{{Quickfixn}} Server-side certificates BUT no client-side certificates (from github #567)

Wed Dec 18 14:31:57 PST 2019

Answered on github, but posting here for posterity: the cfg you want in
this case is SSLRequireClientCertificate=N

--
Mike Gatny
Connamara Systems

On Wed, Dec 18, 2019 at 11:43 AM Roberto Reff <roberto.reff at poligram.de>
wrote:

> Hello Grant.
>
>
> We have used SSL stuff connection to bloomberg.
>
> With those it is so that they issue a certificate, their public key is
> held at the client and the connection can be established.
> The client itself does not yet have a certificate, so the host (acceptor)
> does not know it.
> This setting works wonderfully.
>
> To answer the question. yes, that works. For the explicit settings you
> have to specify which settings the Acceptor has made. Usually this is only
> possible with Trial end Error. Possibly somebody uses the same and can
> report from his experiences.
>
>
> Regards
> Roberto
> ------------------------------
> *Von:* Quickfixn <quickfixn-bounces at lists.quickfixn.com> im Auftrag von
> Grant Birchmeier <gbirchmeier at connamara.com>
> *Gesendet:* Mittwoch, 18. Dezember 2019 17:30
> *An:* Mailing list for QuickFIX/n <quickfixn at lists.quickfixn.com>
> *Betreff:* {{Quickfixn}} Server-side certificates BUT no client-side
> certificates (from github #567)
>
> Hi all,
>
> If any of you are knowledgeable with SSL cert stuff, could you take a look
> at the below question that was submitted via github?  It's just not an area
> I'm well-versed in.
>
> Thanks
> -Grant
>
>
>
> ---------- Forwarded message ---------
> From: *aerlian* <notifications at github.com>
> Date: Wed, Dec 18, 2019 at 7:58 AM
> Subject: [connamara/quickfixn] Server-side certificates BUT no client-side
> certificates (#567)
> To: connamara/quickfixn <quickfixn at noreply.github.com>
> Cc: Subscribed <subscribed at noreply.github.com>
>
>
> I don't seem to be able to get the following configuration to work:
>
>    1. Server certificate is configured
>    2. Client certificate is NOT configured
>
> This would lead to a secure channel where the client identity is realized
> only from SenderCompID value sent in the request from client to server.
>
> I see that QuickFix/J (
> https://www.quickfixj.org/usermanual/2.0.0/usage/configuration.html) has
> a setting that I believe I am looking for but cannot find in QuickFix/N:
> NeedClientAuth=[Y|N]
>
> Please can someone advise whether this configuration is possible in
> QuickFix/N and if so how should the config be made?
>
> —
> You are receiving this because you are subscribed to this thread.
> Reply to this email directly, view it on GitHub
> <https://github.com/connamara/quickfixn/issues/567?email_source=notifications&email_token=AABZ52AFQMPI2NPYK5YSMITQZIUANA5CNFSM4J4LNA42YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4IBLEKTQ>,
> or unsubscribe
> <https://github.com/notifications/unsubscribe-auth/AABZ52BD4OTOLNQGZBJDAJ3QZIUANANCNFSM4J4LNA4Q>
> .
>
>
> --
> Grant Birchmeier
> *Connamara Systems, LLC*
> *Made-To-Measure Trading Solutions.*
> Exactly what you need. No more. No less.
> http://connamara.com
>
>
>
>
> ------------------------------
> Poligram GmbH
> Rilkeweg 4
> 59519 Möhnesee
>
>
> Geschäftsführung: Roberto Reff
> Registergericht: Amtsgericht Arnsberg
> Registernummer: HRB10900
> USt.ID: DE251226082
>
> http://www.poligram.de
>
>
> This message contains confidential information and is intended only for
> the individual(s) addressed in the message. If you are not the named
> addressee, you should not disseminate, distribute, or copy this e-mail. If
> you are not the intended recipient, you are notified that disclosing,
> distributing, or copying this e-mail is strictly prohibited.
> _______________________________________________
> Quickfixn mailing list
> Quickfixn at lists.quickfixn.com
> http://lists.quickfixn.com/listinfo.cgi/quickfixn-quickfixn.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.quickfixn.com/pipermail/quickfixn-quickfixn.com/attachments/20191218/ed3b61df/attachment.htm>