In this session we will use openSSL to create the required link between our programs and Betfair. In some ways its the most challenging session in that there are plenty of opportunities to mistype stuff

Step 1 Open Wordpad and then using Wordpad open the configuration file. It will probably be in your c:\openSSL-Win64\bin folder under the name openssl.cfg

Step 2 Within the file add the following text

[ ssl_client ]

basicConstraints = CA:FALSE

nsCertType = client

keyUsage = digitalSignature, keyEncipherment

extendedKeyUsage = clientAuth

Step 3 Save the file and then rename it as


Step 4 Open a black MSDOS command window in administrator mode. Make sure you have it open in admin’ mode (right click on command prompt and select run as administrator) otherwise you may not be able to write to your root directory.

Step 5 Make sure within the MSDOS window you are at the pythonstuff folder that you created. Navigate to it if need be using the cd command

Step 6 Enter the command c:\openssl-Win64\bin\openssl in your MSDOS window

This should invoke openssl and you should have the openssl prompt ‘openSSL>’

Enter the following openSSL command

genrsa -out client-2048.key 2048

Now enter the following openSSL command

req -new -config c:\openSSL-Win64\bin\openssl.cnf -key client-2048.key -out client-2048.csr

Step 7 At the openssl prompts enter the following. For the challenge password I used the Betfair account password

Country Name (2 letter code) [AU]:GB

State or Province Name (full name) [Some-State]:London

Locality Name (eg, city) []:London

Organization Name (eg, company) [Internet Widgits Pty Ltd]

Organizational Unit Name (eg, section) []:Security Team

Common Name (e.g. server FQDN or YOUR name) []:Test API-NG Certificate

Email Address []

Please enter the following ‘extra’ attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

 Step 8 After completing step7 enter the following openssl command

x509 -req -days 365 -in client-2048.csr -signkey client-2048.key -out client-2048.crt -extfile c:\openSSL-Win64\bin\openssl.cnf -extensions ssl_client

Step 9 Using a text editor copy the contents of your client-2048.crt file and your client-2048.key file into a new file called client-2048.pem. Note- These files will be found in your Pythonstuff folder but the .crt extension may be hidden when you check the file name in explorer.

Step 10 Before you login using the certificate, it must be attached to your Betfair account, as follows:

1. Login to betfair using your web browser
2. Go to:
3. Find the "Automated Betting Program Access" header and click "Edit"
4. Click the "Choose File" button and select your "client-2048.crt" file
5. Click "Upload Certificate"
6. Certificate info should now be displayed

Scroll down to the “API-NG Configuration” section if required and the certificate details should be shown.  You should now be able to log in to your Betfair account using the API-NG endpoint.

Well done that was the toughest section but we are now ready to start communicating with Betfair through the API. We will start to do this in the next session. You can ‘quit’ the openSSL session. NOTE If you have sub accounts you will need to do step 10 for each account should you want to access the API through them.