I have done this, according to http://www.tc.umn.edu/~brams006/selfsign.html, part 1B (generating your own CA):
a) create a CA authority (ca.key and ca.crt)
b) make a certificate request (server.csr)
c) sign the certificate request (server.crt and server.key) with the new CA authority
d) change the server key so it does not ask for a passphrase.
Afterwards, the server.crt and server.key files are included in /usr/share/fred-client/ssl directory, and the fred-client configuration file is modified like this:
ssl_cert = %(dir)s/server.crt
ssl_key = %(dir)s/server.key
Now, if I try to run fred-client this is the result:
ERROR: socket.sslerror: [Errno 1] _ssl.c:480: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (200.107.82.18:700)
Certificate not signed by verified certificate authority
What should I do for fred-client to identify these certificates as valid?.
Thanks in advance.
Note: the new fred-client is perfectly compatible with FRED 2.2.
--
Mario Guerra <mguerra(a)nic.cr>
I am finding in FRED that I have to issue new invoice prefixes now that the year has changed
from 2017 to 2018.
If I do not do this then I get an error :
"Missing invoice prefix"
when I try to add credit to a registrar account using the
#fred-admin --invoice_credit
command
I am having to do this for each zone which is painful because I have 10+ zones.
Is there a way to update this automatically when the year changes ?
Additionally, is there a way that I can run the
#fred-admin --invoice_credit
command for a zone and land on the correct prefix every time ?
In many cases when I run the command
#fred-admin --invoice_credit
I get the error
DEATAIL: Key (prefix)=(interger) already exits
and I have to run the command a few more times before I land on an interger that the
command accepts.
How can I get around this and land on the correct interger for the command without having to
repeat it?
Regards,
Paulos
======================
Dr Paulos B Nyirenda
NIC.MW & .mw ccTLD
http://www.registrar.mw
---
This email has been checked for viruses by AVG.
http://www.avg.com
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
we have a customer who tried to change the name servers of many of his .MW domains to :
ns1.names.rent & ns2.names.rent
But we get a strange error : "Invalid nameserver hostname"
Does anyone know why FRED registry is giving this error ?
See full EPP request & response here below:
Regards,
Paulos
======================
Dr Paulos B Nyirenda
NIC.MW & .mw ccTLD
http://www.registrar.mw
REQUEST
<?xml version="1.0" encoding="utf-8" standalone="no"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd">
<command>
<create>
<nsset:create xmlns:nsset="http://www.nic.cz/xml/epp/nsset-1.2"
xsi:schemaLocation="http://www.nic.cz/xml/epp/nsset-1.2 nsset-1.2.xsd" >
<nsset:id>NETIM-MW-19</nsset:id>
<nsset:ns>
<nsset:name>ns1.names.rent</nsset:name>
</nsset:ns><nsset:ns>
<nsset:name>ns2.names.rent</nsset:name>
</nsset:ns>
<nsset:tech>CMW-NETIM</nsset:tech>
</nsset:create>
</create>
<clTRID>2496476-1515235625</clTRID>
</command>
</epp>
RESPONSE
<?xml version="1.0" encoding="UTF-8"?>
<epp xmlns="urn:ietf:params: xml:ns:epp-1.0" xmlns:xsi=
"http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:ietf:params: xml:ns:epp-1.0
epp-1.0.xsd"><response><result code="2005"><msg>Paramet
er value syntax error</msg><extValue><value><nsset:name xml
ns:nsset= "http://www.nic.cz/xml/epp/nsset-1.2"
>ns1.names.rent</nsset:name></value><reason>Invalid names
erver hostname.</reason></extValue><extValue><value><nsset
:name xmlns:nsset=
"http://www.nic.cz/xml/epp/nsset-1.2">ns2.names.rent</nsset:na
me></value><reason>Invalid nameserver hostname.</reason><
/extValue></result><trID><clTRID>2496476-1515235625</clTRI
D><svTRID>ReqID-0016680042</svTRID></trID></response><
/epp>
Can you please check and advise?
---
This email has been checked for viruses by AVG.
http://www.avg.com
