Warning |
---|
Since FIX Antenna C++/.NET version 2.13.0 and FIXEdge version, 5.9.0 SSL built-in support has been introduced. Refer to How to configure built-in SSL support for FIX session sessions in FIXEdge for details. However, you can continue use stunnel with accordance to the current article if you wish. |
...
Download latest version of the installer from https://www.stunnel.org/downloads.html
Run the installer and answer questions to generate a certificate.
Configuration example #1. FIXEdge's initiator connects to SSL acceptor over Stunnel
...
- Run stunnel GUI Start from Start menu Run
Editstunnel.conf from stunnel system tray icon context menu
Add optionCode Block title stunnel.
confprotocol = proxy
- Comment example SSL services Add
- Reload stunnel.conf from stunnel system tray icon context menu
Add a new SSL service
Code Block | ||
---|---|---|
| ||
[fix_initiator_session1_tunnel]
client = yes
accept = 127.0.0.1:443
connect = <counterparty_ip>:443 |
<counterparty_ip> - ip address of counterparty
...
Open FIXEdge.properties to specify Initiator FIX session parameters:
Initiator FIX session
Code Block title FIXEdge.properties FixLayer.FixEngine.Session.SSLInitiator.Role = Initiator FixLayer.FixEngine.Session.SSLInitiator.Host = 127.0.0.1 FixLayer.FixEngine.Session.SSLInitiator.Port = 443
Info - Connect to VPN (if necessary; if not, just skip this step);
Start FIXEdge.
Configuration example #2. FIXEdge is a proxy between 2 counterparties.
...
Info |
---|
The next configuration parameters are used in the configuration examples: <exchange_ip> - Exchange's IP <FIXEdge_ip> - FIXEdge IP TCP port for SSL Connections on FIXEdge site: 443 TCP port for SSL Connections on Exchange site: 443 FIXEdge ListenPort from engine.properties: 8901 |
Configuration on FIXEdge side
FIXEdge.properties
Configured 2 sessions FIXEdge has two configured sessions: EXCHANGE and CLIENT
Code Block | ||||
---|---|---|---|---|
| ||||
FixLayer.FixEngine.Sessions = EXCHANGE, CLIENT # -----------------[ FIXEdge connects to EXCHANGE as Initiator ] ------------------ FixLayer.FixEngine.Session.EXCHANGE.Role = Initiator FixLayer.FixEngine.Session.EXCHANGE.HBI = 30 FixLayer.FixEngine.Session.EXCHANGE.Host = 127.0.0.1 FixLayer.FixEngine.Session.EXCHANGE.Port = 444 FixLayer.FixEngine.Session.EXCHANGE.Version = FIX44 FixLayer.FixEngine.Session.EXCHANGE.SenderCompID = FIXEDGE FixLayer.FixEngine.Session.EXCHANGE.TargetCompID = EXCHANGE # ... the rest parameters for EXCHANGE # ----------------- [ FIXEdge awaitsaccepts connection from the CLIENT] ----------FixLayer.FixEngine.Session.EXCHANGE.Role = Initiator FixLayer.FixEngine.Session.CLIENT.Role = Acceptor FixLayer.FixEngine.Session.CLIENT.Version = FIX44 FixLayer.FixEngine.Session.CLIENT.SenderCompID = FIXEDGE FixLayer.FixEngine.Session.CLIENT.TargetCompID = CLIENT # ... the rest parameters for CLIENT |
Info |
---|
BL_Config.xml
Simple routing configuration
...
Code Block |
---|
SenderCompID = Client TargetCompID = FIXEDGE Remote host = 127.0.0.1 Remote port = 444 |
FIXEdge uses Windows certificate store for connection to an Exchange.
Import the certificate to windows certificate with a certutil tool
Code Block certutil -addstore -user -f "My" <filename>.crt
Configure Windows Certificate store in Stunnel
Code Block title stunnel.conf engine = capi
and configure tunnel for the session requiring SSL Connection
Code Block title stunnel.conf [Exchange SSL connection] client = yes engineId = capi accept = 127.0.0.1:8443 connect = <exchange ip>:<exchange port>
<exchange ip> - Enchange connection IP
<exchange port> - Enchange connection portConfigure Initiator session in FIXEdge.properties
Code Block title FIXEdge.properties FixLayer.FixEngine.Session.EXCHANGE.Version = FIX44 FixLayer.FixEngine.Session.EXCHANGE.Role = Initiator FixLayer.FixEngine.Session.EXCHANGE.SenderCompID = FIXEDGE FixLayer.FixEngine.Session.EXCHANGE.TargetCompID = EXCHANGE FixLayer.FixEngine.Session.EXCHANGE.Host = 127.0.0.1 FixLayer.FixEngine.Session.EXCHANGE.Port = 8443 FixLayer.FixEngine.Session.EXCHANGE.HBI = 30 FixLayer.FixEngine.Session.EXCHANGE.RecreateOnLogout = true
Info