I have done this, according to http://www.tc.umn.edu/~brams006/selfsign.html, part 1B (generating your own CA):
a) create a CA authority (ca.key and ca.crt)
b) make a certificate request (server.csr)
c) sign the certificate request (server.crt and server.key) with the new CA authority
d) change the server key so it does not ask for a passphrase.
Afterwards, the server.crt and server.key files are included in /usr/share/fred-client/ssl directory, and the fred-client configuration file is modified like this:
ssl_cert = %(dir)s/server.crt
ssl_key = %(dir)s/server.key
Now, if I try to run fred-client this is the result:
ERROR: socket.sslerror: [Errno 1] _ssl.c:480: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (200.107.82.18:700)
Certificate not signed by verified certificate authority
What should I do for fred-client to identify these certificates as valid?.
Thanks in advance.
Note: the new fred-client is perfectly compatible with FRED 2.2.
--
Mario Guerra <mguerra(a)nic.cr>
Jaromir,
Just one or two more clarifications on FRED:
1. Is there a default maximum number of years (or months) for renewing a domain ?
I see that in .cz this is required to be 10 years - is this burned into FRED or can it be
modified?
See: https://www.nic.cz/files/nic/doc/Registration_rules_CZ.pdf
Regards,
Paulos
======================
Dr Paulos B Nyirenda
NIC.MW & .mw ccTLD
http://www.registrar.mw
We are to try out having a few extra national characters
áýúíóæøåð
and in uppercase these are
ÁÝÚÍÓÆØÅÐ
in ccTLD names (.fo)
We found the 'allow_idn' in server.conf
and have it set as 'true' (allow_idn = true),
but this seems not to be enough, and does not really fullfill the requirements.
IDN is mentioned an option in fred, but where/how can we turn this on,
and what should we be aware of ?
...torkil...
Sorry for this lengthy message, but a bugfix is provided with a description
of the issue in the latest packages of fred for ubunto
Have a nice day
On Ubuntu 16.04.1 LTS - just updated and upgraded everything including
fred, broke fred
# systemctl status fred-logd
● fred-logd.service - FRED logging daemon
Loaded: loaded (/lib/systemd/system/fred-logd.service; enabled; vendor
preset: enabled)
Active: inactive (dead) (Result: exit-code) since Fri 2016-12-30
16:56:12 WET; 17min ago
Process: 3653 ExecStart=/usr/sbin/fred-logd -ORBendPoint giop:tcp::2226
-ORBnativeCharCodeSet UTF-8 --config /etc/fred/fred-logd.conf (code=exited,
status=1/FAILURE)
Main PID: 3653 (code=exited, status=1/FAILURE)
Dec 30 16:56:12 fred-ubunto-16 systemd[1]: fred-logd.service: Failed with
result 'exit-code'.
Dec 30 16:56:12 fred-ubunto-16 systemd[1]: fred-logd.service: Service
hold-off time over, scheduling restart.
Dec 30 16:56:12 fred-ubunto-16 systemd[1]: Stopped FRED logging daemon.
Dec 30 16:56:12 fred-ubunto-16 systemd[1]: fred-logd.service: Start request
repeated too quickly.
Dec 30 16:56:12 fred-ubunto-16 systemd[1]: Failed to start FRED logging
daemon.
Hmm where is fred-logd.conf ?
In /etc/init/fred-logd.conf !
BUGFIX
# cd /etc/fred
# ln -s ../init/fred-logd.conf
root@fred-ubunto-16:/etc/fred# systemctl start fred-logd
root@fred-ubunto-16:/etc/fred# systemctl status fred-logd
● fred-logd.service - FRED logging daemon
Loaded: loaded (/lib/systemd/system/fred-logd.service; enabled; vendor
preset: enabled)
Active: active (running) since Fri 2016-12-30 17:22:57 WET; 2s ago
Main PID: 4600 (fred-logd)
Tasks: 3
Memory: 2.5M
CPU: 25ms
CGroup: /system.slice/fred-logd.service
└─4600 /usr/sbin/fred-logd -ORBendPoint giop:tcp::2226
-ORBnativeCharCodeSet UTF-8 --config /etc/fred/fred-logd.conf
Dec 30 17:22:57 fred-ubunto-16 systemd[1]: Started FRED logging daemon.
So the bugfix worked :-)
Next issue:
# systemctl status fred-rifd
● fred-rifd.service - FRED registrar interface daemon
Loaded: loaded ( ; enabled; vendor preset: enabled)
Active: inactive (dead) (Result: exit-code) since Fri 2016-12-30
16:50:26 WET; 35min ago
Process: 3321 ExecStart=/usr/sbin/fred-rifd -ORBendPoint giop:tcp::2224
-ORBnativeCharCodeSet UTF-8 --config /etc/fred/fred-rifd.conf (code=exited,
status=1/FAILURE)
Main PID: 3321 (code=exited, status=1/FAILURE)
Dec 30 16:50:25 fred-ubunto-16 systemd[1]: fred-rifd.service: Main process
exited, code=exited, status=1/FAILURE
Dec 30 16:50:25 fred-ubunto-16 systemd[1]: fred-rifd.service: Unit entered
failed state.
Dec 30 16:50:25 fred-ubunto-16 systemd[1]: fred-rifd.service: Failed with
result 'exit-code'.
Dec 30 16:50:26 fred-ubunto-16 systemd[1]: fred-rifd.service: Service
hold-off time over, scheduling restart.
Dec 30 16:50:26 fred-ubunto-16 systemd[1]: Stopped FRED registrar interface
daemon.
Dec 30 16:50:26 fred-ubunto-16 systemd[1]: fred-rifd.service: Start request
repeated too quickly.
Dec 30 16:50:26 fred-ubunto-16 systemd[1]: Failed to start FRED registrar
interface daemon.
Again /lib/systemd/system/fred-rifd.service specifies fred-rifd.conf to be
in /etc/fred, were as it is in /etc/init :-/
BUGFIX
# cd /etc/fred
# ln -s ../init/fred-rifd.conf
# cd
# systemctl start fred-rifd
# systemctl status fred-rifd
● fred-rifd.service - FRED registrar interface daemon
Loaded: loaded (/lib/systemd/system/fred-rifd.service; enabled; vendor
preset: enabled)
Active: active (running) since Fri 2016-12-30 17:30:01 WET; 6s ago
Main PID: 4777 (fred-rifd)
Tasks: 3
Memory: 3.3M
CPU: 31ms
CGroup: /system.slice/fred-rifd.service
└─4777 /usr/sbin/fred-rifd -ORBendPoint giop:tcp::2224
-ORBnativeCharCodeSet UTF-8 --config /etc/fred/fred-rifd.conf
Dec 30 17:30:01 fred-ubunto-16 systemd[1]: Started FRED registrar interface
daemon.
So the bugfix worked :-)
Next issue:
# systemctl status fred-pifd
● fred-pifd.service - FRED public interface daemon
Loaded: loaded (/lib/systemd/system/fred-pifd.service; enabled; vendor
preset: enabled)
Active: inactive (dead) (Result: exit-code) since Fri 2016-12-30
16:28:07 WET; 1h 7min ago
Process: 1334 ExecStart=/usr/sbin/fred-pifd -ORBendPoint giop:tcp::2223
-ORBnativeCharCodeSet UTF-8 --config /etc/fred/fred-pifd.conf (code=exited,
status=1/FAILURE)
Main PID: 1334 (code=exited, status=1/FAILURE)
Tasks: 0
Memory: 0B
CPU: 0
CGroup: /system.slice/fred-pifd.service
Dec 30 16:28:07 fred-ubunto-16 systemd[1]: fred-pifd.service: Main process
exited, code=exited, status=1/FAILURE
Dec 30 16:28:07 fred-ubunto-16 systemd[1]: fred-pifd.service: Unit entered
failed state.
Dec 30 16:28:07 fred-ubunto-16 systemd[1]: fred-pifd.service: Failed with
result 'exit-code'.
Dec 30 16:28:07 fred-ubunto-16 systemd[1]: fred-pifd.service: Service
hold-off time over, scheduling restart.
Dec 30 16:28:07 fred-ubunto-16 systemd[1]: Stopped FRED public interface
daemon.
Dec 30 16:28:07 fred-ubunto-16 systemd[1]: fred-pifd.service: Start request
repeated too quickly.
Dec 30 16:28:07 fred-ubunto-16 systemd[1]: Failed to start FRED public
interface daemon.
BUGFIX
# cd /etc/fred
# ln -s ../init/fred-pifd.conf
# cd
# systemctl start fred-pifd
# systemctl status fred-pifd
● fred-pifd.service - FRED public interface daemon
Loaded: loaded (/lib/systemd/system/fred-pifd.service; enabled; vendor
preset: enabled)
Active: active (running) since Fri 2016-12-30 17:36:47 WET; 10ms ago
Main PID: 4941 (fred-pifd)
Tasks: 1
Memory: 1.1M
CPU: 5ms
CGroup: /system.slice/fred-pifd.service
└─4941 /usr/sbin/fred-pifd -ORBendPoint giop:tcp::2223
-ORBnativeCharCodeSet UTF-8 --config /etc/fred/fred-pifd.conf
Dec 30 17:36:47 fred-ubunto-16 systemd[1]: Started FRED public interface
daemon.
So the bugfix worked :-)
Next issue:
# systemctl status fred-msgd
● fred-msgd.service - FRED messaging daemon
Loaded: loaded (/lib/systemd/system/fred-msgd.service; enabled; vendor
preset: enabled)
Active: inactive (dead) (Result: exit-code) since Fri 2016-12-30
16:28:06 WET; 1h 9min ago
Process: 1258 ExecStart=/usr/sbin/fred-msgd -ORBendPoint giop:tcp::2228
-ORBnativeCharCodeSet UTF-8 --config /etc/fred/fred-msgd.conf (code=exited,
status=1/FAILURE)
Main PID: 1258 (code=exited, status=1/FAILURE)
Dec 30 16:28:05 fred-ubunto-16 systemd[1]: fred-msgd.service: Unit entered
failed state.
Dec 30 16:28:05 fred-ubunto-16 systemd[1]: fred-msgd.service: Failed with
result 'exit-code'.
Dec 30 16:28:06 fred-ubunto-16 systemd[1]: fred-msgd.service: Service
hold-off time over, scheduling restart.
Dec 30 16:28:06 fred-ubunto-16 systemd[1]: Stopped FRED messaging daemon.
Dec 30 16:28:06 fred-ubunto-16 systemd[1]: fred-msgd.service: Start request
repeated too quickly.
Dec 30 16:28:06 fred-ubunto-16 systemd[1]: Failed to start FRED messaging
daemon.
Same thing
BUGFIX
# cd /etc/init
# ln -s ../init/fred-msgd.conf
# cd
# systemctl start fred-msgd
# systemctl status fred-msgd
● fred-msgd.service - FRED messaging daemon
Loaded: loaded (/lib/systemd/system/fred-msgd.service; enabled; vendor
preset: enabled)
Active: active (running) since Fri 2016-12-30 17:38:59 WET; 4s ago
Main PID: 5016 (fred-msgd)
Tasks: 3
Memory: 1.6M
CPU: 20ms
CGroup: /system.slice/fred-msgd.service
└─5016 /usr/sbin/fred-msgd -ORBendPoint giop:tcp::2228
-ORBnativeCharCodeSet UTF-8 --config /etc/fred/fred-msgd.conf
Dec 30 17:38:59 fred-ubunto-16 systemd[1]: Started FRED messaging daemon.
So the bugfix worked :-)
Next issue:
# systemctl status fred-adifd
● fred-adifd.service - FRED administration interface daemon
Loaded: loaded (/lib/systemd/system/fred-adifd.service; enabled; vendor
preset: enabled)
Active: inactive (dead) (Result: exit-code) since Fri 2016-12-30
16:28:08 WET; 1h 12min ago
Process: 1352 ExecStart=/usr/sbin/fred-adifd -ORBendPoint giop:tcp::2222
-ORBnativeCharCodeSet UTF-8 --config /etc/fred/fred-adifd.conf
(code=exited, status=1/FAILURE)
Main PID: 1352 (code=exited, status=1/FAILURE)
Dec 30 16:28:07 fred-ubunto-16 systemd[1]: fred-adifd.service: Unit entered
failed state.
Dec 30 16:28:07 fred-ubunto-16 systemd[1]: fred-adifd.service: Failed with
result 'exit-code'.
Dec 30 16:28:08 fred-ubunto-16 systemd[1]: fred-adifd.service: Service
hold-off time over, scheduling restart.
Dec 30 16:28:08 fred-ubunto-16 systemd[1]: Stopped FRED administration
interface daemon.
Dec 30 16:28:08 fred-ubunto-16 systemd[1]: fred-adifd.service: Start
request repeated too quickly.
Dec 30 16:28:08 fred-ubunto-16 systemd[1]: Failed to start FRED
administration interface daemon.
Again same thing
BUGFIX
# cd /etc/fred
# ln -s ../init/fred-adifd.conf
# cd
# root@fred-ubunto-16:~# systemctl start fred-adifd
# root@fred-ubunto-16:~# systemctl status fred-adifd
● fred-adifd.service - FRED administration interface daemon
Loaded: loaded (/lib/systemd/system/fred-adifd.service; enabled; vendor
preset: enabled)
Active: active (running) since Fri 2016-12-30 17:41:42 WET; 4s ago
Main PID: 5128 (fred-adifd)
Tasks: 4
Memory: 3.3M
CPU: 29ms
CGroup: /system.slice/fred-adifd.service
└─5128 /usr/sbin/fred-adifd -ORBendPoint giop:tcp::2222
-ORBnativeCharCodeSet UTF-8 --config /etc/fred/fred-adifd.conf
Dec 30 17:41:42 fred-ubunto-16 systemd[1]: Started FRED administration
interface daemon.
Final check
# fred-status && echo ok
ok
DONE :-)
NOTE
fred-status is a local script which looks like this:
#######################################################################
#!/bin/sh
# File: fred-status.sh
# Purpose: Check that fred runs all the 7 required processes
# Author: Torkil Zachariassen
# Date: 20161209
CMD="ps -u fred --no-headers"
count=`$CMD|wc -l`
if [ $count -ne 7 ]; then
echo ERROR Wrong number of processes
$CMD
exit 1
fi
# return ok
return 0
NOTE
$ ps -u fred
should return the following processes
PID TTY TIME CMD
1096 ? 00:01:32 fred-webadmin
1181 ? 00:00:03 fred-logd
1182 ? 00:00:00 fred-rifd
1217 ? 00:00:00 fred-pifd
1218 ? 00:00:01 fred-adifd
3574 ? 00:00:00 fred-msgd
3685 ? 00:00:05 fred-pyfred
#######################################################################
It seems that the problem are the following lines in fred-* in
/lib/systemd/system:
# grep /fred/fred /lib/systemd/system/fred-*
/lib/systemd/system/fred-adifd.service:ExecStart=/usr/sbin/fred-adifd
-ORBendPoint giop:tcp::2222 -ORBnativeCharCodeSet UTF-8 --config
/etc/fred/fred-adifd.conf
/lib/systemd/system/fred-logd.service:ExecStart=/usr/sbin/fred-logd
-ORBendPoint giop:tcp::2226 -ORBnativeCharCodeSet UTF-8 --config
/etc/fred/fred-logd.conf
/lib/systemd/system/fred-msgd.service:ExecStart=/usr/sbin/fred-msgd
-ORBendPoint giop:tcp::2228 -ORBnativeCharCodeSet UTF-8 --config
/etc/fred/fred-msgd.conf
/lib/systemd/system/fred-pifd.service:ExecStart=/usr/sbin/fred-pifd
-ORBendPoint giop:tcp::2223 -ORBnativeCharCodeSet UTF-8 --config
/etc/fred/fred-pifd.conf
/lib/systemd/system/fred-rifd.service:ExecStart=/usr/sbin/fred-rifd
-ORBendPoint giop:tcp::2224 -ORBnativeCharCodeSet UTF-8 --config
/etc/fred/fred-rifd.conf
as these references configuration files in /etc/fred, whereas the actual
configuration
files are installed in /etc/init
As I am unsure of what the correct solution might be I will leave this
issue to the packager
Have a nice day :-)
