fred-users Leden 2017

fred-users@lists.nic.cz

3 participants
5 discussions

Setting up a CA and signing certificates with it

by Mario Guerra

I have done this, according to http://www.tc.umn.edu/~brams006/selfsign.html, part 1B (generating your own CA): a) create a CA authority (ca.key and ca.crt) b) make a certificate request (server.csr) c) sign the certificate request (server.crt and server.key) with the new CA authority d) change the server key so it does not ask for a passphrase. Afterwards, the server.crt and server.key files are included in /usr/share/fred-client/ssl directory, and the fred-client configuration file is modified like this: ssl_cert = %(dir)s/server.crt ssl_key = %(dir)s/server.key Now, if I try to run fred-client this is the result: ERROR: socket.sslerror: [Errno 1] _ssl.c:480: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (200.107.82.18:700) Certificate not signed by verified certificate authority What should I do for fred-client to identify these certificates as valid?. Thanks in advance. Note: the new fred-client is perfectly compatible with FRED 2.2. -- Mario Guerra <mguerra(a)nic.cr>

1 rok, 6 měsíců

Maximum renewal period in FRED

by Dr Paulos B Nyirenda

Jaromir, Just one or two more clarifications on FRED: 1. Is there a default maximum number of years (or months) for renewing a domain ? I see that in .cz this is required to be 10 years - is this burned into FRED or can it be modified? See: https://www.nic.cz/files/nic/doc/Registration_rules_CZ.pdf Regards, Paulos ====================== Dr Paulos B Nyirenda NIC.MW & .mw ccTLD http://www.registrar.mw

7 let, 8 měsíců

ERROR HEADER: unpack requires a string argument of length 4

by Jakub Andrys

Hi, I have clean install of Ubuntu 16.04 server and I use script install: https://fred.nic.cz/page/2906/installation-on-ubuntu/ everything looks OK, but when I wan use fred-client, got this error: # fred-client FredClient upstream/2.7.0-97-g21a67 Type "help", "license" or "credits" for more information. Using configuration from /root/.fred-client.conf Used socket type: IPv6. Socket timeout: 10.0 sec. Connecting to localhost, port 700 ... Connection established. Try to open SSL layer... SSL layer opened. ERROR: ERROR HEADER: unpack requires a string argument of length 4 Server didn't return Greeting message. Contact server administrator. in /var/log/fred-eppd.log [19/Jan/2017:10:02:56 +0100] ::1 (process:2354) [sessionID 352216] Could not obtain object reference for alias 'EPP_alias'. Check mod_corba's configuration. [19/Jan/2017:10:02:56 +0100] ::1 (process:2354) [sessionID 352216] Could not obtain object reference for alias 'EPP_alias'. Connection on port 700 looks OK. Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 192.168.120.153:53 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN tcp6 0 0 :::43 :::* LISTEN tcp6 0 0 :::80 :::* LISTEN tcp6 0 0 :::53 :::* LISTEN tcp6 0 0 :::22 :::* LISTEN tcp6 0 0 :::25 :::* LISTEN tcp6 0 0 :::2809 :::* LISTEN tcp6 0 0 ::1:953 :::* LISTEN tcp6 0 0 :::443 :::* LISTEN tcp6 0 0 :::700 :::* LISTEN udp 0 0 192.168.120.153:53 0.0.0.0:* udp 0 0 127.0.0.1:53 0.0.0.0:* udp 0 0 0.0.0.0:68 0.0.0.0:* udp6 0 0 :::53 :::* Any idea whats wrong? Regards, Jakub

7 let, 11 měsíců

Weak digest algorithm @ archive.nic.cz

by Torkil Zachariassen

While running # apt-get update on Ubunto-16 as warning is issued: W: http://archive.nic.cz/ubuntu/dists/xenial/Release.gpg: Signature by key 55360425D50EB41DB9A21E67F20C079E020ADBB4 uses weak digest algorithm (SHA1) It seems that Debian and friends do not like SHA1 any longer. They provide more info on the removal of sha1 and how to fix a half-broken repositories https://wiki.debian.org/Teams/Apt/Sha1Removal I suppose the fred repository for ubunto at archive.nic.cz could be updated along those lines.

7 let, 11 měsíců

IDN in fred? Howto

by Torkil Zachariassen

We are to try out having a few extra national characters áýúíóæøåð and in uppercase these are ÁÝÚÍÓÆØÅÐ in ccTLD names (.fo) We found the 'allow_idn' in server.conf and have it set as 'true' (allow_idn = true), but this seems not to be enough, and does not really fullfill the requirements. IDN is mentioned an option in fred, but where/how can we turn this on, and what should we be aware of ? ...torkil...

7 let, 11 měsíců

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

fred-users Leden 2017