/
How to use TLS certificates from JKS with password protection in FIXEdge C++ and FIX Antenna C++ products.

How to use TLS certificates from JKS with password protection in FIXEdge C++ and FIX Antenna C++ products.

Jan 17, 2022

JKS is a key store that uses Java applications. FIX Antenna C++ based applications (like FIXEdge) supports PKCS 12 format  

Convert JKS to PKCS 12 format file with *.pfx extension using keytool application. Keytool is included in JDK package.

keytool -importkeystore -srckeystore initiator.jks -srcstoretype JKS -destkeystore initiator.pfx -deststoretype PKCS12 -destkeypass <password> -deststorepass <password>

Where:

  • initiator.jks - filename of JKS key store

  • initiator.pfx - resulting filename of PKCS12 key store file

  • <password> - a new password for PKCS12 key store, we recommend keeping the same password that was used for jks in order to avoid issues related to a wrong password.
    PKCS12 file password and key password should be the same.

Add the newly created pfx to the session configuration in FIXEdge.properties.
The example below demonstrates properties for 2-way TLS.

FIXEdge.properties
# ... other FIX session properties # TLS Configuration part FixLayer.FixEngine.Session.TLSSession.Role = Initiator FixLayer.FixEngine.Session.TLSSession.Host = <Target IP> FixLayer.FixEngine.Session.TLSSession.Port = <Target port> FixLayer.FixEngine.Session.TLSSession.SSL = true FixLayer.FixEngine.Session.TLSSession.SSLProtocols = TLSv1_2 FixLayer.FixEngine.Session.TLSSession.SSLCertificate = FIXEdge1/conf/initiator.pfx FixLayer.FixEngine.Session.TLSSession.SSLCertificatePassword = <password> FixLayer.FixEngine.Session.TLSSession.SSLValidatePeerCertificate = true FixLayer.FixEngine.Session.TLSSession.SSLCACertificate = FIXEdge1/conf/initiatorCA.pem

  • Certificates in the example are placed to FIXEdge1/conf/.

  • initiatorCA.pem - it is the CA certificate for the counterparty exported to a pem format.