I have done this, according to http://www.tc.umn.edu/~brams006/selfsign.html, part 1B (generating your own CA):
a) create a CA authority (ca.key and ca.crt)
b) make a certificate request (server.csr)
c) sign the certificate request (server.crt and server.key) with the new CA authority
d) change the server key so it does not ask for a passphrase.
Afterwards, the server.crt and server.key files are included in /usr/share/fred-client/ssl directory, and the fred-client configuration file is modified like this:
ssl_cert = %(dir)s/server.crt
ssl_key = %(dir)s/server.key
Now, if I try to run fred-client this is the result:
ERROR: socket.sslerror: [Errno 1] _ssl.c:480: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (200.107.82.18:700)
Certificate not signed by verified certificate authority
What should I do for fred-client to identify these certificates as valid?.
Thanks in advance.
Note: the new fred-client is perfectly compatible with FRED 2.2.
--
Mario Guerra <mguerra(a)nic.cr>
Hi Paulos,
if you are doing restore of database, you should probably do this into
empty database or if you have "create database" as part of dump, you
can remove database at the destination system completely.
Regards,
Jaromir
On Tue, 2021-03-23 at 10:28 +0200, Dr Paulos Nyirenda wrote:
> On 19 Mar 2021 at 14:06, Jaromir Talir wrote:
>
> > Hi Paulos,
> >
> > I'm not sure if I got it right. There are two scenarios:
> >
> > 1/ You do DUMP + RESTORE and information in restored tables is
> > different than in original table.
> >
> > This would be weird. I can only imagine that DUMP failed or was
> > incomplete but otherwise there should be no issue
>
> This is the issue. When we do a DUMP and RESTORE, the mail_template
> on the system on
> which we do a restore remains the same, it is not updated from the
> restore in the DUMP.
>
> As such we have to manually edit it again to get it updated.
>
> > 2/ You do DUMP + modification + RESTORE and modification is not in
> > restored tables.
>
> We do not do a modification after doing the DUMP.
>
> > This is also correct since modifications are not included in DUMP.
> > I
> > suggest to make backup via DUMP after modification of those tables.
>
> After a bit of reading and when I get the time, I am now going to try
> to do a data only dump of
> the mail_template table with the data that we want and then see if I
> canm restore that data
> only after the restore using the aproach suggested in the attached
> advice, would that work ?
>
> Regards,
>
> Paulos
> =============================
> Dr Paulos B Nyirenda
> NIC.MW & .mw ccTLD
> http://www.nic.mw
> SDNP: http://www.sdnp.org.mw
> Tel: +265-(0)-882 089 166
> Cell: +265-(0)-888-824787
> WhatsApp: +265-(0)-887386433
>
>
> >
> > Regards,
> > Jaromir
> >
> > On Thu, 2021-03-18 at 15:39 +0200, Dr Paulos Nyirenda wrote:
> > >
> > > Good afternoon,
> > >
> > > I am having trouble maintaing my English version of mail_template
> > > table in the FRED database backup and restore, can you help ?
> > >
> > > I often need to backup the FRED registry system database and I am
> > > using
> > > #pg_dump -U fred fred > fred-backup-file.sql
> > >
> > > To restore that database I use
> > > #sudo -u postgres psql
> > > #DROP DATABASE fred;
> > > #CREATE DATABASE fred;
> > > #\q
> > > #psql -U fred -d fred -f fred-backup-file.sql
> > >
> > > However, I find in almost all cases that I lose any updates that
> > > I
> > > made on mail_template table when I restore this way on the new
> > > restoration.
> > >
> > > Is there a way that I can keep the most resent mail_template
> > > updates
> > > between backup and restore?
> > >
> > > I have tried to save the mail_template using a dump like
> > > #pg_dump -U fred fred -t mail_template > fred-mail_template-
> > > bkp.sql
> > > but I am unable to restore this because I get the error that
> > > there
> > > are too many dependencies on mail_template when I try to drop the
> > > table and then use pg_restore -t.
> > >
> > > So, what is the best way of moving with my desired mail_template
> > > in
> > > FRED?
> > >
> > > Can I do this even between different schemas of backup and
> > > restore ?
> > >
> > > Regards,
> > >
> > > Paulos
> > > =============================
> > > Dr Paulos B Nyirenda
> > > NIC.MW & .mw ccTLD
> > > http://www.nic.mw
> > > SDNP: http://www.sdnp.org.mw
> > > Tel: +265-(0)-882 089 166
> > > Cell: +265-(0)-888-824787
> > > WhatsApp: +265-(0)-887386433
> > >
> > >
> >
>
>
>
>
> The following section of this message contains a file attachment
> prepared for transmission using the Internet MIME message format.
> If you are using Pegasus Mail, or any other MIME-compliant system,
> you should be able to save it or view it from within your mailer.
> If you cannot, please ask your system administrator for assistance.
>
> ---- File information -----------
> File: postgreSQL-backup and restore-table-data-
> makandracards.pdf
> Date: 18 Mar 2021, 16:58
> Size: 285252 bytes.
> Type: Unknown
Dear FRED users!
We are excited to welcome another registry in our "FRED family". The
national domain registry of Bosnia and Herzegovina started using FRED at the
beginning of this year and handled the transition very smoothly.
We would also like to use this opportunity to invite all the other FRED
users who have not yet informed us that they are using FRED to let us know.
It would be great to know about their experience and add another red point
to the map on https://fred.nic.cz/en/.
Kind regards,
Zdenek Bruna.
--
Zdeněk Brůna
technický ředitel / Chief Technical Officer
-------------------------------------------
CZ.NIC, z.s.p.o. -- .cz domain registry
Milešovská 5, 130 00 Praha 3, Czech Republic
mailto:zdenek.bruna@nic.cz https://nic.cz/
-------------------------------------------
Hello,
One of our treasured old machines needs TLS version upgraded particularly to avoid SMTP
handshake failures that have started to crop up.
This machine also runs FRED registry operations that we use for many activities like training,
whois, invoicing, etc.
I would hence really like to find out in advance if upgrading TLS version will break FRED.
Will upgrading openssl break FRED ?
Regards,
Paulos
=============================
Dr Paulos B Nyirenda
NIC.MW & .mw ccTLD
http://www.nic.mw
SDNP: http://www.sdnp.org.mw
Tel: +265-(0)-882 089 166
Cell: +265-(0)-888-824787
WhatsApp: +265-(0)-887386433
--
This email has been checked for viruses by AVG.
https://www.avg.com
