Voyz
Certificates from an internal Domain Certificate Authority
Hi Voyz
Firstly, thanks for your excellent work. The need to hold the TWSAPI gateway open on a local machine has been a real pain and your solution removes that pain very effectively.
I wanted to ask you a question regarding certificates. You call the certificate in your examples "cacert.xxx", does the 'ca' imply that it is the certificate FOR the certificate authority or a certificate generated FROM a certificate authority?
I was thinking that I could improve security if I generate certificates from my domain certificate authority and then only browsers which have the CA's certificate embedded would be able to authenticate the certificates in IBeam.
I'm not sure what the impact on the IBKR side would be though?
Perhaps you have some thoughts?
Regards Ian Carson
Hey @carsoni interesting questions!
You call the certificate in your examples "cacert.xxx", does the 'ca' imply that it is the certificate FOR the certificate authority or a certificate generated FROM a certificate authority?
Hate to say it, but I call them 'cacert' simply because that's how they're called in some tutorials I've checked when learning how to generate them - never questioned the name. Having that expanded by you I see that this may not be the correct name. It has nothing to do with the certificate authority unfortunately.
I'm not sure what the impact on the IBKR side would be though?
Doing what you describe should only affect how the requests to the Gateway are handled. It is still running on your premises and I don't think IBKR would even know that you're doing it one way or the other. So my intuitive understanding would suggest that it should matter little from that perspective.
... then only browsers which have ...
Sorry, what browsers? By using IBeam you shouldn't need to use any browser at all
I'm going to close this issue due to lack of activity. Feel free to reopen if you'd like to continue the discussion 👍 Thanks for participating!