead.

Fluxzy supports X509 certificate having RSA private key as root certificate.

A custom root certificate can be loaded from a PKCS#12 file or from the default store.

using Fluxzy;
using Fluxzy.Certificates;

var fluxzySetting = FluxzySetting.CreateDefault();

var myPkcs12Certificate = Certificate.LoadFromPkcs12("/path/to/ca.com.pfx", "password");

// Alternatively, you can use Certificate.LoadFromUserStoreByThumbprint()
// to load the certificate from the default user store

fluxzySetting.SetCaCertificate(myPkcs12Certificate); 

await using var proxy = new Proxy(fluxzySetting);

Console.WriteLine("Press any key to exit");
Console.ReadKey();

Additionally, you can override the default root certificate with two different methods:

• setting environment variable FLUXZY_ROOT_CERTIFICATE to a value containing the path to the PKCS#12 file.
• creating a file under '%appdata%/.fluxzy/rootca.pfx' containing the PKCS#12 file.

In both cases, the password of the PKCS#12 file can be provided by setting the environment variable FLUXZY_ROOT_CERTIFICATE_PASSWORD to the password of the PKCS#12 file.

• We recommend using a 2048 bits key as it provides a good balance between security and performance (required certificate has to be generated on the fly).
• Fluxzy CLI contains a straightforward command to generate a root certificate.