I have done this, according to http://www.tc.umn.edu/~brams006/selfsign.html, part 1B (generating your own CA):
a) create a CA authority (ca.key and ca.crt)
b) make a certificate request (server.csr)
c) sign the certificate request (server.crt and server.key) with the new CA authority
d) change the server key so it does not ask for a passphrase.
Afterwards, the server.crt and server.key files are included in /usr/share/fred-client/ssl directory, and the fred-client configuration file is modified like this:
ssl_cert = %(dir)s/server.crt
ssl_key = %(dir)s/server.key
Now, if I try to run fred-client this is the result:
ERROR: socket.sslerror: [Errno 1] _ssl.c:480: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (200.107.82.18:700)
Certificate not signed by verified certificate authority
What should I do for fred-client to identify these certificates as valid?.
Thanks in advance.
Note: the new fred-client is perfectly compatible with FRED 2.2.
--
Mario Guerra <mguerra(a)nic.cr>
Greetings,
I see that the FRED server has a hard time parsing xmls that have a
namespace prefix. Please confirm that this is invalid xml for your sever
(even though it should NOT be):
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ns2:epp xmlns:ns2="urn:ietf:params:xml:ns:epp-1.0" xmlns="
http://www.nic.cz/xml/epp/domain-1.4">
<ns2:command>
<ns2:login>
<ns2:clID>XXXXXXXXX</ns2:clID>
<ns2:pw>XXXXXXXXXXXXXX</ns2:pw>
<ns2:options>
<ns2:version>1.0</ns2:version>
<ns2:lang>en</ns2:lang>
</ns2:options>
<ns2:svcs>
<ns2:objURI>http://www.nic.cz/xml/epp/contact-1.6</ns2:objURI>
<ns2:objURI>http://www.nic.cz/xml/epp/domain-1.4</ns2:objURI>
<ns2:objURI>http://www.nic.cz/xml/epp/nsset-1.2</ns2:objURI>
<ns2:objURI>http://www.nic.cz/xml/epp/keyset-1.3</ns2:objURI>
<ns2:svcExtension>
<ns2:extURI>http://www.nic.cz/xml/epp/enumval-1.2</ns2:extURI>
</ns2:svcExtension>
</ns2:svcs>
</ns2:login>
<ns2:clTRID>001#13-12-07at15:18:17</ns2:clTRID>
</ns2:command>
</ns2:epp>
--
Regards,
Spase
Greetings,
I see that the FRED server has a hard time parsing xmls that have a
namespace prefix. Please confirm that this is invalid xml for your sever
(even though it should NOT be):
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ns2:epp xmlns:ns2="urn:ietf:params:xml:ns:epp-1.0" xmlns="
http://www.nic.cz/xml/epp/domain-1.4">
<ns2:command>
<ns2:login>
<ns2:clID>XXXXXXXXX</ns2:clID>
<ns2:pw>XXXXXXXXXXXXXX</ns2:pw>
<ns2:options>
<ns2:version>1.0</ns2:version>
<ns2:lang>en</ns2:lang>
</ns2:options>
<ns2:svcs>
<ns2:objURI>http://www.nic.cz/xml/epp/contact-1.6</ns2:objURI>
<ns2:objURI>http://www.nic.cz/xml/epp/domain-1.4</ns2:objURI>
<ns2:objURI>http://www.nic.cz/xml/epp/nsset-1.2</ns2:objURI>
<ns2:objURI>http://www.nic.cz/xml/epp/keyset-1.3</ns2:objURI>
<ns2:svcExtension>
<ns2:extURI>http://www.nic.cz/xml/epp/enumval-1.2</ns2:extURI>
</ns2:svcExtension>
</ns2:svcs>
</ns2:login>
<ns2:clTRID>001#13-12-07at15:18:17</ns2:clTRID>
</ns2:command>
</ns2:epp>
--
Regards,
Spase
