<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Lucida Sans";
panose-1:2 11 6 2 3 5 4 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Lucida Sans",sans-serif;
color:#3B3838;
font-weight:normal;
font-style:normal;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Lucida Sans",sans-serif;
color:#3B3838;
font-weight:normal;
font-style:normal;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-CA link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:9.5pt;font-family:"Lucida Sans",sans-serif;color:#3B3838;mso-fareast-language:EN-US'>Hi Ian,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:9.5pt;font-family:"Lucida Sans",sans-serif;color:#3B3838;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:9.5pt;font-family:"Lucida Sans",sans-serif;color:#3B3838;mso-fareast-language:EN-US'>Did you run into this issue when trying to connect:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:9.5pt;font-family:"Lucida Sans",sans-serif;color:#3B3838;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><b><span style='font-size:9.5pt;font-family:"Lucida Sans",sans-serif;color:#3B3838;mso-fareast-language:EN-US'>Connection failed: Authentication failed because the remote party has closed the transport stream.<o:p></o:p></span></b></p><p class=MsoNormal><span style='font-size:9.5pt;font-family:"Lucida Sans",sans-serif;color:#3B3838;mso-fareast-language:EN-US'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span></b><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri",sans-serif'> Quickfixn [mailto:quickfixn-bounces@lists.quickfixn.com] <b>On Behalf Of </b>Christopher Karpyszyn<br><b>Sent:</b> Wednesday, October 14, 2015 1:25 PM<br><b>To:</b> Mailing list for QuickFIX/n <quickfixn@lists.quickfixn.com><br><b>Subject:</b> Re: {{Quickfixn}} Configuring SSL with Cert & Key pem files<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='font-size:9.5pt;font-family:"Lucida Sans",sans-serif;color:#3B3838;mso-fareast-language:EN-US'>Hi Ian, <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:9.5pt;font-family:"Lucida Sans",sans-serif;color:#3B3838;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:9.5pt;font-family:"Lucida Sans",sans-serif;color:#3B3838;mso-fareast-language:EN-US'>I’m also working with Bloomberg and I’m trying to create the pfx key.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:9.5pt;font-family:"Lucida Sans",sans-serif;color:#3B3838;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:9.5pt;font-family:"Lucida Sans",sans-serif;color:#3B3838;mso-fareast-language:EN-US'>OpenSSL asks for the cert password and then an “export” password. The guys at Bloomberg don’t seem to recognize the difference between the two. Do you know better terminology for that export password?<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:9.5pt;font-family:"Lucida Sans",sans-serif;color:#3B3838;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:9.5pt;font-family:"Lucida Sans",sans-serif;color:#3B3838;mso-fareast-language:EN-US'>Thanks,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:9.5pt;font-family:"Lucida Sans",sans-serif;color:#3B3838;mso-fareast-language:EN-US'>Chris<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:9.5pt;font-family:"Lucida Sans",sans-serif;color:#3B3838;mso-fareast-language:EN-US'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span></b><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri",sans-serif'> Quickfixn [<a href="mailto:quickfixn-bounces@lists.quickfixn.com">mailto:quickfixn-bounces@lists.quickfixn.com</a>] <b>On Behalf Of </b>Ian Clements<br><b>Sent:</b> Monday, September 14, 2015 3:32 PM<br><b>To:</b> Mailing list for QuickFIX/n <<a href="mailto:quickfixn@lists.quickfixn.com">quickfixn@lists.quickfixn.com</a>><br><b>Subject:</b> Re: {{Quickfixn}} Configuring SSL with Cert & Key pem files<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span lang=EN-GB style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'>Many thanks for the reply Grant. I managed to figure it out in the end my ignorance of SSL certificates and how they work was the main problem! I needed to use OpenSSL to turn my two pem files (Cert & key) into a pfx file with the following command –<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'>OpenSSL pkcs12 –inkey c:\keys\key.pem –in c:\keys\cert.pem –export –out c:\keys\NewCert.pfx<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'>Then with the following config everything connected great.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'>SSLEnable=Y<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'>SSLValidateCertificates=N<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'>SSLCheckCertificateRevocation=N<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'>SSLCertificate=c:\Keys\NewCert.pfx<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'>SSLCertificatePassword=xxxxxxx<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'>Hope this helps others. Would be good to include it in the SSL documentation to help others trying to migrate from stunnel with key and cert files.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><b><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span></b><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri",sans-serif'> Quickfixn [<a href="mailto:quickfixn-bounces@lists.quickfixn.com">mailto:quickfixn-bounces@lists.quickfixn.com</a>] <b>On Behalf Of </b>Grant Birchmeier<br><b>Sent:</b> 14 September 2015 20:08<br><b>To:</b> Mailing list for QuickFIX/n <<a href="mailto:quickfixn@lists.quickfixn.com">quickfixn@lists.quickfixn.com</a>><br><b>Subject:</b> Re: {{Quickfixn}} Configuring SSL with Cert & Key pem files<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p><div><div><p class=MsoNormal><span lang=EN-GB style='color:black'>It's not well supported. Someone wrote it, and I took the patch because we didn't have anything else, but maybe that was a mistake. I haven't tried it myself, and it's not very well documented. I'd welcome any attempts to improve it.<o:p></o:p></span></p></div><div><p class=MsoNormal><span lang=EN-GB style='color:black'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span lang=EN-GB style='color:black'>If Stunnel is working for you, I'd recommend sticking with it.<o:p></o:p></span></p></div></div><div><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p><div><p class=MsoNormal><span lang=EN-GB>On Mon, Sep 14, 2015 at 1:45 PM, Ian Clements <<a href="mailto:ian.clements@investmentsoftwareltd.com" target="_blank">ian.clements@investmentsoftwareltd.com</a>> wrote:<o:p></o:p></span></p><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-GB>Hi all,<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-GB> <o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-GB>Migrating our current in house FIX engine with Stunnel to use QuickFix/N. We have a certificate and private key pem file provided by Bloomberg but I can’t seem to get the SSL tunnelling working using just QuickFix.<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-GB> <o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-GB>Am I doing something wrong or is this not possible and I need to continue to use Stunnel.<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-GB> <o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-GB>Many thanks,<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-GB>Ian.<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-GB> <o:p></o:p></span></p></div></div><p class=MsoNormal style='margin-bottom:12.0pt'><span lang=EN-GB><br>_______________________________________________<br>Quickfixn mailing list<br><a href="mailto:Quickfixn@lists.quickfixn.com">Quickfixn@lists.quickfixn.com</a><br><a href="http://lists.quickfixn.com/listinfo.cgi/quickfixn-quickfixn.com" target="_blank">http://lists.quickfixn.com/listinfo.cgi/quickfixn-quickfixn.com</a><o:p></o:p></span></p></blockquote></div><p class=MsoNormal><span lang=EN-GB><br><br clear=all><o:p></o:p></span></p><div><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p></div><p class=MsoNormal><span lang=EN-GB>-- <o:p></o:p></span></p><div><div><p class=MsoNormal><span lang=EN-GB style='font-size:10.0pt;background:white'>Grant Birchmeier</span><span lang=EN-GB><o:p></o:p></span></p></div><div><p class=MsoNormal><b><span lang=EN-GB style='font-size:10.0pt;color:#3333FF;background:#FFCC00'>Connamara Systems, LLC</span></b><span lang=EN-GB><o:p></o:p></span></p></div><div><p class=MsoNormal><b><span lang=EN-GB style='font-size:10.0pt'>Made-To-Measure Trading Solutions.</span></b><span lang=EN-GB><o:p></o:p></span></p></div><div><p class=MsoNormal><span lang=EN-GB style='font-size:10.0pt'>Exactly what you need. No more. No less.</span><span lang=EN-GB><o:p></o:p></span></p></div><div><p class=MsoNormal><span lang=EN-GB style='font-size:10.0pt'><a href="http://connamara.com" target="_blank">http://connamara.com</a></span><span lang=EN-GB><o:p></o:p></span></p></div></div></div></div></body></html>