fred-users Červenec 2018

fred-users@lists.nic.cz

2 participants
3 discussions

Setting up a CA and signing certificates with it

by Mario Guerra

I have done this, according to http://www.tc.umn.edu/~brams006/selfsign.html, part 1B (generating your own CA): a) create a CA authority (ca.key and ca.crt) b) make a certificate request (server.csr) c) sign the certificate request (server.crt and server.key) with the new CA authority d) change the server key so it does not ask for a passphrase. Afterwards, the server.crt and server.key files are included in /usr/share/fred-client/ssl directory, and the fred-client configuration file is modified like this: ssl_cert = %(dir)s/server.crt ssl_key = %(dir)s/server.key Now, if I try to run fred-client this is the result: ERROR: socket.sslerror: [Errno 1] _ssl.c:480: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (200.107.82.18:700) Certificate not signed by verified certificate authority What should I do for fred-client to identify these certificates as valid?. Thanks in advance. Note: the new fred-client is perfectly compatible with FRED 2.2. -- Mario Guerra <mguerra(a)nic.cr>

10 měsíců

problem registrar EPP connection - timeout - ERROR: socket.sslerror: _ssl.c:477

by Dr P Nyirenda

One of our registrars is facing a problem making an EPP connection to our .mw registry running FRED. The connection sometimes succeeds and sometime it fails with "ERROR: socket.sslerror: _ssl.c:477" - on a random on-and-off scenario that seems rather random, we cannot tell when it will fail or succeed. After many observations, I requested the registrar to install fred-client so that I can also test the connection from their end. Sessions look like the ones copied here below where one session was successful to conned and the other one failed. I have looked at this in detail and I need help to check what is really going on. I have now done a TCPDUMP of these connections and the result is copied as here attached, one for a successful connection and one for a failed connection. You will see that in the failed connection TCPDUMP shows that the fred-client on 88.208.201.35 was talking to the FRED server on 196.45.190.7 but the fred-client appears to stop listening even though the FRED server makes a few more attempts to the fred-client. The registrar is experiencing the same for their own client, it sometimes connects successfully and sometimes fails with no predictable pattern. My logs including those on DAPHNE show that most other registrars are connecting ok with no such problems. Can you help check what the problem could be with this one registrar? Is there another log that I can check to see what exactly is causing these connections to fail? Regards, Paulos ====================== Dr Paulos B Nyirenda NIC.MW & .mw ccTLD http://www.registrar.mw [######## successful connection #############] paulos@ndovu [~/fred-client-2.8.0]# ./fred-client Czech translation not available FredClient PACKAGE_VERSION Type "help", "license" or "credits" for more information. Using configuration from conf/fred-client.conf Connecting to ngoli.sdnp.org.mw, port 700 ... Connected! AFRIREGISTER-REG(a)ngoli.sdnp.org.mw> quit Logout command sent to server Ending session at ngoli.sdnp.org.mw Disconnected. [######## failed connection #############] paulos@ndovu [~/fred-client-2.8.0]# ./fred-client Czech translation not available FredClient PACKAGE_VERSION Type "help", "license" or "credits" for more information. Using configuration from conf/fred-client.conf Connecting to ngoli.sdnp.org.mw, port 700 ... ERROR: socket.sslerror: _ssl.c:477: The handshake operation timed out (ngoli.sdnp.org.mw:700) paulos@ndovu [~/fred-client-2.8.0]# --- This email has been checked for viruses by AVG. https://www.avg.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. The following section of this message contains a file attachment prepared for transmission using the Internet MIME message format. If you are using Pegasus Mail, or any other MIME-compliant system, you should be able to save it or view it from within your mailer. If you cannot, please ask your system administrator for assistance. ---- File information ----------- File: afriregister-reg-tcpdump-ok-and-failed-EPP-connection-25-7-18.txt Date: 25 Jul 2018, 15:09 Size: 8110 bytes. Type: Text

5 let, 9 měsíců

HELP with Java and use of SSL private key and digital certificates

by Dr P Nyirenda

Good morning, I have a new registrar that is trying to use Java for EPP connections to our .mw FRED server and they are having a problem on how to use SSL digital keys and SSL certificates in their Java EPP client They want to import the SSL private key and digital certificate into their Java EPP client. . The e-mail address of the registrar is domain(a)idcicp.com and their skype IP is slowturtlej . As of now they are trying something like the following: openssl pkcs12 -export -clcerts -in topnets.cert.pem -inkey topnets.key.pem -out clientuser.p12 keytool -importkeystore -srckeystore clientuser1p12 -srcstoretype PKCS12 -deststoretype JKS -destkeystore ServerKeystore.jks Let me know if you can help and please, if you can, also communicate to them direcly on the above address and skype ID. Regards, Paulos ====================== Dr Paulos B Nyirenda NIC.MW & .mw ccTLD http://www.registrar.mw ------- End of forwarded message ------- --- This email has been checked for viruses by AVG. https://www.avg.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.

5 let, 9 měsíců

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

fred-users Červenec 2018