I have done this, according to http://www.tc.umn.edu/~brams006/selfsign.html, part 1B (generating your own CA):
a) create a CA authority (ca.key and ca.crt)
b) make a certificate request (server.csr)
c) sign the certificate request (server.crt and server.key) with the new CA authority
d) change the server key so it does not ask for a passphrase.
Afterwards, the server.crt and server.key files are included in /usr/share/fred-client/ssl directory, and the fred-client configuration file is modified like this:
ssl_cert = %(dir)s/server.crt
ssl_key = %(dir)s/server.key
Now, if I try to run fred-client this is the result:
ERROR: socket.sslerror: [Errno 1] _ssl.c:480: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (200.107.82.18:700)
Certificate not signed by verified certificate authority
What should I do for fred-client to identify these certificates as valid?.
Thanks in advance.
Note: the new fred-client is perfectly compatible with FRED 2.2.
--
Mario Guerra <mguerra(a)nic.cr>
Hello cz.nic Team
I've read a memo at your page that you have released FRED 2.23 recently.
Do you have any plans about supporting xenial (and releasing binary packages) once it becomes really
stable?
Best regards
Piotr Przybył
Does the keyset FRED specification support the algorithm numbers 12, 13
and 14 (GOST R 34.10-2001, ECDSA Curve P-256 with SHA-256 and ECDSA
Curve P-256 with SHA-384)?
These can be found at this IANA document:
https://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xml
Thanks in advance
Mario Guerra
