I have done this, according to http://www.tc.umn.edu/~brams006/selfsign.html, part 1B (generating your own CA):
a) create a CA authority (ca.key and ca.crt)
b) make a certificate request (server.csr)
c) sign the certificate request (server.crt and server.key) with the new CA authority
d) change the server key so it does not ask for a passphrase.
Afterwards, the server.crt and server.key files are included in /usr/share/fred-client/ssl directory, and the fred-client configuration file is modified like this:
ssl_cert = %(dir)s/server.crt
ssl_key = %(dir)s/server.key
Now, if I try to run fred-client this is the result:
ERROR: socket.sslerror: [Errno 1] _ssl.c:480: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (200.107.82.18:700)
Certificate not signed by verified certificate authority
What should I do for fred-client to identify these certificates as valid?.
Thanks in advance.
Note: the new fred-client is perfectly compatible with FRED 2.2.
--
Mario Guerra <mguerra(a)nic.cr>
Hi,
after some time I updated website http://fred.nic.cz/download with
source files of our most recent version FRED-2.16 and installation
procedures for supported operating systems Ubuntu 12.04 and Fedora 20.
Few weeks ago we put this version of FRED into production and I can
recommend it for use by other registries.
There is a lot of new features since last announced version so this is
just highlights:
- Contact data management features (verification, merging identical
contacts). Presented at last ICANN -
http://buenosaires48.icann.org/en/schedule/mon-tech/presentation-contact-va…
- Administrative blocking of domains - law enforcement agencies
sometimes ask registry to disable domain or prevent any changes in
domain. In this version web administration interface has 'Block' and
'Unblock' buttons in domain detail
- Billing changes - in previous versions there was a problem with
selecting proper price in price list when registry was in different
timezone than 'Europe/Prague'. Billing is also optional feature in this
version and if you want to enable it you have to set
epp_operations_charging = on in fred configuration file for fred-rifd
daemon. **Check this when upgrading to this version**
- Better IDN. To enable IDN in previous versions you had to set some
compile time option. Now system registrar can register IDN domains
immediately and all registrars can register IDN domain when
configuration option ;allow_idn = false' is set. Still, there is no
checking against list of allowed code pages
- A lot of bugfixes
If you have any questions when testing, let me know.
Regards,
Jaromir
--
Jaromir Talir
technicky reditel / Chief Technical Officer
-------------------------------------------
CZ.NIC, z.s.p.o. -- .cz domain registry
Americka 23, 120 00 Praha 2, Czech Republic
mailto:jaromir.talir@nic.cz http://nic.cz/
sip:jaromir.talir@nic.cz tel:+420.222745107
mob:+420.739632712 fax:+420.222745112
-------------------------------------------