Final thread about Self Signed Certificate

**Franklin1** · 12-06-2015, 02:44 PM

This is what I noted down to help me remember

GENERATE .KEY
c:\OpenSSL-Win32\bin\openssl genrsa -out <username>.key 2048

GENERATE .CSR
c:\OpenSSL-Win32\bin\openssl req -new -config c:\OpenSSL-Win32\bin\openssl.cfg -key <username>.key -out <username>.csr
>> UK, , London, , , Bob, Bob@hotmail.com, , ,

GENERATE .CRT
c:\OpenSSL-Win32\bin\openssl x509 -req -days 365 -in <username>.csr -signkey <username>.key -out <username>.crt -extfile c:\OpenSSL-Win32\bin\openssl.cfg -extensions ssl_client

GENERATE .p12
c:\OpenSSL-Win32\bin\openssl pkcs12 -export -in <username>.crt -inkey <username>.key -out <username>.p12

UPLOAD the .crt
LOCALLY use the .p12

Does betfair accept your key? You also need to load it correctly in your app

I used the second answer here:
http://stackoverflow.com/questions/6...-in-cert-store

Dim fInfo As New FileInfo(certPath & "\" & username & ".p12")
Dim numBytes As Long = fInfo.Length
Dim fStream As New FileStream(certPath & "\" & username & ".p12", FileMode.Open, FileAccess.Read)
Dim br As New BinaryReader(fStream)
Dim data As Byte() = br.ReadBytes(CInt(numBytes))
br.Close()
fStream.Close()

cert = New X509Certificate2(data)

**hhoulston** · 16-06-2015, 10:55 AM

Something very important in windows and not mentioned in the documentation is that your command prompt must be Run As Administrator.

Also forgive me if I'm stating the obvious (it wasn't obvious to me when I went through this process), but it's the crt file that you upload to your account, not the pem or p12 if you're using either of those

**silentman13.** · 16-06-2015, 12:40 PM

Originally posted by hhoulston View Post

Something very important in windows and not mentioned in the documentation is that your command prompt must be Run As Administrator.

Also forgive me if I'm stating the obvious (it wasn't obvious to me when I went through this process), but it's the crt file that you upload to your account, not the pem or p12 if you're using either of those

Thanks to Franklin1 and hhoulston.

The meaning of this thread is to create a definitive guide about Betfair Seld Signed Certificate.

**silentman13.** · 23-06-2015, 12:41 PM

Finally I've got it!

1) I've installed OpenSSL-Win64 (I've Windows 7 64 Bit) in 'C:\OpenSSL-Win64'
2) Added these rows in 'C:\OpenSSL-Win64\bin\openssl.cfg' file tail :

Code:

[ ssl_client ]
basicConstraints = CA:FALSE
nsCertType = client
keyUsage = digitalSignature, keyEncipherment
extendedKeyUsage = clientAuth

3) I've created a new simple txt file and add these rows :

Code:

cd "C:\OpenSSL-Win64\bin"

openssl genrsa -out client-2048.key 2048

openssl req -new -config openssl.cfg -key client-2048.key -out client-2048.csr

openssl x509 -req -days 365 -in client-2048.csr -signkey client-2048.key -out client-2048.crt -extfile openssl.cfg -extensions ssl_client 

openssl pkcs12 -export -in client-2048.crt -inkey client-2048.key -out client-2048.p12

pause

4) I've saved txt file (ex: 'create_cert.txt') and changed file extension in '.bat' (ex: 'create_cert.bat')
5) Now we have a batch file to execute. Important! Right click on BAT file and click on 'Run as administrator'
6) You need to type your company or personal informations
7) At the end we have generated 4 files : client-2048.crt, client-2048.csr, client-2048.key, client-2048.p12
8) Now we have to link the certificate to your Betfair account (see API documentation). I've updated client-2048.crt

This is a short but good python (2.7 version) example to test if it's all OK (you will see a success message and sessionToken) :

Code:

#!/usr/bin/env python

import requests

payload = 'username=YOUR_BF_USERNAME&password=YOUR_BF_PASSWORD'
headers = {'X-Application': 'YOUR_BF_APPLICATION_KEY', 'Content-Type':'application/x-www-form-urlencoded'}
resp = requests.post('https://identitysso.betfair.com/api/certlogin', data=payload, cert=('client-2048.crt', 'client-2048.key'), headers=headers)
if resp.status_code == 200:
  resp_json = resp.json()
  print resp_json['loginStatus']
  print resp_json['sessionToken']
else:
  print "Request failed."

Important!
To try this python example you need to :
1) install betfair.py (see https://github.com/jmcarp/betfair.py)
2) put 'client-2048.crt' and 'client-2048.key' in the same folder of python file example
3) replace 'YOUR_BF_XXX' with your real BF account information

Hope this help. Let me know if you've problems!

**Dean Lafferty** · 12-03-2016, 10:23 PM

thanks for the tips guys. worked for me.

**rxelgin** · 26-10-2016, 03:52 AM

Has anyone done this on Linux??

This is the most detailed thread so far I have found on this problem.

However, has anyone done this on Linux and tested it with curl?

**rxelgin** · 27-10-2016, 12:47 AM

Following on from my previous question - has any one done this on Linux?

The curl command that Betfair suggested one use to validate the certs wasn't working for me.

However, by adding the full directory address of the cert I managed to make it work.

curl -q -k --cert /home/tom/Betfair/client-2048.crt --key /home/tom/Betfair/client-2048.key https://identitysso.betfair.com/api/certlogin -d "username=betfair_username&password=betfair_passwo rd" -H "X-Application:curlCommandLineTest"

Final thread about Self Signed Certificate

Final thread about Self Signed Certificate

Comment

Comment

Comment

Comment

Comment

Comment

Comment