Announcement

Collapse
No announcement yet.

Non-interactive Login with powershell and OpenSSL

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Non-interactive Login with powershell and OpenSSL

    Hi all
    I have installed and add to PATH an openssl distribution, and on widows I have generated a key using this openssl.cnf file and the following commands:
    openssl.cnf content:
    Code:
    [req]
    distinguished_name = req_distinguished_name
    req_extensions = v3_req
    attributes = req_attributes
    prompt = no
    
    [req_distinguished_name]
    countryName = UK
    localityName = Cambridge
    commonName = My Name
    emailAddress = my.email@gmail.com
    
    [ req_attributes ]
    challengePassword = myPassword
    
    [v3_req]
    basicConstraints = CA:FALSE
    keyUsage = digitalSignature, keyEncipherment, dataEncipherment
    extendedKeyUsage = clientAuth
    Commands (in powershell):
    Code:
    openssl genrsa -aes256 -passout pass:myPassword -out client.pass-2048.key 2048
    openssl rsa -passin pass:myPassword -in client.pass-2048.key -out client-2048.key
    openssl req -new -config openssl.cnf -key client-2048.key -out client-2048.csr
    openssl x509 -req -days 365 -in client-2048.csr -signkey client-2048.key -out client-2048.crt -extfile openssl.cnf -extensions v3_req
    Get-Content client-2048.crt, client-2048.key | Set-Content client-2048.pem
    I have now tried to perform a post using the certificate, so I have
    1. imported the .crt file into my windows cert storage
    2. set a cert variable containing the certificate using the thumbprint of the certificate
    3. used Invoke-WebRequest to test the api
    Code:
    Import-Certificate -FilePath client-2048.crt -CertStoreLocation cert:\CurrentUser\Root
    $cert=Get-ChildItem -path cert:\CurrentUser\Root\CCF56A1D1F532EBDF324A0409D158991BB488592
    Invoke-WebRequest -Method Post -Uri https://identitysso-cert.betfair.com/api/certlogin -Headers @{'X-Application' = 'myappkey'} -ContentType 'application/x-www-form-urlencoded' -Body @{'username'='my.email@gmail.com'; 'password'='myPassword'} -Certificate $cert
    Result is:
    Code:
    StatusCode : 200
    StatusDescription : OK
    Content : {"loginStatus":"CERT_AUTH_REQUIRED"}
    RawContent : HTTP/1.1 200 OK
    Content-Length: 36
    Content-Type: text/plain;charset=ISO-8859-1
    Date: Wed, 06 Oct 2021 09:42:36 GMT
    
    {"loginStatus":"CERT_AUTH_REQUIRED"}
    Forms : {}
    Headers : {[Content-Length, 36], [Content-Type, text/plain;charset=ISO-8859-1], [Date, Wed, 06 Oct 2021 09:42:36 GMT]}
    Images : {}
    InputFields : {}
    Links : {}
    ParsedHtml : mshtml.HTMLDocumentClass
    RawContentLength : 36
    My password contains some symbols, and I have tried to escape them with %<code> too.
    At this point I am not sure I have generated the cert correctly, anyone can help?

    Thanks in advance
    Last edited by riccardolasagno; 06-10-2021, 12:13 PM.
Working...
X