I have done this, according to http://www.tc.umn.edu/~brams006/selfsign.html, part 1B (generating your own CA):
a) create a CA authority (ca.key and ca.crt)
b) make a certificate request (server.csr)
c) sign the certificate request (server.crt and server.key) with the new CA authority
d) change the server key so it does not ask for a passphrase.
Afterwards, the server.crt and server.key files are included in /usr/share/fred-client/ssl directory, and the fred-client configuration file is modified like this:
ssl_cert = %(dir)s/server.crt
ssl_key = %(dir)s/server.key
Now, if I try to run fred-client this is the result:
ERROR: socket.sslerror: [Errno 1] _ssl.c:480: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (200.107.82.18:700)
Certificate not signed by verified certificate authority
What should I do for fred-client to identify these certificates as valid?.
Thanks in advance.
Note: the new fred-client is perfectly compatible with FRED 2.2.
--
Mario Guerra <mguerra(a)nic.cr>
a) Define prices for each zone. Notice that prices are defined per zone
only (you can't define a price for a registrar/zone combination). For
example:
fred-admin --price_add --operation_price 80.00 --zone_fqdn tld
--operation CreateDomain
fred-admin --price_add --operation_price 80.00 --zone_fqdn tld
--operation RenewDomain
fred-admin --price_add --operation_price 80.00 --zone_fqdn tld
--operation EppOperation
Take into account that the system registrar must be defined as such and
that these prices do not apply to the system registrar
b) Add invoice prefixes:
fred-admin --invoice_add_prefix --zone_fqdn tld --prefix 01
c) Now you can start assigning credit like this:
fred-admin --invoice_credit --zone_id 1 --registrar_id 2 --price 2000.0
The zone_id usually is the TLD zone. The registrar_id usually starts
with 2 for non-system registrars. I' m supposing you are using a
pre-paid policy. FRED allows for post-paid, too.
d) Now you can use fred-client with the new registrar (I' m assuming
that you previously created the regitrar with fred-admin and assigned
the zone to that registrar):
fred-client --user=<registar handle> --password=<registar password)
--cert=/usr/share/fred-client/ssl/<registar handle>.crt
--privkey=/usr/share/fred-client/ssl/<registar handle>.key
(for easier administration, we use for the crt and key files the same
name that the registrar one)
e) Now create, renew, etc. domains:
create_domain guerra.tld <contact id.> NULL <nsset id.> NULL (1 y)
I' m assuming that you previously created both the contact and the nsset
ids.
After this, for each domain created or renewed, that price is deduced
from the credit. If you use pre-paid and the accululative operations
exceed the credit, a FRED error is given.
Suppose this:
update_domain guerra.cr NULL NULL NULL (NULL GUERRA-CR-K NULL)
This example adds keyset GUERRA-CR-K to domain guerra.cr.
Now lets try to dissociate that keyset:
update_domain guerra.cr NULL NULL NULL (NULL () NULL)
It does not work. Notice that I don't use NULL which, in that context
does not touch the keyset entry. () should mean no keyset, right?. The
same applies to dissociating an nsset making the domain a reserved one.
For example:
update_domain guerra.cr.NULL NULL NULL (() NULL NULL)
Best regards.
