I have done this, according to http://www.tc.umn.edu/~brams006/selfsign.html, part 1B (generating your own CA):
a) create a CA authority (ca.key and ca.crt)
b) make a certificate request (server.csr)
c) sign the certificate request (server.crt and server.key) with the new CA authority
d) change the server key so it does not ask for a passphrase.
Afterwards, the server.crt and server.key files are included in /usr/share/fred-client/ssl directory, and the fred-client configuration file is modified like this:
ssl_cert = %(dir)s/server.crt
ssl_key = %(dir)s/server.key
Now, if I try to run fred-client this is the result:
ERROR: socket.sslerror: [Errno 1] _ssl.c:480: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (200.107.82.18:700)
Certificate not signed by verified certificate authority
What should I do for fred-client to identify these certificates as valid?.
Thanks in advance.
Note: the new fred-client is perfectly compatible with FRED 2.2.
--
Mario Guerra <mguerra(a)nic.cr>
Good morning,
We are testing FRED, and we currently have a problem with the genzone_client script, we would like to request your help.
We have installed Fred using a Fedora 20 system (via RPM) and started the services as usual:
# Initialize the database scheme
/usr/bin/postgresql-setup initdb
# Start services
service postgresql start
service omniNames start
service fred-server start
service httpd start
service fred-webadmin-server start
Next we are able to add a TLD using:
fred-admin --zone_add --zone_fqdn=acme --ex_period_min=12
--ex_period_max=36 --ttl=18000 --hostmaster=root(a)test.acme
--refresh=10600 --update_retr=3600 --expiry=1209600 --minimum=7200
--ns_fqdn=ns1.acme
Also for the nameservers for the .acme TLD zone:
fred-admin --zone_ns_add --zone_fqdn=acme --ns_fqdn=ns1.acme
--addr=10.10.0.1
fred-admin --zone_ns_add --zone_fqdn=acme --ns_fqdn=ns2.acme
--addr=10.10.0.2
Our problem is that, when running genzone_client, the generated zone is outputted without IP address information for the name servers:
TTL 18000 ;default TTL for all records in zone
acme. IN SOA ns1.acme. root.test.acme. (1446128974 10600 3600 1209600 7200)
IN NS ns1.acme.
IN NS ns1.acme.
;
;--- domain records ---
;
We have verified in the PosgreSQL database and the A records as present as expected. What could be wrong?
Thank you!
Jorge Granjal
