Betfair Developers

OpenSSL and creating a certificate

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Peter Simple
    Junior Member
    • Aug 2009
    • 32
    #1

    OpenSSL and creating a certificate

    The documentation has an article about creating a certificate using OpenSSL. But there are now some problems.

    1. Step 1 (creating a RSA key pair) is the easiest step.

    2. Step 2 requires that you update or create a config file named "openssl.cnf". The docu writes that the config file is located in the Windows installation directory. This is now wrong. The latest OpenSSL Version does not provide a config file.

    There are now some general openssl.cnf files in the Internet available but i am not sure if they all are suited for the API.

    The command lines in the API also are little bit misleading because every time you have to write the full path of the file(as example instead of "client-2048.key" the correct way is "c:\OpenSSL-Win32\bin\client-2048.key")

    3. Step 3 is very challenging because you have to write a very long command line without any mistake.

    But even then i had an error: "Error: Loading extension section ssl-client".

    My questions:

    Do i have to insert a path in the command line for the Extension - even when there is already a path for the openssl.cnf in the cd line provided.

    Between step 2 and 3 i have added the section to the openssl.cnf. Step 2 worked with a file where i had changed already the values in their context. Maybe the changed .cnf is the problem.

    Maybe the development team could provide a proper .cnf file.
    Tags: None
    • andyn
      Junior Member
      • May 2012
      • 8
      #2
      rename or copy openssl.cfg to openssl.cnf

      Then in openssl.cnf just need to add the ssl_client section:

      [ ssl_client ]
      basicConstraints = CA:FALSE
      nsCertType = client
      keyUsage = digitalSignature, keyEncipherment
      extendedKeyUsage = clientAuth

      fwiw I got Win32 OpenSSL v1.0.1e from:

      http://slproweb.com/products/Win32OpenSSL.html

      (link came from http://www.openssl.org/related/binaries.html)

        Comment

        • Peter Simple
          Junior Member
          • Aug 2009
          • 32
          #3
          Yes, this is a possible solution. But an extension must be somewhere in the config registered. My solution was to use an already registered and created extension of my file and add the values. At the end i have now a certificate which i could upload.

          But now a i get an "CERT_AUTH_REQUIRED" error at the end of the login (i use the code provided by Heja in this thread https://forum.bdp.betfair.com/showthread.php?t=1926.

          But i uploaded a *.crt file which sould be sufficient according the documentation. My first idea was that the location of file is "not sure" so i have used the store but it does not matter.

            Comment

            • andyn
              Junior Member
              • May 2012
              • 8
              #4
              No idea what you mean by extension in config registered.

              I installed openssl and then just followed these instructions (after renaming openssl.cfg to openssl.cnf):

              https://api.developer.betfair.com/se...28bot%29+login

              I uploaded the .pem file (not the .crt file)

              My Python 3.3 login code is: (change user/pass/key)

              Code:
              #!/usr/bin/env python
 
import requests
 
payload = 'username=johnsmith&password=letmein'
headers = {'X-Application': 'U7ugHSvb3MksI83E', 'Content-Type': 'application/x-www-form-urlencoded'} 
 
resp = requests.post('https://identitysso.betfair.com/api/certlogin', data=payload, cert=('client-2048.crt', 'client-2048.key'), headers=headers)
 
if resp.status_code == 200:
  resp_json = resp.json()
  print(resp_json)
  print(resp_json['loginStatus'])
  print(resp_json['sessionToken'])
else:
  print("Request failed.")
              The .crt and .key files are in the same folder as my python

              It works...

              Hope that helps.

                Comment

                • Peter Simple
                  Junior Member
                  • Aug 2009
                  • 32
                  #5
                  Thanks for your help. It works now.

                    Comment

                    • DTA
                      Junior Member
                      • Jul 2016
                      • 2
                      #6
                      I found i got the error "Error: Loading extension section ssl-client" when using a openssl.cnf file from the openssl github page but was successful with the one from betfairprotrader @ https://drive.google.com/open?id=0B1...HV1c0dRa292Qm8

                        Comment

                        • Jkennard
                          Junior Member
                          • Nov 2019
                          • 5
                          #7
                          Hi, just starting out and I am getting the same error. Has anyone found a solution?


                          Weirdly enough I tried on a different computer and it worked forst time. Maybe its better using windows 10 instead of 7?
                          Last edited by Jkennard; 27-01-2020, 06:41 PM. Reason: problem solved

                            Comment

                            Previous template Next
                            Working...
                            X