Hi,
I have installed Fred with yum install fred-* on a Fedora 8 and
everything seems to have worked correctly.
However, I am a bit stuck with the documentation as to what to do
exactly from there since the docs seems to be using an install on Ubuntu.
Can you please give me some direction from here?
--
Kind regards,
Eddy
Jatomir and all:
Thanks. I've tested the Live CD with the 01/01/2008 date. It works
perfectly. The net effect is that it create zones so easily and, at the
same time, stores in a database the administrative data using EPP.
Moreover it keeps it simple.
The disk installation:
In our case my approach has been installing the Ubuntu hardy (8.04)
.deb packages, fred-*.deb, which install dome dependencies too. I see
that there are no .dev for fred-server (including the Python parts), so
I installed these by hand (in /usr/.local) . Is that correct?. What
about generating .deb packages for these, too?.
For installing the certificates I do this:
1. I use the CA included in the ca-certificates Debian package which, in
my opinion, is adequate (I don't have to generate a CA certificate myself.
2. For the mod-eppd Apache module, I generate the self-signed
certificates using the usual procedures for generating them for
encrypted HTML:
openssl genrsa -des3 -out eppd.key 4096
openssl req -new -key eppd.key -out eppd.csr
openssl x509 -req -days 3650 -in eppd.csr -signkey eppd.key -out eppd.crt
openssl rsa -in eppd.key -out eppd.key.insecure
mv eppd.key eppd.key.secure;mv eppd.key.insecure eppd.key
chmod 600 *.key
/etc/init.d/apache2 force-reload
3. For the fred-client certificate configuration I rather use a method I
prefer, say,, for dovecot SSL configuration:
openssl req -new -x509 -nodes -out eppclient.pem -keyout eppclient.pem
4. After generating both certificates I first configure the mod-eppd
virtualhost:
Listen *:700
<VirtualHost *:700>
CorbaEnable On
CorbaNameservice "localhost"
CorbaObject "EPP" "EPP_alias"
EPPprotocol On
EPPObject "EPP_alias"
EPPschema "/usr/share/fred-mod-eppd/schemas/all-1.4.xsd"
EPPservername "CR.NIC's EPP server"
EPPlog "/var/log/apache2/eppd.log"
EPPloglevel error
EPPvalidResponse Off
SSLEngine off
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+
EXP:+eNULL
SSLVerifyClient require
SSLCertificateFile /etc/ssl/fred/eppd.crt
SSLCertificateKeyFile /etc/ssl/fred/eppd.key
SSLCACertificateFile /etc/ssl/certs/ca.pem
SSLVerifyDepth 1
</VirtualHost>
Notice the /etc/ssl/certs/ca.pem CA certificate, which is the standard
Ubuntu CA certificate. This should be adequate, because it expires much
later.
5. /etc/init.d/apache2 force-reload
6. For the epp-client configuration file I have this in
/usr/local/etc/fred/fred-client.conf:
[connect]
;; dir=/usr/local/share/fred-client/ssl
host = localhost
port = 700
ssl_cert = /etc/ssl/fred/eppclient.pem
ssl_key = /etc/ssl/fred/eppclient.pem
username = REG-FRED_A
password = passwd
username2 = REG-FRED_B
password2 = passwd
etc.....
7. When I run fred-client I get this:
root@mguerra:/etc/fred# fred-client
FredClient 1.6.1
Type "help", "license" or "credits" for more information.
Using configuration from /usr/local/etc/fred/fred-client.conf
Connecting to localhost, port 700 ...
ERROR: socket.sslerror: (1, 'error:140770FC:SSL
routines:SSL23_GET_SERVER_HELLO:unknown protocol') (localhost:700)
Certificate not signed by verified certificate authority.
The date gives this:
mié sep 24 11:33:57 CST 2008 (mié means Wednesday).
What can be the reason for this?. Should I use other CA certificate?. Or
perhaps I should use a certificate in ~/fredclient.pem?.
Thank you in advance.
Mario
Hello:
I'm working for the NIC in Costa Rica and we consider an excellent
alternative the FRED software made by nic.cz. It's nioe to e-meet you....
We have tested both the Live CD and the Debian/Ubuntu debs on an Ubuntu 8.04
box. For the second, we downloaded the deb packages with apt-get, ussing the
8.04 repository.
In both cases, when executing fred_client we get these results:
-----------------------------------------------------------------
root@nic-laptop:/etc/ssl# /usr/local/bin/fred-client -c /etc/ssl/fred.crt
-k /etc/ssl/fred.key -h localhost
FredClient 1.6.1
Type "help", "license" or "credits" for more information.
Using configuration from /usr/local/etc/fred/fred-client.conf
Connecting to localhost, port 700 ...
ERROR: socket.sslerror: (1, 'error:140770FC:SSL
routines:SSL23_GET_SERVER_HELLO:unknown protocol') (localhost:700)
Certificate not signed by verified certificate authority.
------------------------------------------------------------------
The same happens with the Live CD. Are we overlooking something?.
--
Mario A. Guerra
San José, Costa RIca
Hello!
I try to test the Live CD fred-1.6.iso (FredClient 1.5.1) and when I
execute fred_client I get the following error message:
ERROR: socket.sslerror: (1, 'error:14094415:SSL
routines:SSL3_READ_BYTES:sslv3 alert certificate expired') (localhost:700)
Certificate not signed by verified certificate authority.
Looks like there is an error in the client.pem file which is included
in the CD.
Is there a quick fix for this?
