Re: [Quickfixj-users] SSL Setup

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

This does not necessarily answer your question, but there is a way to use
SSL outside of QuickFIX.

You can use a free third-party open-source tool like Stunnel.  You configure
Stunnel to connect to an IP/port of another SSL connection somewhere on the
internet.  Then, you configure QuickFIX to connect to
localhost/configured-listen-port-of-Stunnel.  Very simple, very easy to
setup.  I've used this setup many, many times in a production environment.
 But if NYSE, for instance, allows you to first create an SSL tunnel, then
this is a great solution because all you have to do is connect, then tell
QuickFIX to connect to localhost.  Yes, you still have to generate
certificates, etc.  But the remote location should have a process for
exchanging public keys;  again, nothing out of the ordinary here, generate
your public/private keys, swap public keys, connect the tunnel, send FIX.
 Done.

John Vatianou
Connamara Systems, LLC
www.connamara.com

On Thu, Oct 28, 2010 at 9:24 AM, Paresh Daya <par...@gm...> wrote:

> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
> QuickFIX/J Support: http://www.quickfixj.org/support/
>
>
> Hi All,
>
>
>
> QuickFixJ docs are a bit sketchy around the SSL area.
>
>
>
> I am trying to setup SSL between 2 engines (1 quickfixj and
> other is a proprietary NYSE engine).
>
>
>
> What is the desired way of going about doing this:
>
>
>
> 1.
> Both generate certificates using OpenSSL and convert to
> PKCS12 format.
>
> 2.
> Swap pkcs12 files.
>
> 3.
> Import client's pkcs12 file into a new keystore.
>
> 4.
> Reference keystore and password in quickfixJ config.
>
> 5.
> Client would do the same.
>
>
>
> Is this the correct way?
>
>
>
> Can I achieve this using just one certificate, i.e. I generate
> a PKCS12 cert, send it to the client, and include the same one in my
> keystore?
>
>
>
> Thanks in advance.
>
>
> ------------------------------------------------------------------------------
> Nokia and AT&T present the 2010 Calling All Innovators-North America
> contest
> Create new apps & games for the Nokia N8 for consumers in  U.S. and Canada
> $10 million total in prizes - $4M cash, 500 devices, nearly $6M in
> marketing
> Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store
> http://p.sf.net/sfu/nokia-dev2dev
> _______________________________________________
> Quickfixj-users mailing list
> Qui...@li...
> https://lists.sourceforge.net/lists/listinfo/quickfixj-users
>