Wednesday 18th October 2017 

Betfair API-NG - Creating SSL Certificates For Login

If you are developing an automated Betfair API-NG bot, it will require self-created SSL Certificates in order to login securely. The creation is a one-off operation and the certificates can be re-used in all of your bots. The procedure is a little complicated, however these tutorials should make life easier for you:

Linux Tutorial
Windows Tutorial

Linux (Debian, Mint, Ubuntu, etc)

1. Open a command terminal. All of the following commands should be issued within this terminal, so do not close it until you have successfully created your SSL Certificates.

2. Create a new working directory:
$ mkdir api-ng-ssl

3. Navigate to the working directory:
$ cd api-ng-ssl

4. Edit the OpenSSL config file using your favourite text editor. Substitute 'gedit' with 'vim' or 'nano' or whatever:
$ sudo gedit /etc/ssl/openssl.cnf

5. Find the line containing "[ v3_req ]" and on the line ABOVE that, enter the text below.
NOTE: you must include the "[ ssl_client ]" line, otherwise you will get an "extension not found error" in step 12.
[ ssl_client ]
basicConstraints = CA:FALSE
nsCertType = client
keyUsage = digitalSignature, keyEncipherment
extendedKeyUsage = clientAuth

6. Save the file and close your text editor.

7. Create the RSA key file:
$ openssl genrsa -out client-2048.key 2048

8. You should now have one new file in your working directory:
$ ls

9. Create the CSR file (Certificate Signing Request):
$ openssl req -new -config /etc/ssl/openssl.cnf -key client-2048.key -out client-2048.csr

10. Enter the values of your choice when prompted. The bold text below is an example. The 'extra' challenge password is optional. It is only used for certificate creation and NOT used by Betfair. You can safely leave this blank.
Country Name (2 letter code) [AU]: GB
State or Province Name (full name) [Some-State]: London
Locality Name (eg, city) : London
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) : API-NG Security
Common Name (e.g. server FQDN or YOUR name) : Betfair API-NG Certificate
Email Address :

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password :
An optional company name :

11. Your working directory should now contain two files:
$ ls
client-2048.csr  client-2048.key

12. Create a self-signed ssl certificate:
$ openssl x509 -req -days 365 -in client-2048.csr -signkey client-2048.key -out client-2048.crt -extfile /etc/ssl/openssl.cnf -extensions ssl_client

13. Your working directory should now contain three files:
$ ls
client-2048.crt  client-2048.csr  client-2048.key

14. Upload the ssl certificate to your betfair account:
1. Login to betfair using your web browser
2. Go to:
3. Find the "Automated Betting Program Access" header and click "Edit"
4. Click the "Choose File" button and select your "client-2048.crt" file
5. Click "Upload Certificate"
6. Certificate info should now be displayed

15. Test your api-ng login using the ssl certificate (don't forget to enter your betfair username and password!):
$ curl -q -k --cert client-2048.crt --key client-2048.key -d "username=YOURUSERNAME&password=YOURPASSWORD" -H "X-Application: curlCommandLineTest"

16. The output should look something like:
{"sessionToken": "Zx8i4oigut5nc+l4L8qFb0DSxG+mwLn2t0AMGFxjrMJI=", "loginStatus": "SUCCESS"}
17. In order to use the SSL certificate with the BespokeBots API-NG library, you should now copy the "client-2048.key" and "client-2048.crt" files into the "ssl_certs" folder. In order for the library to import the certificate, you should also rename the files, replacing "client-2048" with your Betfair username. This allows the library to identify the correct SSL certificate for your account. This is particularly useful if you have multiple Betfair accounts and reference a single API-NG library in multiple bots, rather than copying the whole library into each bot.