I have an application written using QuickFIX / J to connect to a Bloomberg server. Bloomberg recently added CA certificate verification to its servers and provided an additional CA certificate file to establish a connection.
My application is using SSL and when disabling CA certificate verification by Bloomberg, the application successfully connects to the server and receives messages. Failed to perform a connection check when enabling CA verification.
Below are the steps I tried.
- I used to use a
ImportKeyJava class to add a certificate and key. I modified it to add some certificates. If necessary, I can publish the Java Class. - When I connect to the server using openssl s_client, it successfully connects to the server.
Is there something that needs to be changed at the application level? Configuration? Or is there something to be done at the Java keystore level?
An error message appears when a connection is added below:
20160823-06: 04:15, FIX.4.4: XXXX-> XXXX, error> (Disconnect: socket exception (/XXXX.XXXX.XXX.XX:20237): javax.net.ssl.SSLHandshakeException: SSL handshake failed .) Successfully terminated sessionId: FIX.4.4: XXXX-> XXXX
Any help is appreciated!
Configuration:
[default]
ConnectionType=initiator
LogonTimeout=86400
ResetOnLogon=Y
UseDataDictionary=Y
MaxLatency=240
StartTime=02:21:00
EndTime=12:21:00
HeartBtInt=30
ReconnectInterval=5
[session]
BeginString=FIX.4.4
SocketConnectHost=xxx.xxx.xxx.xxx
SocketUseSSL=Y
SocketKeyStorePassword=importkey
CheckLatency=N
FileLogHeartbeats=Y
FileStorePath=/etc/bloomburg-live/msgs
FileLogPath=/etc/bloomburg-live/logs
DataDictionary=/etc/bloomburg-live/conf/FIX44.xml
SocketKeyStore=/root/.keystore
TargetCompID=BLPSTP
SocketConnectPort=xxxxx
SenderCompID=CAPSTP
FileIncludeMilliseconds=Y
FileIncludeTimeStampForMessages=Y
ScreenLogShowHeartBeats=Y
PS - Work with applications without checking the CA certificate. An error occurred while enabling CA certificate verification.
source
share