Quickfixn SSL Configuration issue

Question

Im trying to configure my quickfix to initiate SSL connection, I tried a lot ok googling and went with the below configuration and im getting following error. Will be great if some one can give suggestions on this.

Configuration:

    [DEFAULT]
    ConnectionType=initiator
    ReconnectInterval=200
    FileStorePath=E:/Vivek/SourceCodes/Swiss/PrimoLiquidity/PrimeLiquidity/bin/Debug/FixLogs/MarketDataLogs
    FileLogPath=E:/Vivek/SourceCodes/Swiss/PrimoLiquidity/PrimeLiquidity/bin/Debug/FixLogs/MarketDataLogs
    StartTime=00:00:00
    EndTime=00:00:00
    UseDataDictionary=Y
    DataDictionary=E:/Vivek/SourceCodes/Swiss/PrimoLiquidity/PrimeLiquidity/bin/Debug/FIX44.xml
    SocketConnectPort=2525
    SocketConnectHost=70.42.18.200
    ResetOnLogon=Y
    ValidateFieldsOutOfOrder=N
    SSLEnable=Y
    SSLValidateCertificates=N
    SSLCheckCertificateRevocation=N
    SSLCertificate=C:/Users/Vivek/NewCert.pfx
    SSLCertificatePassword=12345


    # standard config elements

    [SESSION]
    BeginString=FIX.4.4
    SenderCompID=quote.DEMOSUCD.530
    SenderSubID=DEMOSUCD
    TargetCompID=demo.fxgrid
    HeartBtInt=30

Error:

 20170310-19:40:45.089 : Unable to perform authentication against server: A call to SSPI failed, see inner exception.
 20170310-19:40:45.089 : Connection failed (AuthenticationException): A call to SSPI failed, see inner exception.

Possible duplicate of [Quickfixn SSL Configuration](http://stackoverflow.com/questions/42725200/quickfixn-ssl-configuration) — Iridium, Mar 10 '17 at 20:20
Sorry it got posted twice by mistake, Can you please answer any one of my link? — Vivek Jeeva Kumar, Mar 10 '17 at 20:27

score 0 · Answer 1 · answered Mar 11 '17 at 04:37

0

I have done this extensively before, not through the QuickFIX API but through stunnel. See here. It think you should use this to set up a persistent SSL connection. It might take a bit of time to configure, but once you get it you don't have to worry about it again.

answered Mar 11 '17 at 04:37

Wapiti

1,851
2
20
40

Thanks for the comment.I tried to configure Stunnel and get the below error. 2017.03.13 13:55:26 LOG5[1]: Service [demo.fxgrid] accepted connection from 127.0.0.1:51368 2017.03.13 13:55:26 LOG5[1]: s_connect: connected 127.0.0.1:80 2017.03.13 13:55:26 LOG5[1]: Service [demo.fxgrid] connected remote server from 127.0.0.1:51369 2017.03.13 13:55:26 LOG3[1]: SSL_connect: 140770FC: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol 2017.03.13 13:55:26 LOG5[1]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket – Vivek Jeeva Kumar Mar 13 '17 at 08:22
Below are my configs – Vivek Jeeva Kumar Mar 13 '17 at 08:27
[demo.fxgrid] client = yes accept = 127.0.0.1:443 connect = 70.42.18.200:2525 cert = C:\Users\Vivek\my-cert.pem key = C:\Users\Vivek\my-key.pem – Vivek Jeeva Kumar Mar 13 '17 at 08:27
QuickFix Config SocketConnectPort=443 SocketConnectHost=127.0.0.1 – Vivek Jeeva Kumar Mar 13 '17 at 08:28
Sorry if i have made any silly mistakes, Im totally new to this – Vivek Jeeva Kumar Mar 13 '17 at 08:28

score 0 · Answer 2 · answered Mar 11 '17 at 21:08

0

Where does this error come from - your side or the counterparty side? What's the SSPI inner exception say?

There's something about SSPI and quick fix here that the certificate is not in the Windows cert store.

I also agree with Wapiti: use stunnel

answered Mar 11 '17 at 21:08

rupweb

3,052
1
30
57

Thanks for the comment. The error comes from my counter party side. I am trying to use Stunnel. – Vivek Jeeva Kumar Mar 13 '17 at 08:22

Quickfixn SSL Configuration issue

2 Answers2