I have done this, according to http://www.tc.umn.edu/~brams006/selfsign.html, part 1B (generating your own CA):
a) create a CA authority (ca.key and ca.crt)
b) make a certificate request (server.csr)
c) sign the certificate request (server.crt and server.key) with the new CA authority
d) change the server key so it does not ask for a passphrase.
Afterwards, the server.crt and server.key files are included in /usr/share/fred-client/ssl directory, and the fred-client configuration file is modified like this:
ssl_cert = %(dir)s/server.crt
ssl_key = %(dir)s/server.key
Now, if I try to run fred-client this is the result:
ERROR: socket.sslerror: [Errno 1] _ssl.c:480: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (200.107.82.18:700)
Certificate not signed by verified certificate authority
What should I do for fred-client to identify these certificates as valid?.
Thanks in advance.
Note: the new fred-client is perfectly compatible with FRED 2.2.
--
Mario Guerra <mguerra(a)nic.cr>
In this post I'm describing the other apparent problem I found.
I'm upgrading a copy of our FRED 2.2 database (which we are using for production), and trying to upgrade it to 2.11.2, the last version. For that I typed this SQL script:
postgres@freddb:/root/fred-db-2.11.2/upgrades$ more 2-2-a-2-11.sql
\i 2_2_0-2_3_0.sql
\i 2_3_0-2_4_0.sql
\i 2_4_0-2_5_0-ddl.sql
\i 2_4_0-2_5_0-logger-ddl.sql
\i 2_4_0-2_5_0-dml.sql
\i 2_4_0-2_5_0-logger-dml.sql
\i 2.5.0-2.5.1-ddl.sql
\i 2.5.0-2.5.1-dml.sql
\i 2.5.1-2.6.0-ddl.sql
\i 2.5.1-2.6.0-logger-ddl.sql
\i 2.5.1-2.6.0-dml.sql
\i 2.5.1-2.6.0-logger-dml.sql
\i 2.6.0-2.7.0-ddl.sql
\i 2.6.0-2.7.0-dml.sql
\i 2.6.0-2.7.0-logger-dml.sql
\i 2.7.0-2.8.0-ddl.sql
\i 2.7.0-2.8.0-dml.sql
\i 2.8.0-2.8.1-ddl.sql
\i 2.8.0-2.8.1-dml.sql
\i 2.8.1-2.8.2-dml.sql
\i 2.8.1-2.9.0-01-prepare.sql
\i 2.8.1-2.9.0-02-changes-ddl.sql
\i 2.8.1-2.9.0-03-changes-dml.sql
\i 2.8.1-2.9.0-04-finish-ddl.sql
\i 2.9.0-2.10.0-ddl.sql
\i 2.9.0-2.10.0-dml.sql
\i 2.10.0-2.11.0-01-ddl.sql
\i 2.10.0-2.11.0-02-dml.sql
\i 2.10.0-2.11.0-03-ddl.sql
\i 2.11.0-2.11.1-dml.sql
\i 2.11.1-2.11.2-dml.sql
-------------------------------
This theoretically, upgrades the DB. But when I run fred-client using this upgraded database, this is when I run fred-client (after setting up fred-server and fred-pyfred):
-------------------------------
root@fredbeta:~# fred-client
Unsupported language code: 'es' in os.environ.LANG. Available codes are: cs, en. Set default to: 'en'.
FredClient 2.4.1
Type "help", "license" or "credits" for more information.
Using configuration from /usr/etc/fred/fred-client.conf
Connecting to 127.0.0.1, port 700 ...
ERROR: Login failed.
-------------------------------
The /var/log/fred.log relevant fragment gives me this:
[2012-Sep-06 10:36:19] [fred-server] [error] [logd-<60380061>/session-0/request-311805] -- Result failed: INSERT INTO request_data (request_time_
begin, request_service_id, request_monitoring, request_id, content, is_response) VALUES ('2012-09-06 16:36:19.858714', 3, 'f', 311805, E'<?xml version
="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 e
pp-1.0.xsd"><command><login><clID>NIC-REG1</clID><pw>reg1.cr</pw><options><version>1.0</version><lang>en</lang></options><svcs><objURI>http://www.nic.
cz/xml/epp/contact-1.6</objURI><objURI>http://www.nic.cz/xml/epp/nsset-1.2</objURI><objURI>http://www.nic.cz/xml/epp/domain-1.4</objURI><objURI>http:/
/www.nic.cz/xml/epp/keyset-1.3</objURI><svcExtension><extURI>http://www.nic.cz/xml/epp/enumval-1.2</extURI></svcExtension></svcs></login><clTRID>bttz0
01#12-09-06at10:36:19</clTRID></command></epp>
', 'f') (ERROR: column "entry_time_begin" of relation "request_data_epp_12_09" does not exist <-------------------------
LINE 1: INSERT INTO request_data_epp_12_09(entry_time_begin, entry_s... <-----------------------------------
^
QUERY: INSERT INTO request_data_epp_12_09(entry_time_begin, entry_service, entry_monitoring, entry_id, content, is_response) VALUES ('2012-09-06 16:
36:19.858714', 3, 'f', 311805, '<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 e
pp-1.0.xsd"><command><login><clID>NIC-REG1</clID><pw>reg1.cr</pw><options><version>1.0</version><lang>en</lang></options><svcs><objURI>http://www.nic.
cz/xml/epp/contact-1.6</objURI><objURI>http://www.nic.cz/xml/epp/nsset-1.2</objURI><objURI>http://www.nic.cz/xml/epp/domain-1.4</objURI><objURI>http:/
/www.nic.cz/xml/epp/keyset-1.3</objURI><svcExtension><extURI>http://www.nic.cz/xml/epp/enumval-1.2</extURI></svcExtension></svcs></login><clTRID>bttz0
01#12-09-06at10:36:19</clTRID></command></epp>
', 'f')
CONTEXT: PL/pgSQL function "tr_request_data" line 18 at EXECUTE statement
---------------------------------------------------------------------
Now, if I drop the table request_data_epp_12_09 so it is newly created, and run fred-client again this is what I get:
---------------------------------------------------------------------
[2012-Sep-06 10:40:00] [fred-server] [error] [logd-<62621798>/session-0/request-311806] -- Result failed: INSERT INTO request_data (request_time_
begin, request_service_id, request_monitoring, request_id, content, is_response) VALUES ('2012-09-06 16:40:00.170266', 3, 'f', 311806, E'<?xml version
="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 e
pp-1.0.xsd"><command><login><clID>NIC-REG1</clID><pw>reg1.cr</pw><options><version>1.0</version><lang>en</lang></options><svcs><objURI>http://www.nic.
cz/xml/epp/contact-1.6</objURI><objURI>http://www.nic.cz/xml/epp/nsset-1.2</objURI><objURI>http://www.nic.cz/xml/epp/domain-1.4</objURI><objURI>http:/
/www.nic.cz/xml/epp/keyset-1.3</objURI><svcExtension><extURI>http://www.nic.cz/xml/epp/enumval-1.2</extURI></svcExtension></svcs></login><clTRID>doej0
01#12-09-06at10:40:00</clTRID></command></epp>
', 'f') (ERROR: column "entry_time_begin" does not exist
CONTEXT: SQL statement "CREATE TABLE request_data_epp_12_09 (CHECK (entry_time_begin >= TIMESTAMP '2012-09-01 00:00:00' AND entry_time_begin < TIMEST
AMP '2012-10-01 00:00:00' AND entry_service = 3 AND entry_monitoring = 'f') ) INHERITS (request_data) "
PL/pgSQL function "create_tbl_request_data" line 27 at EXECUTE statement
SQL statement "SELECT create_tbl_request_data(entry_time_begin, entry_service, entry_monitoring)"
PL/pgSQL function "tr_request_data" line 23 at PERFORM
------------------------------------------------------
It seems that the upgrade scripts almost dotheir job, but I feel something got overlooked.
What do you think?.
Best regards.
--
Mario Guerra <mguerra(a)nic.cr>
I want to inform about a couple of possible bugs for FRED 2.11 (I tried to use TRAC, but it is not clear how to ccreate a new user):
1. fred-admin listing contacts
I did in a controlled environment a brand new FRED 2.11 installation. After running the orderedsql.sh script for installing the PostgreSQL initial environment I ran fred-admin for creating an initial registrar, a zone, and registered the zone with that registrar. After that, I created a contact. This is what I get:
a) fred-client
NIC-REG1(a)127.0.0.1> list_contacts
Number of records: 1
MGUERRA_AT_NIC.CR
NIC-REG1(a)127.0.0.1> info_contact MGUERRA_AT_NIC.CR
Contact ID: MGUERRA_AT_NIC.CR
Repository object ID: C0000000001-EPP
Created by: NIC-REG1
Designated registrar: NIC-REG1
Created on: 2012-09-04T18:18:51-06:00
Name: Mario Guerra
Street: AV. 12-14, Calle 25
City: San Jose
Postal code: 2060-1000
Country code: CR
Password for transfer: hPdgeOiT
Email: mguerra(a)nic.cr
Status: ok - Objekt is without restrictions
Disclose: voice
fax
email
vat
ident
notify_email
addr
b) fred-admin
root@fredbeta:~# fred-admin --contact_list
<objects>
</object>
Have you reproduced this problem?.
For the next possible bug, I'm posting another email.
Best regards.
--
Mario Guerra <mguerra(a)nic.cr>