{{Quickfixn}} Configuring SSL with Cert & Key pem files
Christopher Karpyszyn
Christopher.Karpyszyn at jitneytrade.com
Mon Oct 19 11:21:44 PDT 2015
Hi Ian,
Did you run into this issue when trying to connect:
Connection failed: Authentication failed because the remote party has closed the transport stream.
From: Quickfixn [mailto:quickfixn-bounces at lists.quickfixn.com] On Behalf Of Christopher Karpyszyn
Sent: Wednesday, October 14, 2015 1:25 PM
To: Mailing list for QuickFIX/n <quickfixn at lists.quickfixn.com>
Subject: Re: {{Quickfixn}} Configuring SSL with Cert & Key pem files
Hi Ian,
I’m also working with Bloomberg and I’m trying to create the pfx key.
OpenSSL asks for the cert password and then an “export” password. The guys at Bloomberg don’t seem to recognize the difference between the two. Do you know better terminology for that export password?
Thanks,
Chris
From: Quickfixn [mailto:quickfixn-bounces at lists.quickfixn.com] On Behalf Of Ian Clements
Sent: Monday, September 14, 2015 3:32 PM
To: Mailing list for QuickFIX/n <quickfixn at lists.quickfixn.com<mailto:quickfixn at lists.quickfixn.com>>
Subject: Re: {{Quickfixn}} Configuring SSL with Cert & Key pem files
Many thanks for the reply Grant. I managed to figure it out in the end my ignorance of SSL certificates and how they work was the main problem! I needed to use OpenSSL to turn my two pem files (Cert & key) into a pfx file with the following command –
OpenSSL pkcs12 –inkey c:\keys\key.pem –in c:\keys\cert.pem –export –out c:\keys\NewCert.pfx
Then with the following config everything connected great.
SSLEnable=Y
SSLValidateCertificates=N
SSLCheckCertificateRevocation=N
SSLCertificate=c:\Keys\NewCert.pfx
SSLCertificatePassword=xxxxxxx
Hope this helps others. Would be good to include it in the SSL documentation to help others trying to migrate from stunnel with key and cert files.
From: Quickfixn [mailto:quickfixn-bounces at lists.quickfixn.com] On Behalf Of Grant Birchmeier
Sent: 14 September 2015 20:08
To: Mailing list for QuickFIX/n <quickfixn at lists.quickfixn.com<mailto:quickfixn at lists.quickfixn.com>>
Subject: Re: {{Quickfixn}} Configuring SSL with Cert & Key pem files
It's not well supported. Someone wrote it, and I took the patch because we didn't have anything else, but maybe that was a mistake. I haven't tried it myself, and it's not very well documented. I'd welcome any attempts to improve it.
If Stunnel is working for you, I'd recommend sticking with it.
On Mon, Sep 14, 2015 at 1:45 PM, Ian Clements <ian.clements at investmentsoftwareltd.com<mailto:ian.clements at investmentsoftwareltd.com>> wrote:
Hi all,
Migrating our current in house FIX engine with Stunnel to use QuickFix/N. We have a certificate and private key pem file provided by Bloomberg but I can’t seem to get the SSL tunnelling working using just QuickFix.
Am I doing something wrong or is this not possible and I need to continue to use Stunnel.
Many thanks,
Ian.
_______________________________________________
Quickfixn mailing list
Quickfixn at lists.quickfixn.com<mailto:Quickfixn at lists.quickfixn.com>
http://lists.quickfixn.com/listinfo.cgi/quickfixn-quickfixn.com
--
Grant Birchmeier
Connamara Systems, LLC
Made-To-Measure Trading Solutions.
Exactly what you need. No more. No less.
http://connamara.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.quickfixn.com/pipermail/quickfixn-quickfixn.com/attachments/20151019/e6170895/attachment-0002.htm>
More information about the Quickfixn
mailing list