{{Quickfixn}} Configuring SSL with Cert & Key pem files

Ian Clements ian.clements at investmentsoftwareltd.com
Mon Sep 14 12:31:57 PDT 2015 

Many thanks for the reply Grant.  I managed to figure it out in the end my ignorance of SSL certificates and how they work was the main problem!  I needed to use OpenSSL to turn my two pem files (Cert & key) into a pfx file with the following command –

OpenSSL pkcs12 –inkey c:\keys\key.pem –in c:\keys\cert.pem –export –out c:\keys\NewCert.pfx

Then with the following config everything connected great.

SSLEnable=Y
SSLValidateCertificates=N
SSLCheckCertificateRevocation=N
SSLCertificate=c:\Keys\NewCert.pfx
SSLCertificatePassword=xxxxxxx

Hope this helps others.  Would be good to include it in the SSL documentation to help others trying to migrate from stunnel with key and cert files.

From: Quickfixn [mailto:quickfixn-bounces at lists.quickfixn.com] On Behalf Of Grant Birchmeier
Sent: 14 September 2015 20:08
To: Mailing list for QuickFIX/n <quickfixn at lists.quickfixn.com>
Subject: Re: {{Quickfixn}} Configuring SSL with Cert & Key pem files

It's not well supported.  Someone wrote it, and I took the patch because we didn't have anything else, but maybe that was a mistake.  I haven't tried it myself, and it's not very well documented.  I'd welcome any attempts to improve it.

If Stunnel is working for you, I'd recommend sticking with it.

On Mon, Sep 14, 2015 at 1:45 PM, Ian Clements <ian.clements at investmentsoftwareltd.com<mailto:ian.clements at investmentsoftwareltd.com>> wrote:
Hi all,

Migrating our current in house  FIX engine with Stunnel to use QuickFix/N.  We have a certificate and private key pem file provided by Bloomberg but I can’t seem to get the SSL tunnelling working using just QuickFix.

Am I doing something wrong or is this not possible and I need to continue to use Stunnel.

Many thanks,
Ian.


_______________________________________________
Quickfixn mailing list
Quickfixn at lists.quickfixn.com<mailto:Quickfixn at lists.quickfixn.com>
http://lists.quickfixn.com/listinfo.cgi/quickfixn-quickfixn.com



--
Grant Birchmeier
Connamara Systems, LLC
Made-To-Measure Trading Solutions.
Exactly what you need. No more. No less.
http://connamara.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.quickfixn.com/pipermail/quickfixn-quickfixn.com/attachments/20150914/211b6c05/attachment-0002.htm>

More information about the Quickfixn mailing list