In this session we will use openSSL to create the required link between our programs and Betfair. In some ways its the most challenging session in that there are plenty of opportunities to mistype stuff
Step 1 Open Wordpad and then using Wordpad open the configuration file. It will probably be in your c:\openSSL-Win64\bin folder under the name openssl.cfg
Step 2 Within the file add the following text
[ ssl_client ]
basicConstraints = CA:FALSE
nsCertType = client
keyUsage = digitalSignature, keyEncipherment
extendedKeyUsage = clientAuth
Step 3 Save the file and then rename it as
openssl.cnf
Step 4 Open a black MSDOS command window in administrator mode. Make sure you have it open in admin’ mode (right click on command prompt and select run as administrator) otherwise you may not be able to write to your root directory.
Step 5 Make sure within the MSDOS window you are at the pythonstuff folder that you created. Navigate to it if need be using the cd command
Step 6 Enter the command c:\openssl-Win64\bin\openssl in your MSDOS window
This should invoke openssl and you should have the openssl prompt ‘openSSL>’
Enter the following openSSL command
genrsa -out client-2048.key 2048
Now enter the following openSSL command
req -new -config c:\openSSL-Win64\bin\openssl.cnf -key client-2048.key -out client-2048.csr
Step 7 At the openssl prompts enter the following. For the challenge password I used the Betfair account password
Country Name (2 letter code) [AU]:GB
State or Province Name (full name) [Some-State]:London
Locality Name (eg, city) []:London
Organization Name (eg, company) [Internet Widgits Pty Ltd]:yourcompany.com
Organizational Unit Name (eg, section) []:Security Team
Common Name (e.g. server FQDN or YOUR name) []:Test API-NG Certificate
Email Address []:my.name@mydomain.com
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Step 8 After completing step7 enter the following openssl command
x509 -req -days 365 -in client-2048.csr -signkey client-2048.key -out client-2048.crt -extfile c:\openSSL-Win64\bin\openssl.cnf -extensions ssl_client
Step 9 Using a text editor copy the contents of your client-2048.crt file and your client-2048.key file into a new file called client-2048.pem. Note- These files will be found in your Pythonstuff folder but the .crt extension may be hidden when you check the file name in explorer.
Step 10 Before you login using the certificate, it must be attached to your Betfair account, as follows:
1. Login to betfair using your web browser 2. Go to: https://myaccount.betfair.com/accountdetails/mysecurity?showAPI=1 3. Find the "Automated Betting Program Access" header and click "Edit" 4. Click the "Choose File" button and select your "client-2048.crt" file 5. Click "Upload Certificate" 6. Certificate info should now be displayed
Scroll down to the “API-NG Configuration” section if required and the certificate details should be shown. You should now be able to log in to your Betfair account using the API-NG endpoint.
Well done that was the toughest section but we are now ready to start communicating with Betfair through the API. We will start to do this in the next session. You can ‘quit’ the openSSL session. NOTE If you have sub accounts you will need to do step 10 for each account should you want to access the API through them.
Enjoying your sessions – keep up the good work.
Just a quick couple of points:
1. You need to include the command to generate the client-2048.key file as the other steps are dependent upon it.
The command is:
openssl genrsa -out client-2048.key 2048
This needs to be performed after you have installed OpenSSL but before you start on the steps to produce the certificate.
2. I would change Step 8 to be a bit more explicit and put c:\openssl-Win64\bin\openssl in front of the x509 to make it crystal clear, rather than just saying run the OpenSSL command…
Many thanks, yes I forgot the genrsa command, duly entered. With regard to point 8 the openSSL command window should still be open so you only need to enter the command at the openSSL prompt
Goodness, that would have been somewhat alarming for those with litle IT knowledge but the insructions were great.
One thing, to make the thing less frightening perhaps an explanation of what was going and why may be added. Nonetheless, the steps were very clear and now I have got myself attached to Betfair.
Thanks for the excellent lesson today.
– Malc
Ok I got to this point and have a couple of questions. First of all thanks for this tutorialblog and the fist question is
why have you chose non-interactive API-NG?
Second, while I was instaling the openssl, the missing C++2008 was always popingup, althought I have instaled the link you provided plus 2 other versions of C++2008(x86) and other 2 of C++2008(x64) plus a version of C++2010. Well I kept going with the instalation but wonder if it’s from my computer or if anyonelse got the same issue!?!
Hi My interest is in non interactive bots. My system is set up so that my bets areb placed regardless of whether I am home or on holiday. There has been no reported problems with the openSSL and the request from it to load the Library it needs
Hi 🙂 Thanks! I see no interest in having a bot working at this point! My work is on livetrading and it’s all about tennis markets! Anyway I’ll redirect my efforts for the interactive API-NG from here. I’m thankfull for this insight, anyway hope to see you in the BDP Forum along with others and best of luck with this enterprise (Lol Python is not easy #!!!! I was strugling with ‘SyntaxError: ‘return’ outside function’ in the lesson 6). Best of luck
Thanks for this awesome tutorial. I’ve come unstuck though with this ssl stuff.
When getting the openssl prompt ‘openSSL>’ I get a “WARNING: can’t open config file …/openssl.cnf
Then running “req -new -config c:\openSSL-Win64\bin\openssl.cnf -key client-2048.key -out client-2048.csr” at the openSSL prompt I get an error on the config file at line 22 error in req
Any ideas what I did wrong!? I updated and renamed the file.
Cheers
Check its in the right folder also did you open and save it using Wordpad ?.
Thanks for the help!
My openssl.cnf file is in ../OpenSSL-Win64/bin (same place I found it). I did open and save it in wordpad – could it be a formatting issue?
I installed this version of OpenSSL: Win64 OpenSSL v1.0.1h
Nick, just checking the obvious first. Are you using Windows 64 bit system ?
Dis you carry out step 4 without any problems ?
Here is the first few chars from the readme.txt file in my openssl folder
OpenSSL 1.0.1g 7 Apr 2014
Copyright (c)
I am also having the same problem, I have changed the file name to ‘openssl.cnf’ but it is still a CFG File, is that ok?
I get… ‘error on line -1 of c:…..’
Thanks for any help
The name of the file should now be openessl.cnf not .cfg, rerame it in windows explorer
It is called openssl.cnf but hasn’t changed the file type is that a problem?
I am also using OpenSSL: Win64 OpenSSL v1.0.1h as the ‘g’ version isn’t there?
Thanks
It may be because on my machine the file type is CNF
That was the problem, had to go to control panel and ‘unhide file extensions’ as my file was actually called ‘openssl.cnf.cfg
Might be the same for you Nick…
Thanks
Well spotted
Step 4 was no problems, and my computer is a 64 bit running Win8.My openssl file is called openssl.cnf and appears to look as it did (with the extra lines inserted) – can they be “anywhere” in that file?
The error I get seems to be that it just can’t find the file. Weird.
I might try redoing step 5 from scratch and see how it goes. If not I might skip out and use the gui application suggested on betfair’s dev page as another way to generate the key.
Jump back in on 6?
This link didn’t work for me: https://myaccount.betfair.com/account/authentication?showAPI=1
but this one does:
https://myaccount.betfair.com/accountdetails/mysecurity?showAPI=1
Great blog, thanks for the info
Got it sorted in the end! Starting to quite like Python and finally get the hang of the NG API and json.
I owe you a beer, smartersig. Probably 6. That’s again for the tutorial, it was the leg up I needed.
Thanks Nick, glad it helped. I will add any updates as they come along. For example just put the place an SP bet into the MyAPIlib library. When its tested I will post up on here for donwload
When getting the openssl prompt ‘openSSL>’ I get a “WARNING: can’t open config file …/openssl.cfg [Note it is saying it can’t find a cfg file not a cnf]. I have read all the comments above but I don’t think they help. My config file is called openssl.cnf and the file type is CNF. I opened and saved it using Wordpad. I put the additional text lines at the front of the file.
Any ideas why I get the error message?
I tried running the genrsa command anyway which seemed to work (?) however when I ran the req command I got another error…
C:\Users\Ross\Documents\Python Code>c:\openssl-Win32\bin\openssl
WARNING: can’t open config file: C:\OpenSSL-Win32\bin\openssl.cfg
OpenSSL> genrsa -out client-2048.key 2048
Loading ‘screen’ into random state – done
Generating RSA private key, 2048 bit long modulus
……………………………………+++
………………………………………………+++
e is 65537 (0x10001)
OpenSSL> req -new -config c:\openSSL-Win32\bin\openssl.cnf -key client-2048.key
-out client-2048.csr
error on line 15 of c:\openSSL-Win32\bin\openssl.cnf
9836:error:0E065068:configuration file routines:STR_COPY:variable has no value:
\crypto\conf\conf_def.c:618:line 15
error in req
Any idea what I have done wrong? I have installed Win32openSSLv1.0.0n
I’ve manged to get to step 8 but I’ve got “Error Loading extension section ssl_client”
What is the best way to get around this?
Also while setting up the key I noticed you’ve entered the betfair password is that nessesary?
Thanks!
Hi mate, the betfair account section link doesn’t work anymore.
https://myaccount.betfair.com/accountdetails/mysecurity?showAPI=1
There is an area in the link above, called “Automed Betting Program Access” in security section which you can upload a SSL to, but it doesn’t take the PEM file. Any ideas?
I cannot thank you enough for this guide mate.
Arthur
Found the API documentation on the Betfair side so will work at that one
Try the following
1. Login to betfair using your web browser
2. Go to: https://myaccount.betfair.com/accountdetails/mysecurity?showAPI=1
3. Find the “Automated Betting Program Access” header and click “Edit”
4. Click the “Choose File” button and select your “client-2048.crt” file
5. Click “Upload Certificate”
6. Certificate info should now be displayed
Thanks for the alterations mate its working now. Really appreciate these guides!