I have done this, according to http://www.tc.umn.edu/~brams006/selfsign.html, part 1B (generating your own CA):
a) create a CA authority (ca.key and ca.crt)
b) make a certificate request (server.csr)
c) sign the certificate request (server.crt and server.key) with the new CA authority
d) change the server key so it does not ask for a passphrase.
Afterwards, the server.crt and server.key files are included in /usr/share/fred-client/ssl directory, and the fred-client configuration file is modified like this:
ssl_cert = %(dir)s/server.crt
ssl_key = %(dir)s/server.key
Now, if I try to run fred-client this is the result:
ERROR: socket.sslerror: [Errno 1] _ssl.c:480: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (200.107.82.18:700)
Certificate not signed by verified certificate authority
What should I do for fred-client to identify these certificates as valid?.
Thanks in advance.
Note: the new fred-client is perfectly compatible with FRED 2.2.
--
Mario Guerra <mguerra(a)nic.cr>
On 18 Nov 2021 at 11:29, bsd(a)todoo.biz wrote:
> Hello Dr. Nyirenda,
>
> Thanks a lot for your help.
>
> Do you by any chance have the formula that you are using to create or
> renew your client side certificates? ,
What is your TLD ?
We are using openssl and I do not think there is a "formula" as such
> We are fighting because one of our engineer has left the company and
> did´t properly document things. One certificate has expired in
> july, we didn´t notice until server was rebooted... Now it is a bit
> emergency.
One of the ways could be for you to create your own CA, put the CA certificate into the FRED
config on the server side and using that issue a new certificate to the registrar.
Regards,
PC
=============================
Dr Paulos B Nyirenda
NIC.MW & .mw ccTLD
http://www.nic.mw
SDNP: http://www.sdnp.org.mw
Tel: +265-(0)-882 089 166
Cell: +265-(0)-888-824787
WhatsApp: +265-(0)-887386433
>
>
> Sincerely yours.
>
> Le 18 nov. 2021 à 08:54, Dr Paulos Nyirenda <paulos(a)sdnp.org.mw >
> a écrit :
>
> On 16 Nov 2021 at 14:41, bsd(a)todoo.biz wrote:
>
> Hello,
>
> I was wondering if the SSL certs which are created to authenticate
> EPP requests will need to be bound to a CA or if they only needed
> to be created as plain Cert + Key.
>
> In fred-client.conf - there only seems to have an :
>
> ssl_cert = %(dir)s/cert.xxx.pem
> ssl_key = %(dir)s/key.unenc.xxx.pem
>
> If I remember correctly, this is enough on the client side.
>
> No sign of CA.
>
> Also if I remember correctly, the CA certificate corresponding to
> your client certificate is only needed to be installed on the
> FRED server side for your EPP client
>
> Hope this helps.
>
> Regards,
>
> Paulos
> =============================
> Dr Paulos B Nyirenda
> NIC.MW & .mw ccTLD
> http://www.nic.mw
> SDNP: http://www.sdnp.org.mw
> Tel: +265-(0)-882 089 166
> Cell: +265-(0)-888-824787
> WhatsApp: +265-(0)-887386433
>
--
This email has been checked for viruses by AVG.
https://www.avg.com
Hello,
I was wondering if the SSL certs which are created to authenticate EPP requests will need to be bound to a CA or if they only needed to be created as plain Cert + Key.
In fred-client.conf - there only seems to have an :
ssl_cert = %(dir)s/cert.xxx.pem
ssl_key = %(dir)s/key.unenc.xxx.pem
No sign of CA.
Thanks for your help.
hi,
Thank you for your quick response. Actually i use ferda version 3.9.5 and
my .env content file is :
# Network settings
ALLOWED_HOSTS=*
# App settings
SECRET_KEY='gAAAAABciT3pFbbSihD_HZBZ8kqfAj94UhknamBuirZWKivWOukgKQ03qE2mcuvpuwCSuZ-X_Xkud0uWQLZ5e-aOwLC0Ccnepg=='
DEBUG=on
FERDA_REGISTRY_NETLOC=localhost:50050
FERDA_LOGGER_NETLOC=gloss:50051
FERDA_MESSENGER_NETLOC=localhost:50052
FERDA_FILEMAN_NETLOC=localhost:50053
FERDA_DBREPORT_NETLOC=localhost:50054
FERDA_SECRETARY_URL=https://secretary.localhost/api/
I rebuild docker again and encountered to the error that mention below:
[root@fred ~]# docker-compose -f ferda/docker/docker-compose.yml up
Starting docker_ferda_uwsgi_1 ... done
Starting docker_nginx_1 ... done
Attaching to docker_ferda_uwsgi_1, docker_nginx_1
nginx_1 | /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty,
will attempt to perform configuration
nginx_1 | /docker-entrypoint.sh: Looking for shell scripts in
/docker-entrypoint.d/
nginx_1 | /docker-entrypoint.sh: Launching
/docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
nginx_1 | 10-listen-on-ipv6-by-default.sh: info:
/etc/nginx/conf.d/default.conf is not a file or does not exist
nginx_1 | /docker-entrypoint.sh: Launching
/docker-entrypoint.d/20-envsubst-on-templates.sh
nginx_1 | /docker-entrypoint.sh: Launching
/docker-entrypoint.d/30-tune-worker-processes.sh
nginx_1 | /docker-entrypoint.sh: Configuration complete; ready for
start up
ferda_uwsgi_1 | Traceback (most recent call last):
ferda_uwsgi_1 | File "/app/venv/bin/django-admin", line 8, in <module>
ferda_uwsgi_1 | sys.exit(execute_from_command_line())
ferda_uwsgi_1 | File
"/app/venv/lib/python3.7/site-packages/django/core/management/__init__.py",
line 419, in execute_from_command_line
ferda_uwsgi_1 | utility.execute()
ferda_uwsgi_1 | File
"/app/venv/lib/python3.7/site-packages/django/core/management/__init__.py",
line 395, in execute
ferda_uwsgi_1 | django.setup()
ferda_uwsgi_1 | File
"/app/venv/lib/python3.7/site-packages/django/__init__.py", line 24, in
setup
ferda_uwsgi_1 | apps.populate(settings.INSTALLED_APPS)
ferda_uwsgi_1 | File
"/app/venv/lib/python3.7/site-packages/django/apps/registry.py", line 91,
in populate
ferda_uwsgi_1 | app_config = AppConfig.create(entry)
ferda_uwsgi_1 | File
"/app/venv/lib/python3.7/site-packages/django/apps/config.py", line 212, in
create
ferda_uwsgi_1 | mod = import_module(mod_path)
ferda_uwsgi_1 | File "/usr/local/lib/python3.7/importlib/__init__.py",
line 127, in import_module
ferda_uwsgi_1 | return _bootstrap._gcd_import(name[level:], package,
level)
ferda_uwsgi_1 | File "<frozen importlib._bootstrap>", line 1006, in
_gcd_import
ferda_uwsgi_1 | File "<frozen importlib._bootstrap>", line 983, in
_find_and_load
ferda_uwsgi_1 | File "<frozen importlib._bootstrap>", line 967, in
_find_and_load_unlocked
ferda_uwsgi_1 | File "<frozen importlib._bootstrap>", line 677, in
_load_unlocked
ferda_uwsgi_1 | File "<frozen importlib._bootstrap_external>", line 728,
in exec_module
ferda_uwsgi_1 | File "<frozen importlib._bootstrap>", line 219, in
_call_with_frames_removed
ferda_uwsgi_1 | File
"/app/venv/lib/python3.7/site-packages/ferda/apps.py", line 8, in <module>
ferda_uwsgi_1 | from ferda.backend import LOGGER
ferda_uwsgi_1 | File
"/app/venv/lib/python3.7/site-packages/ferda/backend/__init__.py", line 5,
in <module>
ferda_uwsgi_1 | from .logger import LOGGER
ferda_uwsgi_1 | File
"/app/venv/lib/python3.7/site-packages/ferda/backend/logger.py", line 4, in
<module>
ferda_uwsgi_1 | import
fred_api.logger.diagnostics.service_diagnostics_grpc_pb2_grpc
ferda_uwsgi_1 | ModuleNotFoundError: No module named
'fred_api.logger.diagnostics'
docker_ferda_uwsgi_1 exited with code 1
Can you guide me in this regard?
Thank you.
On Mon, Nov 1, 2021 at 4:57 PM <fred-users-request(a)lists.nic.cz> wrote:
> Send fred-users mailing list submissions to
> fred-users(a)lists.nic.cz
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.nic.cz/mailman/listinfo/fred-users
> or, via email, send a message with subject or body 'help' to
> fred-users-request(a)lists.nic.cz
>
> You can reach the person managing the list at
> fred-users-owner(a)lists.nic.cz
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of fred-users digest..."
>
>
> Today's Topics:
>
> 1. Re: I'm having trouble building a docker Ferda (Jiri Sadek)
> 2. Re: I'm having trouble building a docker Ferda (Jan Musílek)
> 3. can not run ferda docker (Mahmoudreza Abbasi)
> 4. Re: can not run ferda docker (Jan Musílek)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 30 Jun 2021 15:40:43 +0200
> From: Jiri Sadek <jiri.sadek(a)nic.cz>
> To: fred-users(a)lists.nic.cz
> Subject: Re: I'm having trouble building a docker Ferda
> Message-ID: <f36434e7-6973-859a-8b77-064715713065(a)nic.cz>
> Content-Type: text/plain; charset=UTF-8; format=flowed
>
> Hi,
>
> thanks for reporting the issue. It looks like webpack config separation
> was not properly reflected in the Dockerfile. We'll look into it and let
> you know when it's fixed.
>
> Regards
>
> Jiri
>
> Dne 6/30/21 v 12:37 Leonardo Assunção napsal(a):
> > Hi,
> >
> > I'm having trouble building a docker Ferda.
> >
> > I followed the steps described in this link
> >
> https://fred.nic.cz/documentation/html/FerdaManual/Installation.html#how-to…
> > <
> https://fred.nic.cz/documentation/html/FerdaManual/Installation.html#how-to…
> >
> >
> > and in the step of doing build occurs this error:
> >
> > Digest:
> > sha256:70d4fffcab39a1f9f7161d58e674ddcc56c7f0724196b68d52a87bab15cb4a04
> >
> > Status: Downloaded newer image for node:13
> >
> > ---> 2b9604a36e49
> >
> > Step 2/24 : WORKDIR /app
> >
> > ---> Running in 7a6b66ab06a9
> >
> > Removing intermediate container 7a6b66ab06a9
> >
> > ---> 9bac969be5a8
> >
> > Step 3/24 : COPY ferda/static/ /app/static/
> >
> > ---> 46036760fee1
> >
> > Step 4/24 : COPY assets/ /app/assets/
> >
> > ---> 8428cbd225ea
> >
> > Step 5/24 : COPY package.json webpack.config.js /app/
> >
> > COPY failed: file not found in build context or excluded by
> > .dockerignore: stat webpack.config.js: file does not exist
> >
> > ERROR: Service 'ferda_uwsgi' failed to build : Build failed
> >
> > How do I solve this problem?
> >
> > Greetings,
> >
> > Leonardo Assunção
> >
> > g9telecom
> >
> >
> >
> > *Leonardo Assunção*
> > Técnica
> > T.: 707 450 000
> > F.: 707 450 009
> > www.g9telecom.pt <http://www.g9telecom.pt/>
> >
> >
> >
> > [Download vCard] <
> http://public.g9telecom.pt/vCards/tec29bk5-leonardo.vcf>
> >
> > certif
> >
> > Esta mensagem (incluindo anexos) pode conter informação confidencial
> > para uso exclusivo do destinatário. Se não for o destinatário pretendido
> > não deverá usar, distribuir ou copiar este e-mail, devendo eliminá-lo e
> > informar o emissor imediatamente. Obrigado.
> >
> > This message (including any attachments) may contain confidential
> > information for the exclusive use of the recipient. If you are not the
> > intended recipient, you should not use, distribute or copy this email,
> > and you must delete it and inform the issuer immediately. Thank you.
> >
> >
> > _______________________________________________
> > fred-users mailing list
> > fred-users(a)lists.nic.cz
> > https://lists.nic.cz/mailman/listinfo/fred-users
> >
>
>
> ------------------------------
>
> Message: 2
> Date: Thu, 1 Jul 2021 08:50:51 +0200
> From: Jan Musílek <jan.musilek(a)nic.cz>
> To: fred-users(a)lists.nic.cz
> Subject: Re: I'm having trouble building a docker Ferda
> Message-ID: <bf5405af-b935-2aba-d4c4-de6faef13770(a)nic.cz>
> Content-Type: text/plain; charset="utf-8"
>
> Hello,
>
> This issue is now fixed in master branch. Please pull the new commits
> and try the build again.
>
> The issue was caused by not reflecting some code changes in the
> Dockerfile. I added new CI job to check the docker-compose build passes,
> so we should not get any more build failures in the future.
>
> Furthermore, there has been quite a rapid development in Ferda which is
> not reflected in the web docs yet. In order to run it, you need more
> comprehensive `.env` file (although for building itself, the old one
> will probably suffice). I prepared `example.env` file containing all
> necessary settings to successfully run Ferda [1].
>
> Please note that this is just an example – you need to change the
> defaults to your own configuration in order for most features to work.
>
> All these settings are either standard Django settings [2] or they are
> documented in README [3]. Please note that `FERDA_GRPC_NETLOC` from
> README is translated to `FERDA_REGISTRY_NETLOC` in the docker build –
> this is the new name we want to use, so eventually, it will be
> `FERDA_REGISTRY_NETLOC` in README and settings as well.
>
> We are quite excited that you decided to give Ferda a try. As far as we
> know, it's not used by any other domain registry besides us right now.
> If you have any other issues, don't hesitate to ask – we're happy to help.
>
> Kind Regards,
> Jan Musílek
>
> [1] https://gitlab.nic.cz/fred/ferda/-/blob/master/docker/example.env
> [2] https://docs.djangoproject.com/en/3.2/ref/settings/
> [3] https://gitlab.nic.cz/fred/ferda/-/blob/master/README.rst
>
>
>
> On 30. 06. 21 15:40, Jiri Sadek wrote:
> > Hi,
> >
> > thanks for reporting the issue. It looks like webpack config separation
> > was not properly reflected in the Dockerfile. We'll look into it and let
> > you know when it's fixed.
> >
> > Regards
> >
> > Jiri
> >
> > Dne 6/30/21 v 12:37 Leonardo Assunção napsal(a):
> >> Hi,
> >>
> >> I'm having trouble building a docker Ferda.
> >>
> >> I followed the steps described in this link
> >>
> https://fred.nic.cz/documentation/html/FerdaManual/Installation.html#how-to…
> >> <
> https://fred.nic.cz/documentation/html/FerdaManual/Installation.html#how-to…
> >
> >>
> >>
> >> and in the step of doing build occurs this error:
> >>
> >> Digest:
> >> sha256:70d4fffcab39a1f9f7161d58e674ddcc56c7f0724196b68d52a87bab15cb4a04
> >>
> >> Status: Downloaded newer image for node:13
> >>
> >> ---> 2b9604a36e49
> >>
> >> Step 2/24 : WORKDIR /app
> >>
> >> ---> Running in 7a6b66ab06a9
> >>
> >> Removing intermediate container 7a6b66ab06a9
> >>
> >> ---> 9bac969be5a8
> >>
> >> Step 3/24 : COPY ferda/static/ /app/static/
> >>
> >> ---> 46036760fee1
> >>
> >> Step 4/24 : COPY assets/ /app/assets/
> >>
> >> ---> 8428cbd225ea
> >>
> >> Step 5/24 : COPY package.json webpack.config.js /app/
> >>
> >> COPY failed: file not found in build context or excluded by
> >> .dockerignore: stat webpack.config.js: file does not exist
> >>
> >> ERROR: Service 'ferda_uwsgi' failed to build : Build failed
> >>
> >> How do I solve this problem?
> >>
> >> Greetings,
> >>
> >> Leonardo Assunção
> >>
> >> g9telecom
> >>
> >>
> >>
> >> *Leonardo Assunção*
> >> Técnica
> >> T.: 707 450 000
> >> F.: 707 450 009
> >> www.g9telecom.pt <http://www.g9telecom.pt/>
> >>
> >>
> >>
> >> [Download vCard]
> >> <http://public.g9telecom.pt/vCards/tec29bk5-leonardo.vcf>
> >>
> >> certif
> >>
> >> Esta mensagem (incluindo anexos) pode conter informação confidencial
> >> para uso exclusivo do destinatário. Se não for o destinatário
> >> pretendido não deverá usar, distribuir ou copiar este e-mail, devendo
> >> eliminá-lo e informar o emissor imediatamente. Obrigado.
> >>
> >> This message (including any attachments) may contain confidential
> >> information for the exclusive use of the recipient. If you are not the
> >> intended recipient, you should not use, distribute or copy this email,
> >> and you must delete it and inform the issuer immediately. Thank you.
> >>
> >>
> >> _______________________________________________
> >> fred-users mailing list
> >> fred-users(a)lists.nic.cz
> >> https://lists.nic.cz/mailman/listinfo/fred-users
> >>
> > _______________________________________________
> > fred-users mailing list
> > fred-users(a)lists.nic.cz
> > https://lists.nic.cz/mailman/listinfo/fred-users
>
>
hi,
I tried to install fred in my server as test bed and view it's capabilities
and followed the instructions that mention in
https://fred.nic.cz/documentation/html/FerdaManual/Installation.html but
when i want to run ferda docker , i encounter with this error : (the OS is
Centos 7 latest version)
[root@fred ~]# docker-compose -f ferda/docker/docker-compose.yml up
docker_nginx_1 is up-to-date
Starting docker_ferda_uwsgi_1 ... done
Attaching to docker_nginx_1, docker_ferda_uwsgi_1
nginx_1 | /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty,
will attempt to perform configuration
nginx_1 | /docker-entrypoint.sh: Looking for shell scripts in
/docker-entrypoint.d/
nginx_1 | /docker-entrypoint.sh: Launching
/docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
nginx_1 | 10-listen-on-ipv6-by-default.sh: info:
/etc/nginx/conf.d/default.conf is not a file or does not exist
nginx_1 | /docker-entrypoint.sh: Launching
/docker-entrypoint.d/20-envsubst-on-templates.sh
nginx_1 | /docker-entrypoint.sh: Launching
/docker-entrypoint.d/30-tune-worker-processes.sh
nginx_1 | /docker-entrypoint.sh: Configuration complete; ready for
start up
ferda_uwsgi_1 | Traceback (most recent call last):
ferda_uwsgi_1 | File "/app/venv/bin/django-admin", line 8, in <module>
ferda_uwsgi_1 | sys.exit(execute_from_command_line())
ferda_uwsgi_1 | File
"/app/venv/lib/python3.7/site-packages/django/core/management/__init__.py",
line 419, in execute_from_command_line
ferda_uwsgi_1 | utility.execute()
ferda_uwsgi_1 | File
"/app/venv/lib/python3.7/site-packages/django/core/management/__init__.py",
line 395, in execute
ferda_uwsgi_1 | django.setup()
ferda_uwsgi_1 | File
"/app/venv/lib/python3.7/site-packages/django/__init__.py", line 24, in
setup
ferda_uwsgi_1 | apps.populate(settings.INSTALLED_APPS)
ferda_uwsgi_1 | File
"/app/venv/lib/python3.7/site-packages/django/apps/registry.py", line 91,
in populate
ferda_uwsgi_1 | app_config = AppConfig.create(entry)
ferda_uwsgi_1 | File
"/app/venv/lib/python3.7/site-packages/django/apps/config.py", line 212, in
create
ferda_uwsgi_1 | mod = import_module(mod_path)
ferda_uwsgi_1 | File "/usr/local/lib/python3.7/importlib/__init__.py",
line 127, in import_module
ferda_uwsgi_1 | return _bootstrap._gcd_import(name[level:], package,
level)
ferda_uwsgi_1 | File "<frozen importlib._bootstrap>", line 1006, in
_gcd_import
ferda_uwsgi_1 | File "<frozen importlib._bootstrap>", line 983, in
_find_and_load
ferda_uwsgi_1 | File "<frozen importlib._bootstrap>", line 967, in
_find_and_load_unlocked
ferda_uwsgi_1 | File "<frozen importlib._bootstrap>", line 677, in
_load_unlocked
ferda_uwsgi_1 | File "<frozen importlib._bootstrap_external>", line 728,
in exec_module
ferda_uwsgi_1 | File "<frozen importlib._bootstrap>", line 219, in
_call_with_frames_removed
ferda_uwsgi_1 | File
"/app/venv/lib/python3.7/site-packages/ferda/apps.py", line 8, in <module>
ferda_uwsgi_1 | from ferda.backend import LOGGER
ferda_uwsgi_1 | File
"/app/venv/lib/python3.7/site-packages/ferda/backend/__init__.py", line 5,
in <module>
ferda_uwsgi_1 | from .logger import LOGGER
ferda_uwsgi_1 | File
"/app/venv/lib/python3.7/site-packages/ferda/backend/logger.py", line 4, in
<module>
ferda_uwsgi_1 | import
fred_api.logger.diagnostics.service_diagnostics_grpc_pb2_grpc
ferda_uwsgi_1 | ModuleNotFoundError: No module named
'fred_api.logger.diagnostics'
docker_ferda_uwsgi_1 exited with code 1
Could you plz help me to solve this problem.
thank you
