I have done this, according to http://www.tc.umn.edu/~brams006/selfsign.html, part 1B (generating your own CA):
a) create a CA authority (ca.key and ca.crt)
b) make a certificate request (server.csr)
c) sign the certificate request (server.crt and server.key) with the new CA authority
d) change the server key so it does not ask for a passphrase.
Afterwards, the server.crt and server.key files are included in /usr/share/fred-client/ssl directory, and the fred-client configuration file is modified like this:
ssl_cert = %(dir)s/server.crt
ssl_key = %(dir)s/server.key
Now, if I try to run fred-client this is the result:
ERROR: socket.sslerror: [Errno 1] _ssl.c:480: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (200.107.82.18:700)
Certificate not signed by verified certificate authority
What should I do for fred-client to identify these certificates as valid?.
Thanks in advance.
Note: the new fred-client is perfectly compatible with FRED 2.2.
--
Mario Guerra <mguerra(a)nic.cr>
Hello all,
Can someone help on this:
I have done this,
a) create a CA authority (ca.key and ca.crt)
b) make a certificate request (server.csr)
c) sign the certificate request (server.crt and server.key) with the new CA authority
d) make a certificate request (registrar.csr)
e) sign the certificate request (registrar.crt and registrar.key) with the new CA
authority
Afterwards, the server.crt and server.key and the ca.crt files are included in
/usr/share/fred-mod-eppd/ssl directory,then the epp file is tweaked to reflect the
files and the fred-client configuration file in /etc/fred/directory is modified like this:
ssl_cert = %(dir)s/registrar.crt
ssl_key = %(dir)s/registrar.key
Now, if I try to run fred-client this is the result:
Login Failed
----------------------------------------------------------
Malawi SDNP Webmail: http://www.sdnp.org.mw
Access your Malawi SDNP e-mail from anywhere in the world.
----------------------------------------------------------
How do I.
a) Define prices (creation, update, EPP).
b) Create credit for a zone-registrar combination.
c) Deduce each EPP transaction (creation, updating, etc.) so the
transaction applies to the credit?.
I have scripts for creating a new registrar with their respective
certificates, and I know how to intoroduce prices. Then I supposedly
give credit to a registrar and a zone, but when I use that zone and
registar using fred-client there is no transaction. I'm missing
simething but what?.
Mario Guerra
Hello all,
Can someone help on this:
I have done this,
a) create a CA authority (ca.key and ca.crt)
b) make a certificate request (server.csr)
c) sign the certificate request (server.crt and server.key) with the new CA authority
d) make a certificate request (registrar.csr)
e) sign the certificate request (registrar.crt and registrar.key) with the new CA
authority
Afterwards, the server.crt and server.key and the ca.crt files are included in
/usr/share/fred-client/ssl directory,then the epp file is tweaked to reflect the files
and the fred-client configuration file is modified like this:
ssl_cert = %(dir)s/registrar.crt
ssl_key = %(dir)s/registrar.key
Now, if I try to run fred-client this is the result:
Login Failed
----------------------------------------------------------
Malawi SDNP Webmail: http://www.sdnp.org.mw
Access your Malawi SDNP e-mail from anywhere in the world.
----------------------------------------------------------
Hello,
I need some help on the following:
1.Where does fred keep the certificates for registrars?
2.In which configuration file should i include the path for the registrars' certificates
and how?
Best Regards.
Mathias Timothy
----------------------------------------------------------
Malawi SDNP Webmail: http://www.sdnp.org.mw
Access your Malawi SDNP e-mail from anywhere in the world.
----------------------------------------------------------
On 16 Feb 2015 at 10:39, Mario Guerra <fred-users(a)lists.nic.cz> wrote:
> How do I.
>
> a) Define prices (creation, update, EPP).
> b) Create credit for a zone-registrar combination.
> c) Deduce each EPP transaction (creation, updating, etc.) so the
> transaction applies to the credit?.
>
> I have scripts for creating a new registrar with their respective
> certificates, and I know how to intoroduce prices.
Mario, all,
We at the Malawi .mw registry have just finished populating our FRED registry with data
at our current home built registry system. Our biggest challenge has been creating contacts.
We are now just at this point of creating new registrars and need to generate, install
and activate certificates for new registrars.
We would therefore like to request you to send us details on how you efficiently do
certificate generation, creation, installtion and activation of registrars. A copy of
your scripts sent to us, if available, would be very helpful.
We would also really like to hear how others do this as well. We are running on Fedora
and our target is to reach production phase by 15 March 2015, in about a month.
> Then I supposedly
> give credit to a registrar and a zone, but when I use that zone and
> registar using fred-client there is no transaction. I'm missing
> simething but what?.
We see that our next biggest challenge will be billing as we move the registry from the
2R model in the present system where the registry was billing every registrant to the 3R
model where we move to create, manage and bill registrars.
We need to resolve this soon as some domains will start to expire at the end of March
2015 and hence payments will need to be made. So answers on these question raised here
as well as any additional documentation will also be very helpful to us.
Regards,
Paulos
======================
Dr Paulos B Nyirenda
NIC.MW & .mw ccTLD
http://www.registrar.mw
>
> Mario Guerra
>
> _______________________________________________
> fred-users mailing list
> fred-users(a)lists.nic.cz
> https://lists.nic.cz/cgi-bin/mailman/listinfo/fred-users
----------------------------------------------------------
Malawi SDNP Webmail: http://www.sdnp.org.mw
Access your Malawi SDNP e-mail from anywhere in the world.
----------------------------------------------------------
