I have done this, according to http://www.tc.umn.edu/~brams006/selfsign.html, part 1B (generating your own CA):
a) create a CA authority (ca.key and ca.crt)
b) make a certificate request (server.csr)
c) sign the certificate request (server.crt and server.key) with the new CA authority
d) change the server key so it does not ask for a passphrase.
Afterwards, the server.crt and server.key files are included in /usr/share/fred-client/ssl directory, and the fred-client configuration file is modified like this:
ssl_cert = %(dir)s/server.crt
ssl_key = %(dir)s/server.key
Now, if I try to run fred-client this is the result:
ERROR: socket.sslerror: [Errno 1] _ssl.c:480: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (200.107.82.18:700)
Certificate not signed by verified certificate authority
What should I do for fred-client to identify these certificates as valid?.
Thanks in advance.
Note: the new fred-client is perfectly compatible with FRED 2.2.
--
Mario Guerra <mguerra(a)nic.cr>
Hi everyone,
Our domains that expired in February and March are stuck in "to be deleted"
state, they never get deleted.
On manual deletion or renewal the output is:
Error: ObjectStatusProhibitsOperation
Manual run of '/usr/sbin/fred-admin --object_regular_procedure' executes but
doesn't give any output. Zones are still being generated with such 'to be
deleted' domains excluded.
The timezone is set to UTC in postregsql.conf
Enum_parameters are as follows:
expiration_notify_period -30
expiration_dns_protection_period 30
expiration_letter_warning_period 34
validation_notify1_period -30
validation_notify2_period -15
regular_day_procedure_period 0
object_registration_protection_period 6
handle_registration_protection_period 0
regular_day_outzone_procedure_period 14
outzone_unguarded_email_warning_period 25
enum_validation_continuation_window 14
regular_day_procedure_zone Africa/Johannesburg
expiration_registration_protection_period 61
What could be the cause of this?
Regards.
Moeketsi