Skip to main content

Generating and Converting SSL Certificates for Bloomberg DLWS

Overview

Data License Web Services (DLWS) requires a Secure Sockets Layer (SSL) certificate to establish a secure, authenticated connection. To connect to the service, you must first generate a Certificate Signing Request (CSR) using OpenSSL. OpenSSL is a third-party software utility that is unsupported by Bloomberg, but it is commonly included with open-source tools such as Git and Cygwin.

This article provides step-by-step instructions to generate your CSR, upload it to the Bloomberg Enterprise Console (EC) to create your certificate, and convert the resulting Privacy-Enhanced Mail (PEM) certificate into a Public-Key Cryptography Standards #12 (PKCS12) format if required by your specific application.

Generating a Certificate Signing Request

Before generating your certificate, ensure you have created an account profile on the Customer Service Centre website.

Follow these steps to generate a new CSR and private key using OpenSSL:

  1. Open your command prompt or terminal where OpenSSL is installed.

  2. Run the following command to initiate the request:

    openssl req -new -newkey rsa:2048 -nodes -out
    <name_of_csr_file.csr> -keyout <name_of_key_file.key>

  3. A series of questions will appear. Your answers to these questions will be

    embedded in the CSR.

  4. Enter the appropriate answer to each question. The maximum field length is 64 characters. See the following section below for more information.

  5. Once completed, a .csr file and a .key file are generated in the current working directory, usually C:\Users\<username>.

OpenSSL Questions

Field

Description

Requirements

Country Name (C)

Official two-letter country code.

Alphanumeric + underscore (e.g., US) + no white spaces.

State or Province Name (S)

Full name of the state or province.

Alphanumeric + underscore (e.g., NEW_YORK) + no white spaces.

Locality Name (L)

Locality or city name.

Alphanumeric + underscore (e.g., NEW_YORK_CITY) + no white spaces.

Organisation Name (O)

Full legal name of your company.

Alphanumeric + special characters: & _ ‘ ( ) + , – . / ^ ~ < > = \ (e.g., Bloomberg L.P.).

Organisation Unit (OU)

Full name of department.

Alphanumeric + underscore (e.g., DataLicense) + no white spaces

Common Name (CN)

Fully qualified domain name.

Your DL account number in this format: ######:DLWS.

For example, if your DL account number is "dl765432," the entry is 765432:DLWS.

Email Address (E)

Your email address.

Prefix: Alphanumeric + special characters: _ . + – ,

Domain: alphanumeric + special characters: – .

Adding Your Certificate to Bloomberg Enterprise Console (EC)

After generating your CSR, you must upload it to the Bloomberg Enterprise Console to provision your active certificate.

  1. Log in to the Enterprise Console.

  2. On the Welcome to Enterprise Console screen, under Recent Firms, click your firm name to open the Developer Console.

  3. Click Connectivity in the upper-left menu, under HTTP, select DLWS Certificate Manager. This opens the Manage Data License Account Connectivity screen.

  4. Locate the Account No. column and click the appropriate account.

  5. Click the ADD NEW CERTIFICATE button.

  6. On your desktop, open your locally saved .csr file using a text editor (such as Notepad) and copy the entire text content.

  7. On the Add New Certificate screen, paste the copied text directly into the text field under Enter CSR.

  8. Validate the text string by ensuring it includes the mandatory beginning and closing tags:

    • Starts with: -----BEGIN CERTIFICATE REQUEST-----

    • Ends with: -----END CERTIFICATE REQUEST-----

  9. If the CSR is valid, a green confirmation message stating "CSR format is valid" appears. If it is invalid, the message “CSR format does not contain all details.

    Please check and try again” appears in red text, and the GENERATE &

    DOWNLOAD button is disabled.

  10. Click the GENERATE & DOWNLOAD button, then click DONE. The finalised certificate file will download to your local Downloads folder. Save this file securely for future data requests.

  11. Confirm that the certificate was successfully generated and appears under the Active Certificates tab with an expiration period of 18 months (540 days).

Converting PEM Certificates to PKCS12 Format

Certificates downloaded from the Enterprise Console are delivered in PEM format. You can use this file as-is, or convert it into a PKCS12 (.p12) certificate if required by integrations such as SoapUI.

Follow these steps to create a PKCS12 certificate using your existing PEM certificate plus your private key:

  1. Open your terminal or command prompt.

  2. Run the following conversion command, replacing the <.pem filename> with the name of the .pem file that was generated:

    openssl pkcs12 -export -out p12file.p12 -in <.pem filename> -inkey keyfile.key

  3. Enter a password when prompted to export, and remember it for future data requests to DLWS.

The .p12 file is saved to your current working directory, usually C:\Users\<username>.

Uploading Your Certificate to FundApps

Once you have generated your Bloomberg certificate, you must add it to your FundApps environment to complete the integration.

Follow these steps to upload your credentials via the UI:

  1. Navigate to Admin and settings > Upload > Position Uploads.

  2. Open Data Provider Settings.

  3. Upload your certificate file into the Certificate field.

  4. Enter your Bloomberg password into the Password field.

  5. Click Save Credentials.

Related Articles
FundApps SSO Connection - ADFS
FundApps SSO Connection - SAML 2.0
IssuerName and Government Bonds - Property Use in SSR Bonds Rules
Mapping To FIA Tech Data
Did this answer your question?